Where is it required that a user can only be a member of 1 RBAC role?

old.reddit.com / @/u/TAway_Derp, https://old.reddit.com/user/TAway_Derp

My compliance team has the understanding that NIST requires that a user can only be a member of 1 RBAC role. Another engineer and I went through NIST 800 53 revision 5 and couldn't find where it states that a user can only be a member of 1 RBAC role. Before I start an argument with my compliance team, I'd like to know how others have interpreted this requirement.

I understand that separation of duties can make roles mutually exclusive. But they keep saying that 1 user == 1 role.

submitted by /u/TAway_Derp
[link] [comments]

published 9 months ago


Previous

Can any user install software on servers or is this against compliance?
published 9 months ago

Next

GRC Tool
published 9 months ago
See all items from the same source