03.14.07 —

What this control requires

Source: NIST SP 800-171 R3 §03.14.07 (official control text).

Why this matters

System maintainers often require elevated privileges that grant broad access to infrastructure, configurations, and sensitive data. When maintenance personnel use these credentials for routine tasks or non-maintenance activities, organizations expose themselves to unnecessary risk from credential theft, insider threats, and accidental misconfiguration. This control enforces separation of duties by ensuring maintenance accounts are used exclusively for their intended purpose—performing system updates, troubleshooting, and infrastructure changes—rather than daily administrative work or accessing business applications. This reduces the attack surface and creates clear audit trails for privileged operations.

What evidence assessors expect

Assessors typically look for: screenshot, configuration export, CSV export, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls