SC-2(1): Interfaces For Non-Privileged Users

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The information system prevents the presentation of information system management-related functionality at an interface for non-privileged users.

Supplemental Guidance

This control enhancement ensures that administration options (e.g., administrator privileges) are not available to general users (including prohibiting the use of the grey-out option commonly used to eliminate accessibility to such information). Such restrictions include, for example, not presenting administration options until users establish sessions with administrator privileges.