NIST 800-53 Rev 5
424 controls available
SC-2moderatehigh
Separation of System and User Functionality
System and Communications Protection
Control Statement
Separate user functionality, including user interface services, from system management functionality.
Discussion
System management functionality includes functions that are necessary to administer databases, network components, workstations, or servers. These functions typically require privileged user access. The separation of user functions from system management functions is physical or logical. Organizations may separate system management functions from user functions by using different computers, instances of operating systems, central processing units, or network addresses; by employing virtualization techniques; or some combination of these or other methods. Separation of system management functions from user functions includes web administrative interfaces that employ separate authentication methods for users of any other system resources. Separation of system and user functions may include isolating administrative interfaces on different domains and with additional access controls. The separation of system and user functionality can be achieved by applying the systems security engineering design principles in [SA-8](#sa-8) , including [SA-8(1)](#sa-8.1), [SA-8(3)](#sa-8.3), [SA-8(4)](#sa-8.4), [SA-8(10)](#sa-8.10), [SA-8(12)](#sa-8.12), [SA-8(13)](#sa-8.13), [SA-8(14)](#sa-8.14) , and [SA-8(18)](#sa-8.18).
- Framework
- NIST SP 800-53 Rev 5
- Family
- System and Communications Protection
- Baselines
- moderate, high
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-1711 mapping
3.13.3
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-001082
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
Related STIGs
86 STIGs reach this control through 3 CCIs. Expand a row to see the responsible NICE and O*NET roles.
Operating System — Desktop
2 STIGs
Operating System — Desktop
2 STIGsMicrosoft Windows PAW Security Technical Implementation Guide
32025-05-232 of 24 findings match
H1M1
Microsoft Windows PAW Security Technical Implementation Guide
V3R32026-02-252 of 24 findings match
H1M1
Operating System — Server
10 STIGs
Operating System — Server
10 STIGsAmazon Linux 2023 Security Technical Implementation Guide
V1R32026-02-275 of 187 findings match
M5
Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide
V1R62026-02-275 of 439 findings match
M5
CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide
12025-05-225 of 445 findings match
M5
Oracle Linux 9 Security Technical Implementation Guide
12025-05-085 of 456 findings match
M5
Oracle Linux 9 Security Technical Implementation Guide
V1R52026-02-175 of 448 findings match
M5
Red Hat Enterprise Linux 10 Security Technical Implementation Guide
V1R12026-03-115 of 434 findings match
M5
Red Hat Enterprise Linux 9 Security Technical Implementation Guide
22025-05-145 of 450 findings match
M5
Red Hat Enterprise Linux 9 Security Technical Implementation Guide
V2R82026-02-055 of 446 findings match
M5
Show 2 more STIGs in this category →Hide additional STIGs
General Purpose Operating System Security Requirements Guide
V3R32025-09-222 of 203 findings match
M2
General Purpose Operating System Security Requirements Guide
32024-12-041 of 198 findings match
M1
Operating System — Mainframe
4 STIGs
Operating System — Mainframe
4 STIGsIBM zSecure Suite Security Technical Implementation Guide
V1R32025-03-051 of 11 findings match
M1
IBM zVM Using CA VM:Secure Security Technical Implementation Guide
V2R22022-08-311 of 77 findings match
M1
Mainframe Product Security Requirements Guide
32024-12-051 of 193 findings match
M1
Mainframe Product Security Requirements Guide
V3R42025-09-101 of 194 findings match
M1
Network Device
1 STIG
Network Device
1 STIGSDN Controller Security Requirements Guide
22024-05-281 of 34 findings match
M1
Database
18 STIGs
Database
18 STIGsRedis Enterprise 6.x Security Technical Implementation Guide
V2R22024-09-042 of 71 findings match
H1M1
Crunchy Data Postgres 16 Security Technical Implementation Guide
12024-06-171 of 111 findings match
M1
Crunchy Data Postgres 16 Security Technical Implementation Guide
V1R22026-02-271 of 111 findings match
M1
Crunchy Data PostgreSQL Security Technical Implementation Guide
V3R12024-08-271 of 113 findings match
M1
Database Security Requirements Guide
42024-12-041 of 142 findings match
M1
Database Security Requirements Guide
V4R52026-02-261 of 142 findings match
M1
EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide
V2R12024-08-271 of 118 findings match
M1
IBM DB2 V10.5 LUW Security Technical Implementation Guide
V2R12023-06-111 of 93 findings match
M1
Show 10 more STIGs in this category →Hide additional STIGs
MariaDB Enterprise 10.x Security Technical Implementation Guide
22024-12-051 of 110 findings match
M1
MariaDB Enterprise 10.x Security Technical Implementation Guide
V2R52026-03-021 of 107 findings match
M1
MarkLogic Server v9 Security Technical Implementation Guide
V3R22024-09-041 of 80 findings match
M1
Microsoft Azure SQL Database Security Technical Implementation Guide
V2R32025-06-111 of 76 findings match
M1
Microsoft Azure SQL Managed Instance Security Technical Implementation Guide
V1R12025-10-071 of 84 findings match
M1
MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide
V1R12024-09-271 of 50 findings match
M1
MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide
V1R12026-02-201 of 55 findings match
M1
Oracle Database 19c Security Technical Implementation Guide
12025-06-241 of 96 findings match
M1
Oracle Database 19c Security Technical Implementation Guide
V1R52026-02-251 of 96 findings match
M1
Oracle MySQL 8.0 Security Technical Implementation Guide
V2R22024-09-041 of 100 findings match
M1
Web / Application Server
27 STIGs
Web / Application Server
27 STIGsAdobe ColdFusion Security Technical Implementation Guide
V1R12025-12-193 of 84 findings match
M3
Apache Server 2.4 Windows Site Security Technical Implementation Guide
22025-02-123 of 36 findings match
H1M2
Apache Server 2.4 Windows Site Security Technical Implementation Guide
V2R32026-02-253 of 16 findings match
H1M2
Web Server Security Requirements Guide
42025-02-123 of 124 findings match
M3
Web Server Security Requirements Guide
V4R42025-09-103 of 126 findings match
M3
Apache Server 2.4 UNIX Server Security Technical Implementation Guide
32024-12-042 of 47 findings match
M2
Apache Server 2.4 UNIX Server Security Technical Implementation Guide
V3R22024-12-042 of 47 findings match
M2
Apache Server 2.4 Windows Server Security Technical Implementation Guide
32025-02-122 of 54 findings match
M2
Show 19 more STIGs in this category →Hide additional STIGs
Apache Server 2.4 Windows Server Security Technical Implementation Guide
V3R42026-02-252 of 49 findings match
M2
Apache Tomcat Application Server 9 Security Technical Implementation Guide
32025-02-112 of 82 findings match
M2
Apache Tomcat Application Server 9 Security Technical Implementation Guide
V3R42026-02-252 of 79 findings match
M2
Microsoft IIS 10.0 Server Security Technical Implementation Guide
32025-06-112 of 43 findings match
H1M1
Microsoft IIS 10.0 Server Security Technical Implementation Guide
V3R72026-02-262 of 40 findings match
H1M1
Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide
22024-08-272 of 28 findings match
M2
Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide
V2R32025-11-202 of 28 findings match
M2
Application Security and Development Security Technical Implementation Guide
62025-02-121 of 286 findings match
M1
Application Security and Development Security Technical Implementation Guide
V6R42025-09-091 of 286 findings match
M1
Application Server Security Requirements Guide
42025-02-111 of 128 findings match
M1
Application Server Security Requirements Guide
V4R42025-09-101 of 137 findings match
M1
IBM WebSphere Traditional V9.x Security Technical Implementation Guide
12018-08-241 of 76 findings match
M1
IBM WebSphere Traditional V9.x Security Technical Implementation Guide
V2R12026-02-261 of 77 findings match
M1
JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide
V2R62025-02-201 of 67 findings match
M1
Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide
V2R62023-12-181 of 64 findings match
M1
Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide
V2R22024-12-061 of 68 findings match
M1
Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide
V2R32025-05-141 of 66 findings match
M1
Microsoft IIS 10.0 Site Security Technical Implementation Guide
22025-06-091 of 43 findings match
H1
Microsoft IIS 10.0 Site Security Technical Implementation Guide
V2R152026-02-261 of 44 findings match
H1
Virtualization / Container
20 STIGs
Virtualization / Container
20 STIGsNutanix Acropolis Application Server Security Technical Implementation Guide
V1R12026-02-242 of 31 findings match
M2
Container Platform Security Requirements Guide
22025-05-151 of 187 findings match
M1
Container Platform Security Requirements Guide
V2R42025-09-101 of 188 findings match
M1
Kubernetes Security Technical Implementation Guide
22025-05-161 of 94 findings match
M1
Kubernetes Security Technical Implementation Guide
V2R62026-02-121 of 92 findings match
M1
Rancher Government Solutions RKE2 Security Technical Implementation Guide
22024-12-201 of 24 findings match
M1
Rancher Government Solutions RKE2 Security Technical Implementation Guide
V2R62026-02-131 of 21 findings match
M1
Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide
22025-05-151 of 83 findings match
M1
Show 12 more STIGs in this category →Hide additional STIGs
Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide
V2R52025-12-041 of 83 findings match
M1
Virtual Machine Manager Security Requirements Guide
22024-12-061 of 193 findings match
M1
Virtual Machine Manager Security Requirements Guide
V2R32025-09-101 of 198 findings match
M1
VMware vSphere 7.0 VAMI Security Technical Implementation Guide
V1R22023-06-151 of 28 findings match
M1
VMware vSphere 7.0 vCenter Appliance EAM Security Technical Implementation Guide
V1R22023-06-151 of 33 findings match
M1
VMware vSphere 7.0 vCenter Appliance Lookup Service Security Technical Implementation Guide
V1R22023-06-151 of 31 findings match
M1
VMware vSphere 7.0 vCenter Appliance Perfcharts Security Technical Implementation Guide
V1R12023-02-211 of 34 findings match
M1
VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide
V1R22023-06-151 of 31 findings match
M1
VMware vSphere 7.0 vCenter Appliance UI Security Technical Implementation Guide
V1R22023-06-151 of 33 findings match
M1
VMware vSphere 7.0 vCenter Security Technical Implementation Guide
V1R32023-12-211 of 57 findings match
M1
VMware vSphere 8.0 vCenter Security Technical Implementation Guide
V2R32025-06-091 of 67 findings match
M1
VMware vSphere 8.0 vCenter Security Technical Implementation Guide
V1R12023-10-111 of 65 findings match
M1
Endpoint Security Management
3 STIGs
Endpoint Security Management
3 STIGsMicrosoft Defender for Endpoint Security Technical Implementation Guide
V1R22025-11-252 of 25 findings match
M2
Tanium 7.x Application on TanOS Security Technical Implementation Guide
V2R22025-02-111 of 75 findings match
M1
Tanium 7.x Security Technical Implementation Guide
V2R32025-05-141 of 98 findings match
M1
Uncategorized
1 STIG
Uncategorized
1 STIGMicrosoft SharePoint 2013 Security Technical Implementation Guide
22024-12-101 of 37 findings match
M1