Account Management
Description
Define and enforce account management processes including account types, conditions, attributes, and authorization.
⚠️ Risk Impact
Poor account management leads to orphaned and excessive accounts.
🔧 Remediation
Implement automated account lifecycle management. EchelonGraph detects inactive and overprivileged accounts.
💀 Real-World Attack Scenario
A government contractor's terminated employees retained active Active Directory and cloud accounts for an average of 60 days. A former sysadmin used their still-active credentials to access classified project files and shared them with a foreign state actor. The incident resulted in a federal investigation and loss of government contracts.
💰 Cost of Non-Compliance
Federal agencies failing AC-2: loss of ATO (Authority to Operate). Average ATO remediation: $2.4M and 6-12 months. FedRAMP AC-2 non-compliance blocks cloud provider authorization.
📋 Audit Questions
- 1.What is your account lifecycle management process?
- 2.How quickly are terminated user accounts disabled?
- 3.Show evidence of quarterly account reviews.
- 4.How many inactive accounts exist across all systems?
🎯 MITRE ATT&CK Mapping
⚡ Common Pitfalls
- ⛔Automated HR-driven provisioning but manual deprovisioning
- ⛔Service accounts not included in account review processes
- ⛔Not tracking accounts across all systems (cloud, SaaS, on-prem)
📈 Business Value
AC-2 compliance is required for FedRAMP authorization and government contracts. Automated account lifecycle management reduces insider threat risk and demonstrates governance maturity.
⏱️ Effort Estimate
8-16 hours for comprehensive account review
EchelonGraph detects inactive, orphaned, and overprivileged accounts continuously
🔗 Cross-Framework References
Automate NIST 800-53 AC-2 compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →