• Requirement

    1. Establish and administer privileged user accounts in accordance with [Selection: a role-based access scheme; an attribute-based access scheme];
    2. Monitor privileged role or attribute assignments;
    3. Monitor changes to roles or attributes; and
    4. Revoke access when privileged role or attribute assignments are no longer appropriate.
  • Discussion

    Privileged roles are organization-defined roles assigned to individuals that allow those individuals to perform certain security-relevant functions that ordinary users are not authorized to perform. Privileged roles include key management, account management, database administration, system and network administration, and web administration. A role-based access scheme organizes permitted system access and privileges into roles. In contrast, an attribute-based access scheme specifies allowed system access and privileges based on attributes.

More Info

  • Title

    Account Management | Privileged User Accounts
  • Family

    Access Control
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!