AC-2(3) Account Management | Disable Accounts | Access Controls (AC) | Cybersecurity Controls Standards Catalog | Office of Information Security | Information Technology

Information Technology
Office of Information Security
Cybersecurity Controls Standards Catalog
Access Controls (AC)
AC-2(3) Account Management | Disable Accounts

Description

Disabling expired, inactive, or otherwise anomalous accounts supports the concepts of least privilege and least functionality which reduce the attack surface of the system.

Applicability

The information resource owner, or designee, is responsible for ensuring that the risk mitigation measures described in this Control are implemented.

The intended audience for this Control includes, but is not limited to, all information resources owners and custodians.

Implementation

TAMU-CC shall disable accounts within 24 hours when the accounts:

Have expired;
Are no longer associated with a user or individual;
Are in violation of organizational policy; or
Have been inactive for 180 days.

Revision History

Last Updated: February 21, 2025

Previous Versions:

June 29, 2023
May 31, 2022
March 25, 2021
September 16, 2019

See All News

Black History Month
- 02.27
Read More
Islander Homecoming 2025
- 02.27
Read More

See All Events

AC-2(3) Account Management | Disable Accounts

Description

Applicability

Implementation

Revision History

Chief Information Security and Privacy Officer

News

News

Events

Events