AC-02 (02) Account Management - Removal Of Temporary / Emergency Accounts
Last modified: July 10, 2026
Introduction
This document describes how Private Mendix Platform fulfills the AC-02 (02) control.
| Control ID | AC-02 (02) |
|---|---|
| Control category | AC - Access Control |
| Requirement baseline | FEDRAMP MODERATE |
| Responsibility and ownership | Customer - Org |
Control
The information system automatically removes or; disables temporary and emergency accounts after an: organization-defined time period for each type of account.
Supplemental Guidance
This control enhancement requires the removal of both temporary and emergency accounts automatically after a predefined period of time has elapsed, rather than at the convenience of the systems administrator.
Responsibility
Customer Responsibility
Private Mendix Platform does not provision temporary or emergency accounts outside of normal pre-provisioning and login (SSO) mechanisms.
Guidance
Customer Responsibility
To effectively manage temporary and emergency accounts, organizations should:
- Define specific time limits for each type of account based on operational needs and security requirements.
- Configure the information system to automatically disable or remove these accounts once the defined period expires.
- Regularly review account activity and ensure that no temporary or emergency account remains active beyond its authorized timeframe.
- Document the procedures for account creation, monitoring, and removal to ensure compliance and accountability.