AC-06 Least Privilege

Control: The information system enforces the most restrictive set of rights/privileges or accesses needed by users (or processes acting on behalf of users) for the performance of specified tasks.

Supplemental Guidance: The organization employs the concept of least privilege for specific duties and information systems (including specific ports, protocols, and services) in accordance with risk assessments as necessary to adequately mitigate risk to organizational operations, organizational assets, and individuals.

Control Enhancements: (0) None.

Baseline: LOW Not Selected MOD AC-6 HIGH AC-6

Family: Access Control

Class: Technical

ISO 17799 mapping: 11.2.2

COBIT 4.1 mapping: PO4.11

PCI-DSS v2 mapping: 7.1.1