CCI-001082

Separate user functionality, including user interface services, from system management functionality.

Implementation Guidance

Determine if user functionality, including user interface services, is separated from system management functionality.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing application partitioning; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developer]. Test: [SELECT FROM: Separation of user functionality from system management functionality].

The controls below (if any) were marked by NIST as being related to CCI-001082.