Evidence – AC.L2-3.1.7
Prevent Non-Privileged Users from Executing Privileged Functions
Control Overview
This document describes the evidence used to demonstrate implementation of AC.L2-3.1.7, which requires non-privileged users to be prevented from executing privileged functions.
This evidence supports the control response documented in the System Security Plan (SSP).
Evidence Objectives
Evidence for this control demonstrates that:
- Privileged functions are restricted to authorized roles or accounts
- Non-privileged users cannot perform administrative actions
- System configurations enforce privilege boundaries
Evidence Artifacts
1. Privileged Role Assignments
Evidence demonstrating restriction of privileged functions may include:
- Listings of administrative or privileged roles
- Mapping of privileged roles to authorized users
- Confirmation that standard users are not assigned privileged roles
Examples of acceptable sources:
- Microsoft Entra ID role assignments
- Google Workspace Admin role assignments
2. Enforcement of Privileged Actions
Evidence demonstrating enforcement may include:
- System configuration showing restricted access to administrative interfaces
- Verification that privileged actions require administrative roles
Evidence Retention
Evidence supporting this control is retained in accordance with organizational policy and contractual requirements and is available for review during assessment.
Notes
This document identifies example evidence artifacts only. Organizations may use different tools or platforms provided the same objectives are met and evidence is available.