Account Management

Account management is the lifecycle management of user accounts on your systems — from creation through modification to eventual removal. It encompasses establishing accounts for new users, modifying access when roles change, disabling accounts when no longer needed, and removing accounts for terminated employees.

Effective account management requires clear processes for each stage, timely execution (especially for terminations), regular access reviews to identify stale or excessive permissions, and documentation that demonstrates compliance with your policies.

Why It Matters

Account management is a fundamental CMMC requirement. Stale accounts, orphaned accounts from former employees, and accounts with excessive permissions are common findings during assessments. Regular access reviews and prompt termination processing prevent these issues.

Related Resources

CMMC: AC.L1-3.1.1
NIST 800-171: 3.1.1
NIST 800-53: AC-2
NIST 800-53: AC-2(1)
NIST 800-53: AC-2(2)
NIST 800-53: AC-2(8)