Separation of roles supports operational security for application as well as human resources. Roles accompanied by elevated privileges, such as that of the E-Mail Administrator, must be carefully regulated and monitored.
All appointments to Information Assurance (IA) roles, such as Designated Approving Authority (DAA), Information Assurance Manager (IAM), and Information Assurance Officer (IAO) must be in writing, and include assigned duties and appointment criteria such as training, clearance and IT designation. The E-mail Administrator role is assigned and controlled by the IAM. The IAM role owns the responsibility to document responsibilities, privileges, training and scope for the E-mail Administrator role. It is with this definition that the IAO is able to monitor assigned resources, ensuring that intended tasks are completed, and that elevated privileges are not used for purposes beyond their intended tasks. |