💼 AC-6 LEAST PRIVILEGE

Contextual name: 💼 AC-6 LEAST PRIVILEGE
ID: /frameworks/nist-sp-800-53-r4/ac/06
Located in: 💼 AC ACCESS CONTROL

Description

The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Similar

Internal
- ID: dec-c-60a60b03

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties		17	52
💼 NIST CSF v1.1 → 💼 PR.DS-5: Protections against data leaks are implemented		47	66

Sub Sections

Section	Internal Rules	Policies
💼 AC-6 (1) AUTHORIZE ACCESS TO SECURITY FUNCTIONS
💼 AC-6 (2) NON-PRIVILEGED ACCESS FOR NONSECURITY FUNCTIONS
💼 AC-6 (3) NETWORK ACCESS TO PRIVILEGED COMMANDS
💼 AC-6 (4) SEPARATE PROCESSING DOMAINS
💼 AC-6 (5) PRIVILEGED ACCOUNTS
💼 AC-6 (6) PRIVILEGED ACCESS BY NON-ORGANIZATIONAL USERS
💼 AC-6 (7) REVIEW OF USER PRIVILEGES
💼 AC-6 (8) PRIVILEGE LEVELS FOR CODE EXECUTION
💼 AC-6 (9) AUDITING USE OF PRIVILEGED FUNCTIONS
💼 AC-6 (10) PROHIBIT NON-PRIVILEGED USERS FROM EXECUTING PRIVILEGED FUNCTIONS	1	1

Policies (3)

Policy	Logic Count	Flags
📝 AWS IAM User has inline or directly attached policies 🟢	1	🟠 x1, 🟢 x5
📝 Google GCE Instance is configured to use the Default Service Account with full access to all Cloud APIs 🟢	1	🟢 x6
📝 Google IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-4157c58a	1

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (3)​

Internal Rules​