SC.L2-3.13.3—Role Separation
Level 2
800-171: 3.13.3
>Control Description
Separate user functionality from system management functionality.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy for separating user and management functions?
- •How do you implement separation between user interfaces and management interfaces?
- •What is your process for reviewing separation of functionality in new systems?
- •Who approves system architectures to ensure proper separation?
Technical Implementation:
- •What technologies separate user and admin interfaces?
- •What network segmentation isolates management networks?
- •What VLANs or separate networks host management interfaces?
- •What access controls restrict management interface access?
- •What separate authentication governs management access?
Evidence & Documentation:
- •What network diagrams show boundary protection architecture?
- •What firewall rule sets and configurations can you provide?
- •What encryption implementation documentation shows FIPS-validated crypto?
- •What key management procedures can you provide?
- •What network segmentation documentation shows proper separation?
- •What evidence shows cryptographic mechanisms protect CUI?
- •What configuration documentation shows security controls are properly implemented?
Ask AI
Configure your API key to use AI features.