This is a potential security issue, you are being redirected to https://nvd.nist.gov
Search & Statistics
CVSS V3 Calculator
CVSS V2 Calculator
Checklist (NCP) Repository
SCAP Validated Tools
Security and Privacy Controls for Federal Information Systems and Organizations
Revision 4 Statements
Separates [Assignment: organization-defined duties of individuals];
Documents separation of duties of individuals; and
Defines information system access authorizations to support separation of duties.
Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes, for example: (i) dividing mission functions and information system support functions among different individuals and/or roles; (ii) conducting information system support functions with different individuals (e.g., system management, programming, configuration management, quality assurance and testing, and network security); and (iii) ensuring security personnel administering access control functions do not also administer audit functions.
Related to: AC-3, AC-6, PE-3, PE-4, PS-2