3.1.4

  • Requirement

    Separate the duties of individuals to reduce the risk of malevolent activity without collusion.

  • Discussion

    Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes dividing mission functions and system support functions among different individuals or roles; conducting system support functions with different individuals (e.g., configuration management, quality assurance and testing, system management, programming, and network security); and ensuring that security personnel administering access control functions do not also administer audit functions. Because separation of duty violations can span systems and application domains, organizations consider the entirety of organizational systems and system components when developing policy on separation of duties.

More Info

  • Family

    Access Control
  • DoD Scoring Methodology Points

    1
  • Related CMMC ID

  • Related NIST 800-53 ID

    AC-5
  • Reference Documents

    • N/A

NIST 800-171A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!