NIST SP 800-171 & CMMC 2.0 3.1.7 Requirement:
Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.
NIST SP 800-171 & CMMC 2.0 3.1.7 Requirement Explanation:
By limiting privileged functions such as being able to change system settings, modify logs, and install software you reduce cyber risk. By capturing logs on the execution of privileged functions you can identify policy violations and malicious activity.
Example NIST SP 800-171 & CMMC 2.0 3.1.7 Implementation:
Only employees responsible for administering, securing, and auditing your systems should have privileged accounts. All other employees should be given non-privileged accounts. Configure your systems to collect logs on the execution of privileged functions such as changes to system settings and the installation of software.
NIST SP 800-171 & CMMC 2.0 3.1.7 Scenario(s):
- Scenario 1:
Most of your employees only need to use email and Microsoft office software to complete their assigned duties. They are not responsible for performing any system administration or security tasks. As a result, you revoke local admin rights from their work computer and revoke any administrative privileges assigned to their active directory and or Microsoft 365 accounts.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.