NIST SP 800-171 & CMMC 2.0 3.13.3 Requirement:

Separate user functionality from system management functionality.

NIST SP 800-171 & CMMC 2.0 3.13.3 Requirement Explanation:

This requirement has two primary objectives. The first is to prevent employees who don't have system administration responsibilities from having admin rights. The second is requiring admins to use their admin accounts when performing system admin functions. Admins are to have a regular user account and an admin account.

Example NIST SP 800-171 & CMMC 2.0 3.13.3 Implementation:

Review which users have administrative privileges. Determine if those users require administrative privileges. If they don't, revoke their administrative privileges. For the users that do require administrative privileges, create them an unprivileged user account and an admin account. Document a policy requiring this. Only allow their admin accounts to carry out system management functions. This can be accomplished using user security groups. Only allow system administrators to access systems and servers that deal with your IT infrastructure. Examples include limiting access to active directory servers and limiting access to the admin interfaces of network devices.

NIST SP 800-171 & CMMC 2.0 3.13.3 Scenario(s):

- Scenario 1:

A system admin wants to log onto the active directory server to make some changes. They attempt to log in with their unprivileged user account but are unable to log in. They then try logging in with their admin account and are allowed in. As a result user functionality was separated from system management functionality.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.