Trusted facility management is the selection of a specific user to administer the security functions of a system. This must adhere to requirements for B2 systems and B3 systems. The B2 systems require that the trusted computing base accommodate separate operator and administrator functions, while the B3 systems require that the functions the security administrator are responsible for are explicitly identified. This mandates that the security administrator exclusively employs functions as defined after taking a distinct action to assume the security administrator role on the system.
Other functions that can be performed in the security administrator role should be confined to those functions that are essential to the security role. In addition, trusted facility management is committed to the concept of least privilege and also correlates to the separation of duties and need to know concepts.