Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
AC-5 SEPARATION OF DUTIES
Overview
| Number | Title | Impact | Priority | Subject Area |
|---|---|---|---|---|
| AC-5 | Separation Of Duties | MODERATE | P1 | Access Control |
| Instructions |
|---|
| The organization: AC-5a. Separates Assignment: organization-defined duties of individuals; AC-5b. Documents separation of duties of individuals; and AC-5c. Defines information system access authorizations to support separation of duties. |
| Guidance |
|---|
| Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes, for example: (i) dividing mission functions and information system support functions among different individuals and/or roles; (ii) conducting information system support functions with different individuals (e.g., system management, programming, configuration management, quality assurance and testing, and network security); and (iii) ensuring security personnel administering access control functions do not also administer audit functions. |
| Enhancements |
|---|