AC-5: Separation Of Duties
Generated
2019-04-12 13:01:48.067729
Status
Skipped
Statements
The organization:
| Code | Description |
|---|---|
| AC-5a. | Separates [Assignment: organization-defined duties of individuals]; |
| AC-5b. | Documents separation of duties of individuals; and |
| AC-5c. | Defines information system access authorizations to support separation of duties. |
Additional Guidance
Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes, for example: (i) dividing mission functions and information system support functions among different individuals and/or roles; (ii) conducting information system support functions with different individuals (e.g., system management, programming, configuration management, quality assurance and testing, and network security); and (iii) ensuring security personnel administering access control functions do not also administer audit functions.