💼 AC-6 LEAST PRIVILEGE

• Contextual name: 💼 AC-6 LEAST PRIVILEGE
• ID: /frameworks/nist-sp-800-53-r4/ac/06
• Located in: 💼 AC ACCESS CONTROL

Description

The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Similar

• Internal
  • ID: dec-c-60a60b03

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties		17	35
💼 NIST CSF v1.1 → 💼 PR.DS-5: Protections against data leaks are implemented		43	51

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 AC-6 (1) AUTHORIZE ACCESS TO SECURITY FUNCTIONS
💼 AC-6 (2) NON-PRIVILEGED ACCESS FOR NONSECURITY FUNCTIONS
💼 AC-6 (3) NETWORK ACCESS TO PRIVILEGED COMMANDS
💼 AC-6 (4) SEPARATE PROCESSING DOMAINS
💼 AC-6 (5) PRIVILEGED ACCOUNTS
💼 AC-6 (6) PRIVILEGED ACCESS BY NON-ORGANIZATIONAL USERS
💼 AC-6 (7) REVIEW OF USER PRIVILEGES
💼 AC-6 (8) PRIVILEGE LEVELS FOR CODE EXECUTION
💼 AC-6 (9) AUDITING USE OF PRIVILEGED FUNCTIONS
💼 AC-6 (10) PROHIBIT NON-PRIVILEGED USERS FROM EXECUTING PRIVILEGED FUNCTIONS		1	1

Policies (1)

Policy	Logic Count	Flags
📝 AWS IAM User has inline or directly attached policies 🟢	1	🟠 x1, 🟢 x5

Internal Rules

Rule	Policies	Flags
✉️ dec-x-4157c58a	1