>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC-6(3)Least Privilege

Technical

>Control Description

LEAST PRIVILEGE | NETWORK ACCESS TO PRIVILEGED COMMANDS The organization authorizes network access to organization-defined privileged commands only for organization-defined compelling operational needs and documents the rationale for such access in the operations security plan for the information system.

>Supplemental Guidance

Network access is any access across a network connection in lieu of local access (i.e., user being physically present at the device). Related control: AC-17.

>Tailoring Guidance

This security control/enhancement specifies a very specialized and/or advanced capability that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis. An example of this would be local administration of a Certification Authority.

Ask AI

Configure your API key to use AI features.