NIST 800-171 R-3.1.7
Restrict and Audit Privileged Functions
Official citation: 3.1.7
Class: core · Severity: high
Statement of the obligation — verify against source
3.1.7
What it means
Prevent non-privileged users from running privileged functions — such as creating accounts, performing integrity checks, patching, or managing cryptographic keys — and capture every privileged action in audit logs. Misuse of privileged functions, whether by authorized insiders or attackers who have compromised an account, can have serious, ongoing impact; logging their use is a key way to detect it. This builds on the authorizations defined in 3.1.2.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.