CMMC Practice AC.2.008

Use non-privileged accounts or roles when accessing nonsecurity functions.

Source

CMMC Version 1.02, pg. 58

Bold Coast Security Guidance

You must create separate accounts that is a normal user, and a named administrator account, for performing administrative tasks. That way, if you inadvertently click on a malicious link or attachment while browsing the internet or checking your email, the malware does not execute using administrative privileges on the network! Additionally, as an administrator you often have the ability to view applications and documents you would not have access to as a normal user. Having separate accounts prevents you from accidentally accessing a document or folder for which you are not authorized.

Discussion From Source

DRAFT NIST SP 800-171 R2 This requirement limits exposure when operating from within privileged accounts or roles. The inclusion of roles addresses situations where organizations implement access control policies such as role-based access control and where a change of role provides the same degree of assurance in the change of access authorizations for the user and all processes acting on behalf of the user as would be provided by a change between a privileged and non-privileged account.

References