Reference: CMMC 2.0
Family: AC
Level Introduced: 2
Title: Privileged Functions
Practice:
Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.
CMMC Clarification:
Non-privileged users should not be given permissions other than those required to do their basic job function. Privileged users are granted additional permissions. They are employees given authorization to perform certain privileged functions involving the control, monitoring, or administration of the system including security functions. When these special privileged functions are performed, the activity should be captured in an audit log which can be used to identify abuse. Non-privileged employees should not be granted permission to perform any of the functions of a privileged user.
Example
As a system administrator for your organization you have security controls in place that prevent non-privileged users from performing privileged activities. However, you accidentally gave a standard user elevated system administrator privileges. The organization has implemented an endpoint detection and response solution that provides visibility into the use of privileged activities. This monitoring system logs the use of administrative privileges by an unapproved user allowing you to correct the error.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (2)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.