Where is it required that a user can only be a member of 1 RBAC role?

old.reddit.com / @/u/TAway_Derp, https://old.reddit.com/user/TAway_Derp

My compliance team has the understanding that NIST requires that a user can only be a member of 1 RBAC role. Another engineer and I went through NIST 800 53 revision 5 and couldn't find where it states that a user can only be a member of 1 RBAC role. Before I start an argument with my compliance team, I'd like to know how others have interpreted this requirement.

I understand that separation of duties can make roles mutually exclusive. But they keep saying that 1 user == 1 role.

submitted by /u/TAway_Derp
[link] [comments]

published about 1 year ago




See all items from the same source