The intended audience for this Control includes, but is not limited to, information resource owners and custodians.

As specified in Control AC-2, Account Management, the approval process for account access includes a documented policy and procedure for managing access to information resources, defining the rules for establishing user identity, administering user accounts, and establishing and monitoring user access to information resources.