Navigate

CCI-000036

CCI-000036 Definition

The organization separates organization-defined duties of individuals.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements processes to maintain separation of the duties defined in AC-5, CCI 2219 across different individuals within the organization.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented processes to ensure the organization being inspected/assessed maintains separation of the duties defined in AC-5, CCI 2219 across different individuals within the organization.

Compelling Evidence

1.) Signed and dated access control policy 2.) Job description documentation 3.) Signed and dated documentation that lists the processes to ensure the organization maintains separation of duties.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000036.

Control	Description
AC-5	The organization: AC-5a.: Separates [Assignment: organization-defined duties of individuals]; AC-5b.: Documents separation of duties of individuals; and AC-5c.: Defines information system access authorizations to support separation of duties.