STIGViewer Trial workspace — loading your subscription…

NIST 800-53 Rev 5

424 controls available

SC-2moderatehigh

Separation of System and User Functionality

System and Communications Protection

Control Statement

Separate user functionality, including user interface services, from system management functionality.

Discussion

System management functionality includes functions that are necessary to administer databases, network components, workstations, or servers. These functions typically require privileged user access. The separation of user functions from system management functions is physical or logical. Organizations may separate system management functions from user functions by using different computers, instances of operating systems, central processing units, or network addresses; by employing virtualization techniques; or some combination of these or other methods. Separation of system management functions from user functions includes web administrative interfaces that employ separate authentication methods for users of any other system resources. Separation of system and user functions may include isolating administrative interfaces on different domains and with additional access controls. The separation of system and user functionality can be achieved by applying the systems security engineering design principles in [SA-8](#sa-8) , including [SA-8(1)](#sa-8.1), [SA-8(3)](#sa-8.3), [SA-8(4)](#sa-8.4), [SA-8(10)](#sa-8.10), [SA-8(12)](#sa-8.12), [SA-8(13)](#sa-8.13), [SA-8(14)](#sa-8.14) , and [SA-8(18)](#sa-8.18).

Framework
NIST SP 800-53 Rev 5
Family
System and Communications Protection
Baselines
moderate, high

Related Frameworks

2 paths across 2 frameworks
NIST 800-1711 mapping
3.13.3
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-001082
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent

Related STIGs

60 STIGs reach this control through 3 CCIs. Expand a row to see the responsible NICE and O*NET roles.

Operating System — Desktop

1 STIG

Operating System — Server

6 STIGs

Operating System — Mainframe

3 STIGs
Mainframe Product Security Requirements Guide
V3R42025-09-101 of 194 findings match

Network Device

1 STIG
SDN Controller Security Requirements Guide
22024-05-281 of 34 findings match

Database

14 STIGs
Database Security Requirements Guide
V4R52026-02-261 of 142 findings match
Show 6 more STIGs in this category →

Web / Application Server

16 STIGs
Web Server Security Requirements Guide
V4R42025-09-103 of 126 findings match
Show 8 more STIGs in this category →
Application Server Security Requirements Guide
V4R42025-09-101 of 137 findings match

Virtualization / Container

15 STIGs
Container Platform Security Requirements Guide
V2R42025-09-101 of 188 findings match
Kubernetes Security Technical Implementation Guide
V2R62026-02-121 of 92 findings match
Virtual Machine Manager Security Requirements Guide
V2R32025-09-101 of 198 findings match
Show 7 more STIGs in this category →

Endpoint Security Management

3 STIGs

Uncategorized

1 STIG