Mapped to NIST 800-171 Requirement: 3.1.7
CMMC Assessment Objective: AC.L2-3.1.7[a]
What This Objective Means
This control sets the stage for properly managing privileged access by first identifying which actions in your systems require elevated privileges.
Privileged functions typically include:
• Creating or deleting user accounts
• Installing or removing software
• Changing security or network settings
• Accessing or modifying system configuration files
• Managing encryption keys or system logs
Clearly identifying these actions allows you to enforce access restrictions and monitor their use.
Why It Matters
Without knowing what qualifies as a privileged function:
• You can’t reliably control who can perform sensitive actions
• It becomes difficult to detect abuse or inappropriate use of elevated access
• Compliance and audit documentation lacks clear access governance
This is a foundational step toward enforcing least privilege and separation of duties.
How to Implement It
• Review your system architecture and operational workflows
• List all functions that require elevated rights or could affect system security
• Categorize privileged actions by system or role (e.g., domain admin, database admin)
• Document this list in your SSP, access control procedures, or role matrix
• Review and update the list periodically or when systems change
Evidence the Assessor Will Look For
• A list of privileged functions that is reviewed and maintained by your IT or security team
• Documentation that identifies who can perform each function (e.g., role-to-function mapping)
• References in your SSP or Access Control Policy to the types of privileged actions defined
• Role definitions or permission sets that explicitly tie back to these functions
Common Gaps
• No formal list of privileged functions
• All admin-level access is treated the same, with no breakdown by task or system
• Inability to show how privileged access ties back to specific system capabilities
How Cuick Trac Helps
Cuick Trac supports this requirement by:
• Maintaining a clear, documented set of privileged actions and administrative functions
• Mapping those actions to predefined secure roles
• Preventing privilege escalation by unauthorized users
• Helping generate audit documentation that clearly defines and tracks privileged functions
With Cuick Trac, privileged access starts with clarity and ends in control.
Final CTA
You can’t protect privileged functions if you don’t know what they are.
Schedule a Cuick Trac demo and define, document, and defend your elevated access.