AC-05 Separation Of Duties

Control: The information system enforces separation of duties through assigned access authorizations.

Supplemental Guidance: The organization establishes appropriate divisions of responsibility and separates duties as needed to eliminate conflicts of interest in the responsibilities and duties of individuals. There is access control software on the information system that prevents users from having all of the necessary authority or information access to perform fraudulent activity without collusion. Examples of separation of duties include: (i) mission functions and distinct information system support functions are divided among different individuals/roles; (ii) different individuals perform information system support functions (e.g., system management, systems programming, quality assurance/testing, configuration management, and network security); and (iii) security personnel who administer access control functions do not administer audit functions.

Control Enhancements: (0) None.

Baseline: LOW Not Selected MOD AC-5 HIGH AC-5

Family: Access Control

Class: Technical

ISO 17799 mapping: 10.1.3, 10.6.1, 10.10.1

COBIT 4.1 mapping: PO4.11

PCI-DSS v2 mapping: 7.1.2