AC.L2-3.1.4 Separation of Duties

The following provides a sample mapping between the Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2 and AWS managed Config rules. Each Config rule applies to a specific AWS resource, and relates to one or more CMMC 2.0 Level 2 controls. A CMMC 2.0 Level 2 control can be related to multiple Config rules.

This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2.

This article from ISACA provides an overview of the implementation of SoD based on practical experiences.

Offers actionable guidance on how to map Access Control CMMC Requirements to specific configurations in Microsoft Entra ID (Formerly Azure AD).

This publication from NIST provides an overview of the AC-5 Separation of Duties Control.

This article from Pathlock provides an overview of SoD and its impacts across an organization.

This post provides information as well as a downloadable worksheet that organizations can use to plan and demonstrate separation of duties.

This video discuss how the separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion.

This video breaks down how to separate duties to prevent fraud, security risks, and compliance failures