AC-1 Access Control Policy and Procedures
Description
Access controls are the rules for establishing user identity, administering user accounts, and initiating and monitoring access to information resources.
Applicability
- The intended audience for this Control includes, but is not limited to, information resource owners and custodians.
Implementation
- As specified in Control AC-2, Account Management, the approval process for account access includes a documented policy and procedure for managing access to information resources, defining the rules for establishing user identity, administering user accounts, and establishing and monitoring user access to information resources.