AC-06(07)—Least Privilege | Review of User Privileges
Moderate
>Control Description
(a) Review ⚙organization-defined frequency the privileges assigned to ⚙organization-defined roles or classes of users to validate the need for such privileges; and
(b) Reassign or remove privileges, if necessary, to correctly reflect organizational mission and business needs.
>Discussion
The need for certain assigned user privileges may change over time to reflect changes in organizational mission and business functions, environments of operation, technologies, or threats. A periodic review of assigned user privileges is necessary to determine if the rationale for assigning such privileges remains valid. If the need cannot be revalidated, organizations take appropriate corrective actions.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.