Skip to main content

💼 AC-6 LEAST PRIVILEGE

  • ID: /frameworks/nist-sp-800-53-r4/ac/06

Description

The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Similar

  • Internal
    • ID: dec-c-60a60b03

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties1756no data
💼 NIST CSF v1.1 → 💼 PR.DS-5: Protections against data leaks are implemented4791no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 AC-6 (1) AUTHORIZE ACCESS TO SECURITY FUNCTIONSno data
💼 AC-6 (2) NON-PRIVILEGED ACCESS FOR NONSECURITY FUNCTIONSno data
💼 AC-6 (3) NETWORK ACCESS TO PRIVILEGED COMMANDSno data
💼 AC-6 (4) SEPARATE PROCESSING DOMAINSno data
💼 AC-6 (5) PRIVILEGED ACCOUNTSno data
💼 AC-6 (6) PRIVILEGED ACCESS BY NON-ORGANIZATIONAL USERSno data
💼 AC-6 (7) REVIEW OF USER PRIVILEGESno data
💼 AC-6 (8) PRIVILEGE LEVELS FOR CODE EXECUTIONno data
💼 AC-6 (9) AUDITING USE OF PRIVILEGED FUNCTIONSno data
💼 AC-6 (10) PROHIBIT NON-PRIVILEGED USERS FROM EXECUTING PRIVILEGED FUNCTIONS11no data

Policies (6)

PolicyLogic CountFlagsCompliance
🛡️ AWS IAM User has inline or directly attached policies🟢1🟠 x1, 🟢 x5no data
🛡️ Google GCE Instance is configured to use the Default Service Account with full access to all Cloud APIs🟢1🟢 x6no data
🛡️ Google GKE Cluster Node Pool uses default Service account🟢1🟢 x6no data
🛡️ Google IAM Policy Binding Member (User) is assigned a basic role🟢1🟢 x6no data
🛡️ Google IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level🟢1🟢 x6no data
🛡️ Google Project with KMS keys has a principal with Owner role🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-4157c58a1