800-53|AC-5

Title

SEPARATION OF DUTIES

Description

The organization:

Supplemental

Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes, for example: (i) dividing mission functions and information system support functions among different individuals and/or roles; (ii) conducting information system support functions with different individuals (e.g., system management, programming, configuration management, quality assurance and testing, and network security); and (iii) ensuring security personnel administering access control functions do not also administer audit functions.

Reference Item Details

Related: AC-3,AC-6,PE-3,PE-4,PS-2

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2.3 Ensure noexec option set on /tmp partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.2.3 Ensure noexec option set on /tmp partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.2.4 Ensure nosuid option set on /tmp partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.2.4 Ensure nosuid option set on /tmp partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.3.1 Ensure separate partition exists for /varUnixCIS AlmaLinux OS 8 Server L2 v2.0.0
1.1.3.1 Ensure separate partition exists for /varUnixCIS AlmaLinux OS 8 Workstation L2 v2.0.0
1.1.3.2 Ensure nodev option set on /var partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.3.2 Ensure nodev option set on /var partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.3.3 Ensure noexec option set on /var partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.3.3 Ensure noexec option set on /var partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.3.4 Ensure nosuid option set on /var partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.3.4 Ensure nosuid option set on /var partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.4.1 Ensure separate partition exists for /var/tmpUnixCIS AlmaLinux OS 8 Server L2 v2.0.0
1.1.4.1 Ensure separate partition exists for /var/tmpUnixCIS AlmaLinux OS 8 Workstation L2 v2.0.0
1.1.4.2 Ensure noexec option set on /var/tmp partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.4.2 Ensure noexec option set on /var/tmp partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.4.3 Ensure nosuid option set on /var/tmp partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.4.3 Ensure nosuid option set on /var/tmp partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.4.4 Ensure nodev option set on /var/tmp partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.4.4 Ensure nodev option set on /var/tmp partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.5.2 Ensure nodev option set on /var/log partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.5.2 Ensure nodev option set on /var/log partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.5.3 Ensure noexec option set on /var/log partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.5.3 Ensure noexec option set on /var/log partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.5.4 Ensure nosuid option set on /var/log partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.5.4 Ensure nosuid option set on /var/log partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.6.2 Ensure noexec option set on /var/log/audit partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.6.2 Ensure noexec option set on /var/log/audit partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.6.3 Ensure nodev option set on /var/log/audit partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.6.3 Ensure nodev option set on /var/log/audit partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.6.4 Ensure nosuid option set on /var/log/audit partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.6.4 Ensure nosuid option set on /var/log/audit partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.7.1 Ensure separate partition exists for /homeUnixCIS AlmaLinux OS 8 Server L2 v2.0.0
1.1.7.1 Ensure separate partition exists for /homeUnixCIS AlmaLinux OS 8 Workstation L2 v2.0.0
1.1.7.2 Ensure nodev option set on /home partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.7.2 Ensure nodev option set on /home partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.7.3 Ensure nosuid option set on /home partitionUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.7.3 Ensure nosuid option set on /home partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.7.4 Ensure usrquota option set on /home partition - findmntUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.7.4 Ensure usrquota option set on /home partition - findmntUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.7.4 Ensure usrquota option set on /home partition - quotaonUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.7.4 Ensure usrquota option set on /home partition - quotaonUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.7.5 Ensure grpquota option set on /home partition - findmntUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.7.5 Ensure grpquota option set on /home partition - findmntUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.7.5 Ensure grpquota option set on /home partition - quotaonUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.7.5 Ensure grpquota option set on /home partition - quotaonUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.8.1 Ensure nodev option set on /dev/shm partitionUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.12 Ensure that only organizationally managed/approved public groups existmicrosoft_azureCIS Microsoft 365 Foundations E3 L2 v1.4.0
1.1.13 Ensure that collaboration invitations are sent to allowed domains onlymicrosoft_azureCIS Microsoft 365 Foundations E3 L2 v1.4.0
1.02 Windows Oracle Local Account - 'Use Restricted Service Account (RSA)'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 1