NIST 800-171 R-3.1.4
Separate Duties of Individuals
Official citation: 3.1.4
Class: core · Severity: high
Statement of the obligation — verify against source
3.1.4
What it means
No single person should control an entire sensitive process end to end, so that wrongdoing would require collusion. Divide mission and system-support work across different people or roles — for example, keep the staff who administer access controls separate from those who administer audit functions. Because violations can span systems and applications, set separation-of-duties policy across all your systems, not just one.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.