AC-05 Separation of Duties

Baselines

Guidance

Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes dividing mission or business functions and support functions among different individuals or roles, conducting system support functions with different individuals, and ensuring that security personnel who administer access control functions do not also administer audit functions. Because separation of duty violations can span systems and application domains, organizations consider the entirety of systems and system components when developing policy on separation of duties. Separation of duties is enforced through the account management activities in AC-2 , access control mechanisms in AC-3 , and identity management activities in IA-2, IA-4 , and IA-12.

Related controls 16

• AC-02 Account Management L M H P
• AC-03 Access Enforcement L M H P
• AC-06 Least Privilege L M H P
• AU-09 Protection of Audit Information L M H P
• CM-05 Access Restrictions for Change L M H P
• CM-11 User-installed Software L M H P
• CP-09 System Backup L M H P
• IA-02 Identification and Authentication (Organizational Users) L M H P
• IA-04 Identifier Management L M H P
• IA-05 Authenticator Management L M H P
• IA-12 Identity Proofing L M H P
• MA-03 Maintenance Tools L M H P
• MA-05 Maintenance Personnel L M H P
• PS-02 Position Risk Designation L M H P
• SA-08 Security and Privacy Engineering Principles L M H P
• SA-17 Developer Security and Privacy Architecture and Design L M H P