CMMC 1.0 Practice SC.3.181 Requirement:

Separate user functionality from system management functionality.

CMMC 1.0 SC.3.181 Requirement Explanation:

This requirement has two primary objectives. The first is to prevent employees who don't have system administration responsibilities from having admin rights. The second is requiring admins to use their admin accounts when performing system admin functions. Admins are to have a regular user account and admin account.

Example CMMC 1.0 SC.3.181 Implementation:

Review which users have administrative privileges. Determine if those users require administrative privileges. If they don't, revoke their administrative privileges. For the users that do require administrative privileges, create them an unprivileged user account and an admin account. Document a policy requiring this. Only allow their admin accounts to carry out system management functions. This can be accomplished using user security groups. Only allow system administrators to access systems and servers that deal with your IT infrastructure. Examples include limiting access to active directory servers and limiting access to the admin interfaces of network devices.

CMMC 1.0 SC.3.181 Scenario(s):

- Scenario 1:

A system admin wants to log onto the active directory server to make some changes. They attempt to log in with their unprivileged user account but are unable to log in. They then try logging in with their admin account and are allowed in. As a result user functionality was separated from system management functionality.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.