home || catalog: SP800-53rev3 / class: Technical / family: (AC) Access Control ||
search controls:
search nistpubs:

AC

AC-01
AC-02
AC-03
AC-04
AC-05 *
AC-06
AC-07
AC-08
AC-09
AC-10
AC-11
AC-12
AC-13
AC-14
AC-15
AC-16
AC-17
AC-18
AC-19
AC-20
AC-21
AC-22

AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA
SC
SI
MMMMM

  AC-05: Separation of Duties  

base control objective:
The organization:
a. Separates duties of individuals as necessary, to prevent malevolent activity without collusion;
b. Documents separation of duties; and
c. Implements separation of duties through assigned information system access authorizations.

supplemental objective information:
Examples of separation of duties include:
(i) mission functions and distinct information system support functions are divided among different individuals/roles;
(ii) different individuals perform information system support functions (e.g., system management, systems programming, configuration management, quality assurance and testing, and network security);
(iii) security personnel who administer access control functions do not administer audit functions; and
(iv) different administrator accounts for different roles. Access authorizations defined in this control are implemented by control AC-03.

enhancements to the base objective:

(1) None.

mapping to FIPS199 baseline:

  LOW: null     MOD: base     HIGH: base  

related (regimented) controls:

AC-03   Access Enforcement

documents referenced in SP800-53rev3 for AC-05:

Document Date Status Title
NIST SP800-66 October, 2008 current   An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
NIST SP800-98 September, 2006 DRAFT   Guidelines for Securing Radio Frequency Identification (RFID) Systems

Search SP800-53rev3 catalog: