AC.3.017 Separate the duties of individuals to reduce the risk of malevolent activity without collusion.

CMMC Practice AC.3.017: Separate the duties of individuals to reduce the risk of malevolent activity without collusion.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

A company must avoid situations in which conflicts of interest or even lack of knowledge can create security problems. This can be accomplished by splitting important duties and tasks between employees in order to reduce intentional or unintentional execution of malicious activities, when those involved are not colluding. This allows the organization to minimize employees’ fraud, abuse and errors. Summarizing, no one person should be in charge of an entire critical task from beginning to end.