{"id":"AC-2","familyId":"AC","title":"Account Management","description":"Define and manage information system accounts including establishing, activating, modifying, reviewing, disabling, and removing accounts.","priority":"P1","baselines":{"low":true,"moderate":true,"high":true},"discussion":"Account management includes the identification of account types, establishing conditions for group and role membership, specifying authorized users, and managing system accounts.","relatedControls":["AC-3","AC-5","AC-6","IA-2","IA-4","IA-5","IA-8"],"enhancements":[{"id":"AC-2(1)","title":"Automated System Account Management","description":"Support the management of system accounts using automated mechanisms.","baselines":{"low":false,"moderate":true,"high":true}},{"id":"AC-2(2)","title":"Automated Temporary and Emergency Account Management","description":"Automatically remove or disable temporary and emergency accounts after a defined time period.","baselines":{"low":false,"moderate":true,"high":true}},{"id":"AC-2(3)","title":"Disable Accounts","description":"Disable accounts when the accounts have not been used for a defined time period.","baselines":{"low":false,"moderate":true,"high":true}},{"id":"AC-2(4)","title":"Automated Audit Actions","description":"Automatically audit account creation, modification, enabling, disabling, and removal actions.","baselines":{"low":false,"moderate":true,"high":true}},{"id":"AC-2(5)","title":"Inactivity Logout","description":"Require users to log out after a defined time period of inactivity or when a specified condition occurs.","baselines":{"low":false,"moderate":false,"high":true}},{"id":"AC-2(13)","title":"Disable Accounts for High-Risk Individuals","description":"Disable accounts of individuals within a defined time period of discovery of significant risk.","baselines":{"low":false,"moderate":true,"high":true}}]}