Reference: CMMC 2.0
Level Introduced: 2
Title: Privileged Functions
Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.
Non-privileged users should not be given permissions other than those required to do their basic job function. Privileged users are granted additional permissions. They are employees given authorization to perform certain privileged functions involving the control, monitoring, or administration of the system including security functions. When these special privileged functions are performed, the activity should be captured in an audit log which can be used to identify abuse. Non-privileged employees should not be granted permission to perform any of the functions of a privileged user.
As a system administrator for your organization you have security controls in place that prevent non-privileged users from performing privileged activities. However, you accidentally gave a standard user elevated system administrator privileges. The organization has implemented an endpoint detection and response solution that provides visibility into the use of privileged activities. This monitoring system logs the use of administrative privileges by an unapproved user allowing you to correct the error.