controlAC-5

Separation of Duties (AC-5)

Identify and document [organization-defined] ; and Define system access authorizations to support separation of duties.

Security Baselines

MODERATEHIGHLOW

access-controlauthorizationleast-privilege

Why These Connect

Baselined In2

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports20

These related controls work together — a change to one may affect the others.

Mitigates3

This control helps defend against or reduce the risk of the linked threat technique.

Related Controls(17)

AC-2Account Management (AC-2)

LMH

AC-3Access Enforcement (AC-3)

LMH

AC-6Least Privilege (AC-6)

AU-9Protection of Audit Information (AU-9)

LMH

CM-5Access Restrictions for Change (CM-5)

LMH

CM-11User-installed Software (CM-11)

LMH

CP-9System Backup (CP-9)

LMH

IA-2Identification and Authentication (Organizational Users) (IA-2)

LMH

IA-4Identifier Management (IA-4)

LMH

IA-5Authenticator Management (IA-5)

LMH

IA-12Identity Proofing (IA-12)

MA-3Maintenance Tools (MA-3)

MA-5Maintenance Personnel (MA-5)

LMH

PS-2Position Risk Designation (PS-2)

LMH

SA-8Security and Privacy Engineering Principles (SA-8)

LMH

SA-17Developer Security and Privacy Architecture and Design (SA-17)

AU-6Audit Record Review, Analysis, and Reporting (AU-6)

LMH

Threat Coverage(3 ATT&CK techniques)

T1078Valid Accounts T1548Abuse Elevation Control Mechanism T1003OS Credential Dumping