AC-2(3)

  • Requirement

    Disable accounts within [Assignment: organization-defined time period] when the accounts:

    1. Have expired;
    2. Are no longer associated with a user or individual;
    3. Are in violation of organizational policy; or
    4. Have been inactive for [Assignment: organization-defined time period].
  • Discussion

    Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality which reduce the attack surface of the system.

More Info

  • Title

    Account Management | Disable Accounts
  • Family

    Access Control
  • NIST 800-53B Baseline(s)

    • Moderate
    • High
  • Related NIST 800-53 ID

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!