AC-6 (09)—Least Privilege | Log Use of Privileged Functions

Moderate

High

>Control Description

Log the execution of privileged functions.

>FedRAMP Baseline Requirements

No FedRAMP-specific parameter values or requirements for this baseline.

>Discussion

The misuse of privileged functions, either intentionally or unintentionally by authorized users or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Logging and analyzing the use of privileged functions is one way to detect such misuse and, in doing so, help mitigate the risk from insider threats and the advanced persistent threat.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

•What formal policies and procedures govern the implementation of AC-6(9) (Log Use Of Privileged Functions)?
•Who are the designated roles responsible for implementing, maintaining, and monitoring AC-6(9)?
•How frequently is the AC-6(9) policy reviewed and updated, and what triggers policy changes?
•What training or awareness programs ensure personnel understand their responsibilities related to AC-6(9)?

Technical Implementation:

•Describe the specific technical mechanisms or controls used to enforce AC-6(9) requirements.
•What automated tools, systems, or technologies are deployed to implement AC-6(9)?
•How is AC-6(9) integrated into your system architecture and overall security posture?
•What configuration settings, parameters, or technical specifications enforce AC-6(9) requirements?

Evidence & Documentation:

•What documentation demonstrates the complete implementation of AC-6(9)?
•What audit logs, records, reports, or monitoring data validate AC-6(9) compliance?
•Can you provide evidence of periodic reviews, assessments, or testing of AC-6(9) effectiveness?
•What artifacts would you present during a FedRAMP assessment to demonstrate AC-6(9) compliance?

Ask AI

Configure your API key to use AI features.