800-53|AC-5c.

Title

SEPARATION OF DUTIES

Description

Defines information system access authorizations to support separation of duties.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
SHPT-00-000190 - SharePoint must enforce organizational requirements to implement separation of duties through assigned information access authorizations.	Windows	DISA STIG SharePoint 2010 v1r9
SHPT-00-000199 - SharePoint service accounts must be configured for separation of duties.	Windows	DISA STIG SharePoint 2010 v1r9
SQL2-00-008800 - SQL Server must enforce separation of duties through assigned information access authorizations - 'server permissions'	MS_SQLDB	DISA STIG SQL Server 2012 DB Instance Security v1r20
SQL2-00-008800 - SQL Server must enforce separation of duties through assigned information access authorizations - 'user defined roles'	MS_SQLDB	DISA STIG SQL Server 2012 DB Instance Security v1r20
SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Full-text Filter Daemon Launcher'	Windows	DISA STIG SQL Server 2012 Database OS Audit v1r20
SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Agent'	Windows	DISA STIG SQL Server 2012 Database OS Audit v1r20
SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Analysis Services'	Windows	DISA STIG SQL Server 2012 Database OS Audit v1r20
SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Browser'	Windows	DISA STIG SQL Server 2012 Database OS Audit v1r20
SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Distributed Replay Client'	Windows	DISA STIG SQL Server 2012 Database OS Audit v1r20
SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Distributed Replay Controller'	Windows	DISA STIG SQL Server 2012 Database OS Audit v1r20
SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Integration Services 11.0'	Windows	DISA STIG SQL Server 2012 Database OS Audit v1r20
SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Reporting Services'	Windows	DISA STIG SQL Server 2012 Database OS Audit v1r20
SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server VSS Writer'	Windows	DISA STIG SQL Server 2012 Database OS Audit v1r20
SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server'	Windows	DISA STIG SQL Server 2012 Database OS Audit v1r20
SQL2-00-009000 - SQL Server must restrict access to sensitive information to authorized user roles.	MS_SQLDB	DISA STIG SQL Server 2012 DB Instance Security v1r20
SQL2-00-009100 - A single SQL Server database connection configuration file (or a single set of credentials) must not be used to configure all database clients - or a single set of credentials must not be used to configure all clients.	Windows	DISA STIG SQL Server 2012 Database OS Audit v1r20
SQL2-00-009200 - SQL Server must be protected from unauthorized access by developers.	MS_SQLDB	DISA STIG SQL Server 2012 Database Audit v1r20
SQL2-00-009300 - SQL Server must be protected from unauthorized access by developers on shared production/development host systems.	MS_SQLDB	DISA STIG SQL Server 2012 Database Audit v1r20
SQL2-00-009400 - SQL Server must restrict access to system tables, other configuration information, and metadata to DBAs and other authorized users.	MS_SQLDB	DISA STIG SQL Server 2012 DB Instance Security v1r20
SQL2-00-009500 - Administrative privileges, built-in server roles and built-in database roles must be assigned to the DBMS login accounts that require them via custom roles, and not directly.	MS_SQLDB	DISA STIG SQL Server 2012 Database Audit v1r20

Detections

Analytics

800-53|AC-5c.

Title

Description

Reference Item Details

Audit Items