AC-5: Separation Of Duties
|AC-5a.||Separates [Assignment: organization-defined duties of individuals];|
|AC-5b.||Documents separation of duties of individuals; and|
|AC-5c.||Defines information system access authorizations to support separation of duties.|
Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes, for example: (i) dividing mission functions and information system support functions among different individuals and/or roles; (ii) conducting information system support functions with different individuals (e.g., system management, programming, configuration management, quality assurance and testing, and network security); and (iii) ensuring security personnel administering access control functions do not also administer audit functions.