• Requirement

    1. Monitor system accounts for [Assignment: organization-defined atypical usage]; and
    2. Report atypical usage of system accounts to [Assignment: organization-defined personnel or roles].
  • Discussion

    Atypical usage includes accessing systems at certain times of the day or from locations that are not consistent with the normal usage patterns of individuals. Monitoring for atypical usage may reveal rogue behavior by individuals or an attack in progress. Account monitoring may inadvertently create privacy risks since data collected to identify atypical usage may reveal previously unknown information about the behavior of individuals. Organizations assess and document privacy risks from monitoring accounts for atypical usage in their privacy impact assessment and make determinations that are in alignment with their privacy program plan.

More Info

  • Title

    Account Management | Account Monitoring for Atypical Usage
  • Family

    Access Control
  • NIST 800-53B Baseline(s)

    • High
  • Related NIST 800-53 ID


NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!