AC-5: SEPARATION OF DUTIES

TAILORED FOR INDUSTRIAL CONTROL SYSTEMS

• ICS Control Baselines:

• Moderate
• High

• a. Separates [Assignment: organization-defined duties of individuals];
• b. Documents separation of duties of individuals; andSeparates [Assignment: organization-defined duties of individuals];
• c. Defines information system access authorizations to support separation of duties.

SUPPLEMENTAL GUIDANCE

Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes, for example: (i) dividing mission functions and information system support functions among different individuals and/or roles; (ii) conducting information system support functions with different individuals (e.g., system management, programming, configuration management, quality assurance and testing, and network security); and (iii) ensuring security personnel administering access control functions do not also administer audit functions.

ICS SUPPLEMENTAL GUIDANCE

ICS Supplemental Guidance: Physical addresses (e.g., a serial port) may be implicitly or explicitly associated with labels or attributes (e.g., hardware I/O address). Manual methods are typically static. Label or attribute policy mechanisms may be implemented in hardware, firmware, and software that controls or has device access, such as device drivers and communications controllers. Information flow policy may be supported by labeling or coloring physical connectors as an aid to manual hookup. Inspection of message content may enforce information flow policy. For example, a message containing a command to an actuator may not be permitted to flow between the control network and any other network.

CONTROL ENHANCEMENTS

NO CONTROL ENHANCEMENTS

REFERENCES:

• NIST Special Publication 800-82 | GUIDE TO INDUSTRIAL CONTROL SYSTEMS (ICS) SECURITY