NIST 800-53 Rev 5
424 controls available
AC-6(2)moderatehigh
Non-privileged Access for Nonsecurity Functions
Access Control
Control Statement
Require that users of system accounts (or roles) with access to {{ insert: param, ac-06.02_odp }} use non-privileged accounts or roles, when accessing nonsecurity functions.
Discussion
Requiring the use of non-privileged accounts when accessing nonsecurity functions limits exposure when operating from within privileged accounts or roles. The inclusion of roles addresses situations where organizations implement access control policies, such as role-based access control, and where a change of role provides the same degree of assurance in the change of access authorizations for the user and the processes acting on behalf of the user as would be provided by a change between a privileged and non-privileged account.
- Framework
- NIST SP 800-53 Rev 5
- Family
- Access Control
- Baselines
- moderate, high
Related Frameworks
3 paths across 2 frameworks
Related Frameworks
NIST 800-1711 mapping
3.1.6
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI2 mappings
CCI-000039
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-001419
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
Related STIGs
181 STIGs reach this control through 25 CCIs. Expand a row to see the responsible NICE and O*NET roles.
Operating System — Desktop
7 STIGs
Operating System — Desktop
7 STIGsMicrosoft Windows 10 Security Technical Implementation Guide
32025-02-2524 of 261 findings match
H4M20
Microsoft Windows 11 Security Technical Implementation Guide
V2R72026-02-1224 of 262 findings match
H3M21
Microsoft Windows 11 Security Technical Implementation Guide
22025-05-1524 of 258 findings match
H3M21
Apple macOS 14 (Sonoma) Security Technical Implementation Guide
22024-12-041 of 155 findings match
H1
Apple macOS 15 (Sequoia) Security Technical Implementation Guide
V1R72026-02-061 of 160 findings match
H1
Apple macOS 15 (Sequoia) Security Technical Implementation Guide
12025-05-051 of 161 findings match
H1
Apple macOS 26 (Tahoe) Security Technical Implementation Guide
V1R22026-02-111 of 160 findings match
H1
Operating System — Server
40 STIGs
Operating System — Server
40 STIGsMicrosoft Windows Server 2019 Security Technical Implementation Guide
32025-05-2332 of 275 findings match
H10M22
Microsoft Windows Server 2019 Security Technical Implementation Guide
V3R82026-02-1232 of 282 findings match
H10M22
Microsoft Windows Server 2025 Security Technical Implementation Guide
V1R12026-02-2032 of 284 findings match
H10M22
Microsoft Windows Server 2022 Security Technical Implementation Guide
22025-05-1531 of 275 findings match
H9M22
Microsoft Windows Server 2022 Security Technical Implementation Guide
V2R82026-02-1331 of 282 findings match
H9M22
Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide
V1R62026-02-2711 of 439 findings match
H2M9
CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide
12025-05-2211 of 445 findings match
H2M9
Oracle Linux 9 Security Technical Implementation Guide
12025-05-088 of 456 findings match
H2M6
Show 32 more STIGs in this category →Hide additional STIGs
Oracle Linux 9 Security Technical Implementation Guide
V1R52026-02-178 of 448 findings match
H2M6
Red Hat Enterprise Linux 10 Security Technical Implementation Guide
V1R12026-03-116 of 434 findings match
H2M4
Red Hat Enterprise Linux 9 Security Technical Implementation Guide
22025-05-146 of 450 findings match
H2M4
Red Hat Enterprise Linux 9 Security Technical Implementation Guide
V2R82026-02-056 of 446 findings match
H2M4
Solaris 11 X86 Security Technical Implementation Guide
V3R52026-02-195 of 216 findings match
H1M4
Solaris 11 X86 Security Technical Implementation Guide
32025-05-055 of 216 findings match
H1M4
Red Hat Enterprise Linux 8 Security Technical Implementation Guide
V2R72026-02-054 of 366 findings match
M4
Red Hat Enterprise Linux 8 Security Technical Implementation Guide
22025-05-144 of 369 findings match
M4
Solaris 11 SPARC Security Technical Implementation Guide
V3R52026-02-194 of 217 findings match
H1M3
Solaris 11 SPARC Security Technical Implementation Guide
32025-05-054 of 217 findings match
H1M3
Amazon Linux 2023 Security Technical Implementation Guide
V1R32026-02-273 of 187 findings match
M3
General Purpose Operating System Security Requirements Guide
32024-12-043 of 198 findings match
H1M2
General Purpose Operating System Security Requirements Guide
V3R32025-09-223 of 203 findings match
H1M2
Oracle Linux 7 Security Technical Implementation Guide
32025-05-082 of 243 findings match
M2
Oracle Linux 8 Security Technical Implementation Guide
22025-05-132 of 374 findings match
M2
Oracle Linux 8 Security Technical Implementation Guide
V2R82026-02-132 of 375 findings match
M2
Anduril NixOS Security Technical Implementation Guide
V1R22025-08-191 of 103 findings match
M1
Anduril NixOS Security Technical Implementation Guide
12024-10-251 of 104 findings match
M1
Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide
22025-05-161 of 172 findings match
M1
Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide
V2R82026-02-061 of 188 findings match
M1
Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide
22025-05-161 of 187 findings match
M1
Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide
V1R52026-02-061 of 194 findings match
M1
Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide
12025-05-161 of 194 findings match
M1
IBM AIX 7.x Security Technical Implementation Guide
V3R22026-02-061 of 283 findings match
M1
IBM AIX 7.x Security Technical Implementation Guide
32024-08-161 of 283 findings match
M1
NetApp ONTAP DSC 9.x Security Technical Implementation Guide
22024-08-221 of 29 findings match
H1
NetApp ONTAP DSC 9.x Security Technical Implementation Guide
V2R32025-12-081 of 29 findings match
H1
SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide
V1R42026-02-101 of 208 findings match
M1
SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide
12025-05-081 of 210 findings match
M1
SUSE Linux Enterprise Server 12 Security Technical Implementation Guide
32025-05-141 of 211 findings match
M1
Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
V2R52026-02-191 of 226 findings match
M1
Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
22025-05-081 of 226 findings match
M1
Operating System — Mainframe
15 STIGs
Operating System — Mainframe
15 STIGsIBM z/OS TSS Security Technical Implementation Guide
V9R82026-03-0913 of 230 findings match
H3M10
IBM z/OS TSS Security Technical Implementation Guide
92025-06-2413 of 231 findings match
H3M10
IBM Hardware Management Console (HMC) Security Technical Implementation Guide
V2R12024-06-246 of 35 findings match
H1M5
IBM z/OS RACF Security Technical Implementation Guide
V9R82026-03-096 of 222 findings match
H1M5
IBM z/OS RACF Security Technical Implementation Guide
92025-06-246 of 224 findings match
H1M5
IBM z/OS ACF2 Security Technical Implementation Guide
92025-06-245 of 226 findings match
H1M4
IBM z/OS ACF2 Security Technical Implementation Guide
V9R82026-03-095 of 225 findings match
H1M4
CA IDMS Security Technical Implementation Guide
V2R12024-09-134 of 74 findings match
M4
Show 7 more STIGs in this category →Hide additional STIGs
IBM zVM Using CA VM:Secure Security Technical Implementation Guide
V2R22022-08-314 of 77 findings match
M4
Mainframe Product Security Requirements Guide
V3R42025-09-103 of 194 findings match
M3
Mainframe Product Security Requirements Guide
32024-12-053 of 193 findings match
M3
IBM zSecure Suite Security Technical Implementation Guide
V1R32025-03-052 of 11 findings match
M2
z/OS IBM CICS Transaction Server for ACF2 Security Technical Implementation Guide
V7R22025-09-231 of 12 findings match
M1
z/OS IBM CICS Transaction Server for ACF2 Security Technical Implementation Guide
72024-12-161 of 12 findings match
M1
zOS WebSphere MQ for TSS Security Technical Implementation Guide
V7R22025-09-281 of 17 findings match
M1
Operating System — Mobile
29 STIGs
Operating System — Mobile
29 STIGsGoogle Android 13 COPE Security Technical Implementation Guide
22024-12-042 of 36 findings match
M2
Google Android 14 COPE Security Technical Implementation Guide
22024-12-042 of 35 findings match
M2
Google Android 14 COPE Security Technical Implementation Guide
V2R42026-02-122 of 43 findings match
M2
Samsung Android OS 14 with Knox 3.x COPE Security Technical Implementation Guide
22024-12-062 of 39 findings match
M2
Zebra Technologies Android 14 COPE Security Technical Implementation Guide
V1R12026-02-222 of 43 findings match
M2
Google Android 13 BYOAD Security Technical Implementation Guide
12024-02-061 of 23 findings match
M1
Google Android 13 COBO Security Technical Implementation Guide
22024-12-041 of 31 findings match
M1
Google Android 14 COBO Security Technical Implementation Guide
V2R42026-02-061 of 38 findings match
M1
Show 21 more STIGs in this category →Hide additional STIGs
Google Android 14 COBO Security Technical Implementation Guide
22024-12-041 of 30 findings match
M1
Google Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide
V1R22025-08-191 of 23 findings match
M1
Google Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide
12024-02-201 of 23 findings match
M1
Google Android 15 COBO Security Technical Implementation Guide
V1R42026-02-061 of 44 findings match
M1
Google Android 15 COBO Security Technical Implementation Guide
12024-12-051 of 36 findings match
M1
Google Android 15 COPE Security Technical Implementation Guide
V1R42026-02-121 of 47 findings match
M1
Google Android 15 COPE Security Technical Implementation Guide
12024-12-051 of 39 findings match
M1
Google Android 16 COBO Security Technical Implementation Guide
V1R22026-02-061 of 42 findings match
M1
Google Android 16 COPE Security Technical Implementation Guide
V1R22026-02-121 of 45 findings match
M1
Honeywell Android 13 COBO Security Technical Implementation Guide
V1R12025-05-071 of 32 findings match
M1
Honeywell Android 13 COPE Security Technical Implementation Guide
V1R12025-05-071 of 36 findings match
M1
Samsung Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide
12024-02-211 of 25 findings match
M1
Samsung Android 16 COBO Security Technical Implementation Guide
V1R32026-02-061 of 45 findings match
M1
Samsung Android 16 COPE Security Technical Implementation Guide
V1R22026-02-111 of 48 findings match
M1
Samsung Android OS 13 with Knox 3.x COPE Security Technical Implementation Guide
22024-12-061 of 30 findings match
M1
Samsung Android OS 14 with Knox 3.x COBO Security Technical Implementation Guide
22024-12-061 of 36 findings match
M1
Samsung Android OS 15 with Knox 3.x COBO Security Technical Implementation Guide
12024-12-101 of 37 findings match
M1
Samsung Android OS 15 with Knox 3.x COPE Security Technical Implementation Guide
12024-12-101 of 40 findings match
M1
Zebra Android 13 COBO Security Technical Implementation Guide
V1R12024-12-111 of 31 findings match
M1
Zebra Android 13 COPE Security Technical Implementation Guide
V1R12024-12-111 of 35 findings match
M1
Zebra Technologies Android 14 COBO Security Technical Implementation Guide
V1R12026-02-221 of 38 findings match
M1
Network Device
21 STIGs
Network Device
21 STIGsNetwork Device Management Security Requirements Guide
V5R32025-02-112 of 104 findings match
H1M1
Network Device Management Security Requirements Guide
V5R42025-09-102 of 105 findings match
H1M1
Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide
V1R12017-09-151 of 24 findings match
M1
Cisco ASA NDM Security Technical Implementation Guide
V2R42025-12-081 of 47 findings match
M1
Cisco ASA NDM Security Technical Implementation Guide
22025-05-191 of 47 findings match
M1
Cisco ISE NDM Security Technical Implementation Guide
V2R32025-12-111 of 53 findings match
H1
Cisco ISE NDM Security Technical Implementation Guide
22024-09-101 of 53 findings match
H1
Cisco NX OS Switch NDM Security Technical Implementation Guide
V3R22024-09-101 of 42 findings match
M1
Show 13 more STIGs in this category →Hide additional STIGs
Cisco NX OS Switch NDM Security Technical Implementation Guide
32025-05-191 of 42 findings match
M1
Dell OS10 Switch NDM Security Technical Implementation Guide
V1R12024-12-111 of 39 findings match
H1
Domain Name System (DNS) Security Requirements Guide
V4R22025-12-191 of 119 findings match
M1
F5 BIG-IP TMOS NDM Security Technical Implementation Guide
V1R22025-06-121 of 29 findings match
M1
Fortinet FortiGate Firewall NDM Security Technical Implementation Guide
V1R52025-11-191 of 60 findings match
M1
Fortinet FortiGate Firewall NDM Security Technical Implementation Guide
12023-06-011 of 60 findings match
M1
HPE Aruba Networking AOS NDM Security Technical Implementation Guide
V1R12024-10-291 of 37 findings match
M1
IBM DataPower Network Device Management Security Technical Implementation Guide
V1R22017-10-051 of 64 findings match
M1
Juniper EX Series Switches Network Device Management Security Technical Implementation Guide
V2R42025-12-101 of 56 findings match
H1
Juniper EX Series Switches Network Device Management Security Technical Implementation Guide
22025-03-071 of 56 findings match
H1
Juniper Router NDM Security Technical Implementation Guide
V3R22024-12-051 of 49 findings match
M1
Juniper SRX Services Gateway NDM Security Technical Implementation Guide
V3R32024-12-201 of 68 findings match
L1
Riverbed NetIM OS Security Technical Implementation Guide
V1R12025-10-021 of 154 findings match
M1
Database
24 STIGs
Database
24 STIGsEnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide
V2R12024-08-273 of 118 findings match
M3
Microsoft SQL Server 2022 Instance Security Technical Implementation Guide
V1R42026-02-253 of 79 findings match
M3
Microsoft SQL Server 2022 Instance Security Technical Implementation Guide
12025-05-303 of 80 findings match
M3
MS SQL Server 2016 Instance Security Technical Implementation Guide
V3R62025-12-083 of 84 findings match
M3
MS SQL Server 2016 Instance Security Technical Implementation Guide
32025-06-113 of 101 findings match
M3
Crunchy Data Postgres 16 Security Technical Implementation Guide
V1R22026-02-272 of 111 findings match
M2
Crunchy Data Postgres 16 Security Technical Implementation Guide
12024-06-172 of 111 findings match
M2
Crunchy Data PostgreSQL Security Technical Implementation Guide
V3R12024-08-272 of 113 findings match
H1M1
Show 16 more STIGs in this category →Hide additional STIGs
Database Security Requirements Guide
V4R52026-02-262 of 142 findings match
M2
Database Security Requirements Guide
42024-12-042 of 142 findings match
M2
MariaDB Enterprise 10.x Security Technical Implementation Guide
V2R52026-03-022 of 107 findings match
M2
MariaDB Enterprise 10.x Security Technical Implementation Guide
22024-12-052 of 110 findings match
M2
MarkLogic Server v9 Security Technical Implementation Guide
V3R22024-09-042 of 80 findings match
M2
Microsoft Azure SQL Database Security Technical Implementation Guide
V2R32025-06-112 of 76 findings match
M2
Microsoft Azure SQL Managed Instance Security Technical Implementation Guide
V1R12025-10-072 of 84 findings match
M2
Oracle MySQL 8.0 Security Technical Implementation Guide
V2R22024-09-042 of 100 findings match
M2
Redis Enterprise 6.x Security Technical Implementation Guide
V2R22024-09-042 of 71 findings match
M2
IBM DB2 V10.5 LUW Security Technical Implementation Guide
V2R12023-06-111 of 93 findings match
H1
Microsoft SQL Server 2022 Database Security Technical Implementation Guide
V1R32026-02-251 of 23 findings match
M1
Microsoft SQL Server 2022 Database Security Technical Implementation Guide
12025-05-291 of 22 findings match
M1
MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide
V1R12024-09-271 of 50 findings match
M1
MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide
V1R12026-02-201 of 55 findings match
M1
MS SQL Server 2016 Database Security Technical Implementation Guide
V3R52026-03-091 of 23 findings match
M1
MS SQL Server 2016 Database Security Technical Implementation Guide
32025-06-111 of 28 findings match
M1
Web / Application Server
24 STIGs
Web / Application Server
24 STIGsApplication Security and Development Security Technical Implementation Guide
62025-02-124 of 286 findings match
H2M2
Application Security and Development Security Technical Implementation Guide
V6R42025-09-094 of 286 findings match
H2M2
Apache Tomcat Application Server 9 Security Technical Implementation Guide
V3R42026-02-253 of 79 findings match
M2L1
Apache Tomcat Application Server 9 Security Technical Implementation Guide
32025-02-113 of 82 findings match
M2L1
Application Server Security Requirements Guide
V4R42025-09-102 of 137 findings match
M2
Application Server Security Requirements Guide
42025-02-112 of 128 findings match
M2
JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide
V2R62025-02-202 of 67 findings match
M2
Apache Server 2.4 UNIX Server Security Technical Implementation Guide
V3R22024-12-041 of 47 findings match
M1
Show 16 more STIGs in this category →Hide additional STIGs
Apache Server 2.4 UNIX Server Security Technical Implementation Guide
32024-12-041 of 47 findings match
M1
Apache Server 2.4 Windows Server Security Technical Implementation Guide
V3R42026-02-251 of 49 findings match
M1
Apache Server 2.4 Windows Server Security Technical Implementation Guide
32025-02-121 of 54 findings match
M1
Apache Server 2.4 Windows Site Security Technical Implementation Guide
V2R32026-02-251 of 16 findings match
M1
Apache Server 2.4 Windows Site Security Technical Implementation Guide
22025-02-121 of 36 findings match
M1
Application Programming Interface (API) Security Requirements Guide
V1R12025-09-241 of 65 findings match
M1
IBM WebSphere Liberty Server Security Technical Implementation Guide
22025-02-111 of 29 findings match
M1
IBM WebSphere Liberty Server Security Technical Implementation Guide
V2R42026-02-261 of 30 findings match
M1
IBM WebSphere Traditional V9.x Security Technical Implementation Guide
V2R12026-02-261 of 77 findings match
M1
IBM WebSphere Traditional V9.x Security Technical Implementation Guide
12018-08-241 of 76 findings match
M1
Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide
V2R22024-12-061 of 68 findings match
M1
Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide
V2R32025-05-141 of 66 findings match
M1
Microsoft IIS 10.0 Server Security Technical Implementation Guide
V3R72026-02-261 of 40 findings match
M1
Microsoft IIS 10.0 Server Security Technical Implementation Guide
32025-06-111 of 43 findings match
M1
Web Server Security Requirements Guide
V4R42025-09-101 of 126 findings match
M1
Web Server Security Requirements Guide
42025-02-121 of 124 findings match
M1
Virtualization / Container
10 STIGs
Virtualization / Container
10 STIGsMirantis Kubernetes Engine Security Technical Implementation Guide
V2R12024-08-275 of 44 findings match
M5
Container Platform Security Requirements Guide
V2R42025-09-103 of 188 findings match
M3
Container Platform Security Requirements Guide
22025-05-153 of 187 findings match
M3
Virtual Machine Manager Security Requirements Guide
22024-12-063 of 193 findings match
M3
Virtual Machine Manager Security Requirements Guide
V2R32025-09-103 of 198 findings match
M3
Nutanix Acropolis GPOS Security Technical Implementation Guide
V1R12026-02-241 of 106 findings match
M1
Rancher Government Solutions RKE2 Security Technical Implementation Guide
V2R62026-02-131 of 21 findings match
M1
Rancher Government Solutions RKE2 Security Technical Implementation Guide
22024-12-201 of 24 findings match
M1
Show 2 more STIGs in this category →Hide additional STIGs
VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide
V2R12024-07-111 of 106 findings match
H1
VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide
V1R12023-10-291 of 104 findings match
H1
Cloud / Identity Service
1 STIG
Cloud / Identity Service
1 STIGActive Directory Forest Security Technical Implementation Guide
V3R22025-05-151 of 7 findings match
H1
Endpoint Security Management
6 STIGs
Endpoint Security Management
6 STIGsArctic Wolf CylanceON-PREM Security Technical Implementation Guide
V1R12025-06-111 of 16 findings match
M1
BlackBerry UEM Security Technical Implementation Guide
V2R12020-12-041 of 16 findings match
M1
HYCU Protege Security Technical Implementation Guide
V1R22026-03-041 of 55 findings match
M1
HYCU Protege Security Technical Implementation Guide
12024-10-291 of 55 findings match
M1
Unified Endpoint Management Server Security Requirements Guide
22024-12-091 of 137 findings match
M1
Unified Endpoint Management Server Security Requirements Guide
V2R42025-09-101 of 138 findings match
M1
Productivity Application
2 STIGs
Productivity Application
2 STIGsMicrosoft Office 365 ProPlus Security Technical Implementation Guide
V3R52026-02-122 of 139 findings match
M2
Microsoft Office 365 ProPlus Security Technical Implementation Guide
32025-03-052 of 138 findings match
M2
Uncategorized
2 STIGs
Uncategorized
2 STIGsMicrosoft Office System 2016 Security Technical Implementation Guide
22024-12-061 of 20 findings match
M1
Microsoft SharePoint 2013 Security Technical Implementation Guide
22024-12-101 of 37 findings match
H1