>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC-6(2)Least Privilege

PBMM (P2)
Secret (P2)
Technical

>Control Description

LEAST PRIVILEGE | NON-PRIVILEGED ACCESS FOR NON-SECURITY FUNCTIONS The organization requires that users of information system accounts, or roles, with access to organization-defined security functions or security-relevant information, use non-privileged accounts or roles, when accessing non-security functions.

>Supplemental Guidance

This control enhancement limits an information system’s exposure to threats when users are operating from within privileged accounts or roles. The inclusion of roles addresses situations where organizations implement access control policies such as RBAC and where a change of role provides the same degree of assurance in the change of access authorizations for both the user and all processes acting on behalf of the user as would be provided by a change between a privileged and non-privileged account. Related control: PL-4.

>Tailoring Guidance

This security control/enhancement is considered to be best practice. Consequently, inclusion in a departmental profile is strongly encouraged in most cases.

Ask AI

Configure your API key to use AI features.