AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute.

CMMC Practice AC.1.002: Limit information system access to the types of transactions and functions that authorized users are permitted to execute.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)
Make sure to limit users/employees to only the information systems, roles, or applications they are permitted to use and that are needed for their jobs.