IAM-05: Segregation of Duties

Control Family:

Identity & Access Management

CSF v1.1 References:

PR.AC-4

PF v1.0 References:

PR.AC-P4

Threats Addressed:

Elevation of Privilege

Control Statement

User access policies and procedures shall be established, and supporting business processes and technical measures implemented, for restricting user access as per defined segregation of duties to address business risks associated with a user-role conflict of interest.

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4