AC.3.018 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.

CMMC Practice AC.3.018: Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Non-privileged users should not be given permissions other than those required to do their basic job functions. Privileged users are granted additional permissions. They are employees given authorization to perform certain privileged functions involving the control, monitoring, or administration of the system including security functions. When these special privileged functions are performed, the activity should be captured in an audit log which can be used to identify abuse. Non-privileged employees should not be granted permission to perform any of the functions of a privileged user.