NIST SP 800-171
Control 3.1.7
Prevent Non-Privileged Users from Executing Privileged Functions
CMMC-RP Certified Team
24+ Years Experience
2,500+ Clients Served
Official Requirement
Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.
What This Means in Plain English
Standard users should not be able to perform admin-level tasks like installing software, changing security settings, or accessing audit logs. Any attempt to do so must be blocked and recorded.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- Group Policy Objects preventing standard users from installing software or modifying system settings
- User Account Control (UAC) configured to prompt for admin credentials on all elevation attempts
- Arctic Wolf SIEM logging all privilege escalation attempts and alerting on anomalies
- Application control policies via Sophos XDR blocking unauthorized executables
- ComplianceArmor tracking privileged function audit trails
Assessment Guidance
Assessors will attempt to execute privileged functions with non-privileged accounts, verify that UAC and GPO settings block elevation, review SIEM logs for privilege escalation events, and check that all attempts are captured in audit records.
Common Implementation Gaps
- UAC disabled or set to never notify
- Standard users granted local admin rights
- No logging of failed privilege escalation attempts
- Software installation not restricted on endpoints
- PowerShell execution unrestricted for standard users
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | AC-6(9), AC-6(10) |
| PCI DSS | Req 7.2 - Establish an access control system |
Need Help Implementing 3.1.7?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment