03.01.01 - Account Management

The ac_l_01 entry defines the Account Management requirement in the Access Control family of NIST SP 800-171 Rev. 3. It requires organizations to establish, administer, and monitor system accounts so that only authorized individuals have access to Controlled Unclassified Information, and to regularly review, disable, or remove accounts that are no longer needed or that present a security risk.