CMMC Practice AC.L2-3.1.6

Use non-privileged accounts or roles when accessing non-security functions.

Monarch ISC Guidance

You must create separate accounts that is a normal user, and a named administrator account, for performing administrative tasks. That way, if you inadvertently click on a malicious link or attachment while browsing the internet or checking your email, the malware does not execute using administrative privileges on the network! Additionally, as an administrator you often have the ability to view applications and documents you would not have access to as a normal user. Having separate accounts prevents you from accidentally accessing a document or folder for which you are not authorized.
Security Catapult

Be prepared for CMMC

Our Q&A assessment tool is designed by security advisors for MSPs and DoD contractors of all sizes.

Try now for free

Understand your gaps
Security Catapult

Understand your gaps

See compliance gaps, compliance scores and proactive security tasks in a single interface.

Try now for free

Validate NIST SP 800-171
Security Catapult

Validate NIST SP 800-171

Based on your CMMC answers, we let you know where you stand on NIST.

Try now for free

Build a plan of action
Security Catapult

Build a plan of action

Track your burn down and stay on top of security needs.

Try now for free

Build your policy
Security Catapult

Build your policy

Say goodbye to maintaining a security policy. We do it for you.

Try now for free

Discussion From Source

DRAFT NIST SP 800-171 R2 This requirement limits exposure when operating from within privileged accounts or roles. The inclusion of roles addresses situations where organizations implement access control policies such as role-based access control and where a change of role provides the same degree of assurance in the change of access authorizations for the user and all processes acting on behalf of the user as would be provided by a change between a privileged and non-privileged account.

References