This control requires your organization to logically or physically separate standard user activities from administrative or system management functions—especially on systems that store, process, or transmit Controlled Unclassified Information (CUI). The goal is to reduce the risk of unauthorized system-level access and enforce the principle of least privilege.