NIST 800-53 Rev 5

424 controls available

AC-06(07)moderatehigh

Review of User Privileges

Access Control

Control Statement

Review {{ insert: param, ac-06.07_odp.01 }} the privileges assigned to {{ insert: param, ac-06.07_odp.02 }} to validate the need for such privileges; and Reassign or remove privileges, if necessary, to correctly reflect organizational mission and business needs.

Discussion

The need for certain assigned user privileges may change over time to reflect changes in organizational mission and business functions, environments of operation, technologies, or threats. A periodic review of assigned user privileges is necessary to determine if the rationale for assigning such privileges remains valid. If the need cannot be revalidated, organizations take appropriate corrective actions.

Framework
NIST SP 800-53 Rev 5
Family
Access Control
Baselines
moderate, high