2 KiB
| implementation-status | control-origination | |||||
|---|---|---|---|---|---|---|
|
|
ac-5 - [catalog] Separation of Duties
Control Statement
-
[a] Identify and document duties of individuals ; and
-
[b] Define system access authorizations to support separation of duties.
Control guidance
Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes dividing mission or business functions and support functions among different individuals or roles, conducting system support functions with different individuals, and ensuring that security personnel who administer access control functions do not also administer audit functions. Because separation of duty violations can span systems and application domains, organizations consider the entirety of systems and system components when developing policy on separation of duties. Separation of duties is enforced through the account management activities in AC-2 , access control mechanisms in AC-3 , and identity management activities in IA-2, IA-4 , and IA-12.
Control assessment-objective
duties of individuals are identified and documented; system access authorizations to support separation of duties are defined.
What is the solution and how is it implemented?
Implementation a.
Add control implementation description here for item ac-5_smt.a
Implementation b.
Add control implementation description here for item ac-5_smt.b