πΌ AC-6 Least Privilege (M)(H)
- Contextual name: πΌ AC-6 Least Privilege (M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/ac/06 - Located in: πΌ Access Control
Descriptionβ
Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks.
Similarβ
- Sections
/frameworks/fedramp-high-security-controls/ac/06
- Internal
- ID:
dec-c-e3bc71a5
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ AC-6 Least Privilege (M)(H) | 8 | 11 | 33 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ AC-6(1) Authorize Access to Security Functions (M)(H) | 4 | |||
| πΌ AC-6(2) Non-privileged Access for Nonsecurity Functions (M)(H) | 4 | |||
| πΌ AC-6(5) Privileged Accounts (M)(H) | 5 | |||
| πΌ AC-6(7) Review of User Privileges (M)(H) | 2 | |||
| πΌ AC-6(9) Log Use of Privileged Functions (M)(H) | 23 | |||
| πΌ AC-6(10) Prohibit Non-privileged Users from Executing Privileged Functions (M)(H) | 3 |
Policies (7)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS Account Root User has active access keys π’ | 1 | π’ x6 |
| π AWS EC2 Instance IMDSv2 is not enabled π’ | 1 | π’ x6 |
| π AWS IAM Policy allows full administrative privileges π’ | 1 | π’ x6 |
| π AWS IAM User has inline or directly attached policies π’ | 1 | π x1, π’ x5 |
| π AWS IAM User with credentials unused for 45 days or more is not disabled π’ | 1 | π’ x6 |
| π AWS RDS Snapshot is publicly accessible π’ | 1 | π’ x6 |
| π AWS S3 Bucket is not configured to block public access π’ | 1 | π’ x6 |