Request a Demo
Request a Demo
  • Home
  • AC.L2-3.1.4[c]: Make Separation of Duties Part of Your Everyday Access Procedures

AC.L2-3.1.4[c]: Make Separation of Duties Part of Your Everyday Access Procedures

Mapped to NIST 800-171 Requirement: 3.1.4
CMMC Assessment Objective: AC.L2-3.1.4[c]

What This Objective Means
AC.L2-3.1.4[c] is the procedural proof of separation of duties. It ensures that your team doesn’t just talk about SoD in policy—but actually applies it when:
• Creating or modifying user accounts
• Assigning permissions or roles
• Reviewing access rights
• Managing role conflicts during organizational changes
The assessor will look for the step-by-step procedures that operationalize SoD in your IT and HR workflows.

Why It Matters
Even with a strong policy, lack of enforcement at the procedural level can lead to:
• Staff accumulating conflicting privileges over time
• Users assigning roles to themselves without oversight
• Failure to remove or segregate access after role changes
This objective ensures that SoD is actively enforced and traceable.

How to Implement It
• Create access control procedures that include:
◦ A list of conflicting roles that must not be assigned together
◦ A step for checking SoD rules during provisioning
◦ Documentation requirements for exceptions or overrides
• Automate parts of the process using IAM or ticketing tools to prevent conflicts
• Train help desk or IT staff to enforce SoD checks during account changes
• Tie SoD enforcement to your onboarding and role change processes

Evidence the Assessor Will Look For
• Access control procedures or SOPs that explicitly address SoD
• Role assignment workflows that check for and block conflicting access
• Ticketing system records showing SoD verification steps
• Screenshots or audit logs showing roles granted with SoD rules applied

Common Gaps
• Procedures exist but don’t mention SoD
• Role assignment is done informally, without checks
• Technical systems allow conflicting roles to be assigned by mistake

How Cuick Trac Helps
Cuick Trac helps enforce SoD at the procedural level by:
• Embedding SoD logic into role-based access provisioning
• Automatically preventing the assignment of conflicting permissions
• Logging every access change with SoD context
• Providing SOP templates and guidance for SoD enforcement and documentation
With Cuick Trac, separation of duties is a process—not a possibility.

Final CTA
Good security procedures turn good policies into real-world protection.
Schedule a Cuick Trac demo and see how our platform enforces separation of duties with every access decision.

AC.L2-3.1.22[c]: Verify System Use Messages Are Displayed Before Login

AC.L2-3.1.22[d]: Confirm That Login Banner Content Meets Compliance Requirements

🍪 We Use Cookies

To enhance your experience and analyze site usage, we use cookies. By continuing to use our site, you agree to our use of cookies in accordance with our Privacy Policy.

Accept