Ordinary users can't run admin functions — and when admin functions run, you log it.
What it actually means
Non-privileged users must be prevented from executing privileged functions, and the execution of privileged functions must be captured in audit logs. In practice: enforce least privilege so standard users can't run admin tools, and make sure your logging captures privileged and administrative actions.
Pass or fail — an assessor needs a "yes" to each
- Are non-privileged users blocked from executing privileged functions?
- Are privileged function executions captured in your audit logs?
What to have ready
- Access-control configuration restricting privileged functions
- Audit log samples showing privileged actions captured
Where teams trip up
- Standard users able to run admin utilities
- Privileged actions not logged
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →