>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC-5Separation Of Duties

>Control Description

The enterprise should ensure that an appropriate separation of duties is established for decisions that require the acquisition of both information system and supply chain components. The separation of duties helps to ensure that adequate protections are in place for components entering the enterprise’s supply chain, such as denying developers the privilege to promote code that they wrote from development to production environments. Enterprises should require their prime contractors to implement this control and flow down this requirement to relevant sub-tier contractors. Departments and agencies should refer to Appendix F to implement this guidance in accordance with Executive Order 14028, Improving the Nation’s Cybersecurity

>Cross-Framework Mappings

SCF

TDA-18
Compare
CHG-04.3
Compare
NET-12
Compare
HRS-11
Compare

Ask AI

Configure your API key to use AI features.