SC-2(1)—Interfaces For Non-Privileged Users
>Control Description
Prevent the presentation of system management functionality at interfaces to non-privileged users.
>Cross-Framework Mappings
>Supplemental Guidance
Preventing the presentation of system management functionality at interfaces to non-privileged users ensures that system administration options, including administrator privileges, are not available to the general user population. Restricting user access also prohibits the use of the grey-out option commonly used to eliminate accessibility to such information. One potential solution is to withhold system administration options until users establish sessions with administrator privileges.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of interfaces for non-privileged users?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-2(1)?
Technical Implementation:
- •How is interfaces for non-privileged users technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that interfaces for non-privileged users remains effective as the system evolves?
- •How are session timeouts and termination controls configured?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-2(1)?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
- •Can you show session management configuration settings?
Ask AI
Configure your API key to use AI features.