How to Create a Standard User on Windows for CMMC Compliance
Step-by-step guide to create Standard User accounts on Windows for CMMC Level 1. Limit access & protect Federal Contract Information (FCI) easily.
Creating a Standard User Account on Windows
If you handle Federal Contract Information (FCI) on your Windows computer, meeting CMMC Level 1 rules is a must. One key requirement is about controlling access and ensuring users only have the permissions they need for their job. This is known as the principle of "least privilege."
Requirement AC.L1-b.1.i (authorized access control) objective [d] means you need to show that people aren't using accounts with too much power for their everyday tasks. Using an "Administrator" account for everything is like giving everyone the keys to the whole building, even if they just need to open one door.
The simple solution for your Windows computer? Create a Standard User account for your daily work and keep your "Administrator" account separate for special tasks only (like installing software or changing system settings). This guide will show you exactly how, step-by-step, to help you meet this CMMC rule.
Why Standard Accounts Matter for CMMC
Think of user accounts like job titles on your computer:
- Administrator: This is the "Boss" account. It has full power to install software, change system settings, access all files, and pretty much do anything on the computer.
- Standard User: This is the "Worker" account. It can run programs, save files in allowed places, and do normal daily tasks, but it cannot make big changes to the system or install most software without the Administrator's permission.
By creating and using a Standard User account for daily work, you directly support objective [d] of requirement AC.L1-b.1.i (System access is limited to authorized users). This ensures that user access is limited to authorized transactions and functions needed for their job, enforcing the principle of least privilege.
The Problem for CMMC: If you use an Administrator account for your daily work (checking emails, browsing the web, working with FCI), and you accidentally click a bad link or download something harmful, that malware or attacker gets the same "Boss" powers you have! They could easily mess up your computer, steal data (including FCI), or spread to other computers.
The Solution: By using a Standard User account for daily work with FCI, you limit the damage. If something bad happens, the malware only gets "Worker" permissions, which severely restricts what it can do. This simple step is a fundamental part of protecting FCI and demonstrating least privilege for CMMC Level 1.
Let's set it up.
Your Step-by-Step Guide to Creating a Standard Account
You'll need to be logged into an account that has Administrator rights to do this.
Step 1: Check Your Current Account Type
First, let's see what type of account you use for your daily work.
- Go to Settings Accounts Your info. Look below your name and email address. It will say either "Administrator" or "Standard User".
If your daily account is already "Standard User," great! You've already taken a key step. You can skip the rest of this guide unless you need to set up another user. If it says "Administrator," follow the steps below to create a separate Standard account for daily use.
Step 2: Open User Account Settings to Add a New User
The exact steps might look slightly different depending on your Windows version, but the goal is to find where you manage other users on the computer.
- Go to Settings Accounts Other users.
Step 3: Add Someone Else to This PC
In the "Other users" section, look for an option "Add account." Click it.
Step 4: Create a Local Account (Skip Microsoft)
Windows will ask how this person will sign in. For simplicity and security (to keep your admin account separate from online accounts), choose the option "I don't have this person's sign-in information."
On the next screen, it might push you towards a Microsoft account again. Choose the option "Add a user without a Microsoft account."
Step 5: Set Up the New User's Details
Now you'll create the actual account details for your new Standard user.
- Enter a User name for the new account. This should be your name.
- Create a strong password with a mix of letters, numbers, and special characters (aim for 15 characters).
- Enter the password twice to confirm it.
- Choose and answer the security questions.
- Click Next or Finish.
You've created the account, but it might be set as an Administrator by default. We need to change it to Standard.
Step 6: Change the Account Type to "Standard User"
Back in the "Other users" page, click on the new user account you just created.
- Click the button that says "Change account type."
- In the dropdown menu, select "Standard User."
- Click OK.
Windows might ask for the password of the Administrator account you are currently logged into to confirm this change. Enter it.
Step 7: Log In to Your New Standard Account
You're almost done! Now it's time to switch to your new, safer account for daily use.
- Close any open programs you want to save.
- Click the Start button, then click on your current user icon/name.
- Select Sign out.
- On the login screen, click on the new user account you just created.
- Enter the password you set for this Standard account.
Windows will set up the desktop for the new user, which might take a minute.
Working with Two Accounts
Now that you have two accounts:
- Use your NEW Standard User account for ALL your daily work, including handling FCI. This is your primary account.
- Only use your OLD Administrator account when you need to do something that requires admin rights. This includes installing new software, updating system drivers, changing system-wide security settings, or creating other user accounts. Windows will often pop up a box asking for the Administrator password when you try to do something that requires it while using your Standard account. This is normal and helps you know when you're doing something administrative.
Do NOT use your Administrator account for routine tasks like email, web browsing, or working with documents.
Important Note: This process should be repeated for every computer in your business that accesses or stores Federal Contract Information (FCI) to ensure consistent security and compliance.
Conclusion: Compliance Win!
Congratulations! By creating and using a Standard User account for your daily tasks, you have successfully implemented a key technical control for CMMC Level 1. You are now following the principle of least privilege, significantly reducing the risk of accidental damage or malicious attacks impacting your Federal Contract Information.
This simple change is tangible evidence of your commitment to protecting FCI and directly addresses aspects of AC.L1-b.1.i objective [d]. Keep using your Standard account daily, and you're well on your way to demonstrating compliance!
Need Help Managing Your Full CMMC Level 1 Compliance?
Implementing controls like managing user accounts is vital. CMMC Level 1 has 15 requirements, which are broken down into 59 specific objectives you need to meet. If you're looking for a simple, affordable way to manage the entire process - track your progress, store evidence for all controls, generate policies, and stay organized - we can help!
Check out CMMC Resources - designed specifically to make CMMC Level 1 achievable for businesses like yours.
Further Reading & Official Resources
DoD CMMC Official Site: https://dodcio.defense.gov/cmmc/About/
DoD CMMC Level 1 Assessment Guide: https://dodcio.defense.gov/Portals/0/Documents/CMMC/AssessmentGuideL1.pdf