AC-1 Access Control Policy and Procedures

Description

Access controls are the rules for establishing user identity, administering user accounts, and initiating and monitoring access to information resources.

Applicability

• The intended audience for this Control includes, but is not limited to, information resource owners and custodians.

Implementation

• As specified in Control AC-2, Account Management, the approval process for account access includes a documented policy and procedure for managing access to information resources, defining the rules for establishing user identity, administering user accounts, and establishing and monitoring user access to information resources.