SC-2(1): Interfaces for Non-privileged Users

Threats Addressed:

Baselines:

(Not part of any baseline)

Previous Version:

Control Statement

Prevent the presentation of system management functionality at interfaces to non-privileged users.

Supplemental Guidance

Preventing the presentation of system management functionality at interfaces to non-privileged users ensures that system administration options, including administrator privileges, are not available to the general user population. Restricting user access also prohibits the use of the grey-out option commonly used to eliminate accessibility to such information. One potential solution is to withhold system administration options until users establish sessions with administrator privileges.