AC.2.008 Use non-privileged accounts or roles when accessing nonsecurity functions.

CMMC Practice AC.2.008: Use non-privileged accounts or roles when accessing nonsecurity functions.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)
A user with a privileged account can perform more tasks and access more information than a person with a non-privileged account. This means that tasks performed when using the privileged account can have a greater impact on the system. You restrict administrator use of privileged accounts. Only those who perform a function that requires more access have a privileged account. This reduces the risk of unintentional harm to systems and data.