Skip to main content

💼 AC-6 Least Privilege (M)(H)

Contextual name: 💼 AC-6 Least Privilege (M)(H)
ID: /frameworks/fedramp-high-security-controls/ac/06
Located in: 💼 Access Control

Description

Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks.

Similar

Sections
- /frameworks/nist-sp-800-53-r5/ac/06
Internal
- ID: dec-c-e3bc71a5

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 AC-6 Least Privilege	10	21	26

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP Moderate Security Controls → 💼 AC-6 Least Privilege (M)(H)	6		33

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 AC-6(1) Authorize Access to Security Functions (M)(H)		4	4
💼 AC-6(2) Non-privileged Access for Nonsecurity Functions (M)(H)		1	4
💼 AC-6(3) Network Access to Privileged Commands (H)		1	2
💼 AC-6(5) Privileged Accounts (M)(H)		3	5
💼 AC-6(7) Review of User Privileges (M)(H)		2	2
💼 AC-6(8) Privilege Levels for Code Execution (H)
💼 AC-6(9) Log Use of Privileged Functions (M)(H)		7	23
💼 AC-6(10) Prohibit Non-privileged Users from Executing Privileged Functions (M)(H)		1	3

Policies (7)

Policy	Logic Count	Flags
📝 AWS Account Root User has active access keys 🟢	1	🟢 x6
📝 AWS EC2 Instance IMDSv2 is not enabled 🟢	1	🟢 x6
📝 AWS IAM Policy allows full administrative privileges 🟢	1	🟢 x6
📝 AWS IAM User has inline or directly attached policies 🟢	1	🟠 x1, 🟢 x5
📝 AWS IAM User with credentials unused for 45 days or more is not disabled 🟢	1	🟢 x6
📝 AWS RDS Snapshot is publicly accessible 🟢	1	🟢 x6
📝 AWS S3 Bucket is not configured to block public access 🟢	1	🟢 x6

Description
Similar
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
Sub Sections
Policies (7)