STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 4 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← All Controls

AC-2

Access ControlRev 3

Account Management

CCI Identifiers (47)

CCI-000007The organization manages information system accounts by identifying account types (i.e., individual, group, system, application, guest/anonymous, and temporary).CCI-000008The organization establishes conditions for group membership.CCI-000009The organization manages information system accounts by identifying authorized users of the information system and specifying access privileges.CCI-000010Require approvals by organization-defined personnel or roles for requests to create accounts.CCI-000011Create, enable, modify, disable, and remove system accounts in accordance with organization-defined procedures.CCI-000012Review accounts for compliance with account management requirements per organization-defined frequency.CCI-000013The organization manages information system accounts by notifying account managers when temporary accounts are no longer required and when information system users are terminated, transferred, or information system usage or need-to-know/need-to-share changes.CCI-000014The organization manages information system accounts by granting access to the system based on a valid access authorization; intended system usage; and other attributes as required by the organization or associated missions/business functions.CCI-000237The organization manages information system accounts by specifically authorizing and monitoring the use of guest/anonymous accounts and temporary accounts.CCI-001354The organization manages information system accounts by deactivating temporary accounts that are no longer required.CCI-001355The organization manages information system accounts by deactivating accounts of terminated or transferred users.CCI-001547Defines the frequency on which it will review information system accounts for compliance with account management requirements.CCI-002110The organization defines the information system account types that support the organizational missions/business functions.CCI-002111The organization identifies and selects the organization-defined information system account types of information system accounts which support organizational missions/business functions.CCI-002112Assign account managers.CCI-002113The organization establishes conditions for role membership.CCI-002114The organization specifies authorized users of the information system for each account.deprecated CCI-002115Specify authorized users of the system.CCI-002116Specify authorized users of the group.CCI-002117Specify authorized users of the role membership.CCI-002118Specify authorized access authorizations (i.e., privileges) for each account.CCI-002119Specify organization-attributes (as required) for each account on the system.CCI-002120Defines the personnel or roles authorized to approve the creation of accounts.CCI-002121Defines the procedures to be employed when creating, enabling, modifying, disabling, and removing information system accounts.CCI-002122Monitor the use of accounts.CCI-002123Notify account managers and organization-defined personnel or roles within an organization-defined time-period when accounts are no longer required.CCI-002124Notify account managers and organization-defined personnel or roles within an organization-defined time-period when users are terminated or transferred.CCI-002125Notify account managers and organization-defined personnel or roles within an organization-defined time-period when system usage or need-to-know changes for an individual.CCI-002126Authorize access to the system based on a valid access authorization.CCI-002127Authorize access to the system based on intended system usage.CCI-002128Authorize access to the system based on organization-defined attributes (as required).CCI-002129Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group.CCI-003612Define and document the types of accounts allowed and specifically prohibited for use within the system.CCI-003613Require organization-defined prerequisites and criteria for group membership.CCI-003614Require organization-defined prerequisites and criteria for role membership.CCI-003615Defines the prerequisites and criteria for group and role membership.CCI-003616Defines the attributes (as required) for each account.CCI-003617Create, enable, modify, disable, and remove system accounts in accordance with organization-defined policy.CCI-003618Create, enable, modify, disable, and remove system accounts in accordance with organization-defined criteria.CCI-003619Create, enable, modify, disable, and remove system accounts in accordance with organization-defined prerequisites.CCI-003620Defines the policy to be employed when creating, enabling, modifying, disabling, and removing information system accounts.CCI-003621Defines the prerequisites to be employed when creating, enabling, modifying, disabling, and removing information system accounts.CCI-003622Defines the criteria to be employed when creating, enabling, modifying, disabling, and removing information system accounts.CCI-003623Defines the personnel or roles of whom to notify when accounts are no longer required; when users are terminated or transferred; and when system usage or need-to-know changes for an individual.CCI-003624Defines the time period of when to notify account managers for each situation.CCI-003625Defines the attributes (as required) for authorizing access to the system.CCI-003626Align account management processes with personnel termination and transfer processes.

Linked STIG Checks (67)

Across 60 STIGs. Click to expand.