Framework: NIST 800-53 Audio Course

Account Management, designated as control AC dash two in NIST 800-53, governs the creation, use, modification, and termination of system accounts. For exam readiness, candidates should understand that this control ensures each account has a defined owner, authorized purpose, and approval chain. It requires periodic reviews to confirm that active accounts remain necessary and aligned with current roles. Account management underpins access control integrity—every permission begins with a well-governed account. The control’s scope covers user, administrator, service, and guest accounts across on-premises and cloud systems, emphasizing least privilege and accountability from provisioning to deactivation.

Operationally, account lifecycle management integrates with identity and access management platforms that automate provisioning and deprovisioning through workflows linked to human resource systems. Access requests trigger approval steps, while periodic recertifications validate ongoing need. Audit logs record account actions, and dormant accounts are flagged for review. Metrics such as time to disable inactive accounts, percentage of accounts with verified ownership, and exception counts measure control effectiveness. Common pitfalls include shared credentials, incomplete reviews, and lack of linkage between employment changes and access updates. By enforcing disciplined account governance, organizations close a frequent gateway to compromise while demonstrating compliance with foundational access control requirements. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.