AC.L2-3.13.3[b] — System & Communications Protection (Role-Based Security)
Domain: System & Communications Protection (SC) | Practice: SC.L2-3.13.3 | Objective ID: 3.13.3[b] | Source: NIST SP 800-171 Rev. 2 / CMMC 2.0 Level 2
Assessment Objective: User functionality and system management functionality are logically or physically separated.
Implement separation through separate network segments, different servers, virtual separation, or physically distinct systems for user functions versus management/admin functions.