AC-5: Separation of Duties
From NIST's SP800-53:
a. Identify and document [Assignment: organization-defined duties of individuals requiring separation]; and b. Define system access authorizations to support separation of duties.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1021 | Remote Services | Lateral Movement |
| T1136 | Create Account | Persistence |
| T1110.002 | Password Cracking | Credential Access |
| T1134.003 | Make and Impersonate Token | Defense Evasion, Privilege Escalation |
| T1547.004 | Winlogon Helper DLL | Persistence, Privilege Escalation |
| T1574.009 | Path Interception by Unquoted Path | Defense Evasion, Persistence, Privilege Escalation |
| T1003.007 | Proc Filesystem | Credential Access |
| T1552.007 | Container API | Credential Access |
| T1558.001 | Golden Ticket | Credential Access |
| T1218 | System Binary Proxy Execution | Defense Evasion |
| T1550.003 | Pass the Ticket | Defense Evasion, Lateral Movement |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1134 | Access Token Manipulation | Defense Evasion, Privilege Escalation |
| T1543.003 | Windows Service | Persistence, Privilege Escalation |
| T1562 | Impair Defenses | Defense Evasion |
| T1559.001 | Component Object Model | Execution |
| T1098.003 | Additional Cloud Roles | Persistence, Privilege Escalation |
| T1136.003 | Cloud Account | Persistence |
| T1505.002 | Transport Agent | Persistence |
| T1059.008 | Network Device CLI | Execution |
| T1136.002 | Domain Account | Persistence |
| T1003.002 | Security Account Manager | Credential Access |
| T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
| T1110.004 | Credential Stuffing | Credential Access |
| T1003.004 | LSA Secrets | Credential Access |
| T1562.002 | Disable Windows Event Logging | Defense Evasion |
| T1134.002 | Create Process with Token | Defense Evasion, Privilege Escalation |
| T1569.001 | Launchctl | Execution |
| T1489 | Service Stop | Impact |
| T1601 | Modify System Image | Defense Evasion |
| T1552 | Unsecured Credentials | Credential Access |
| T1087.004 | Cloud Account | Discovery |
| T1213.002 | Sharepoint | Collection |
| T1053 | Scheduled Task/Job | Execution, Persistence, Privilege Escalation |
| T1003.008 | /etc/passwd and /etc/shadow | Credential Access |
| T1110.003 | Password Spraying | Credential Access |
| T1056.003 | Web Portal Capture | Collection, Credential Access |
| T1003.006 | DCSync | Credential Access |
| T1505 | Server Software Component | Persistence |
| T1055 | Process Injection | Defense Evasion, Privilege Escalation |
| T1547.013 | XDG Autostart Entries | Persistence, Privilege Escalation |
| T1562.007 | Disable or Modify Cloud Firewall | Defense Evasion |
| T1547.006 | Kernel Modules and Extensions | Persistence, Privilege Escalation |
| T1574.008 | Path Interception by Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1098.001 | Additional Cloud Credentials | Persistence, Privilege Escalation |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
| T1021.006 | Windows Remote Management | Lateral Movement |
| T1053.003 | Cron | Execution, Persistence, Privilege Escalation |
| T1556.001 | Domain Controller Authentication | Credential Access, Defense Evasion, Persistence |
Showing 1 to 50 of 160 entries