Skip to main content

💼 AC-6(2) Least Privilege | Non-privileged Access for Nonsecurity Functions

  • Contextual name: 💼 AC-6(2) Least Privilege | Non-privileged Access for Nonsecurity Functions
  • ID: /frameworks/nist-sp-800-53-r5/ac/06/02
  • Located in: 💼 AC-6 Least Privilege

Description

Require that users of system accounts (or roles) with access to [Assignment: organization-defined security functions or security-relevant information] use non-privileged accounts or roles, when accessing nonsecurity functions.

Similar

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/efs/04
    • /frameworks/aws-fsbp-v1.0.0/iam/01
    • /frameworks/aws-fsbp-v1.0.0/iam/04
    • /frameworks/aws-fsbp-v1.0.0/iam/21
    • /frameworks/aws-fsbp-v1.0.0/sagemaker/03
  • Internal
    • ID: dec-c-738dc0bf

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EFS.4] EFS access points should enforce a user identity
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.1] IAM policies should not allow full "*" administrative privileges11
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.4] IAM root user access key should not exist11
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.21] IAM customer managed policies that you create should not allow wildcard actions for services
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SageMaker.3] Users should not have root access to SageMaker AI notebook instances

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 FedRAMP High Security Controls → 💼 AC-6(2) Non-privileged Access for Nonsecurity Functions (M)(H)14

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (4)

PolicyLogic CountFlags
📝 AWS Account Root User credentials were used is the last 30 days 🟢1🟢 x6
📝 AWS Account Root User has active access keys 🟢1🟢 x6
📝 AWS IAM Policy allows full administrative privileges 🟢1🟢 x6
📝 AWS IAM User with console and programmatic access set during the initial creation 🟢🟢 x3

Internal Rules

RulePoliciesFlags
✉️ dec-x-0a7801fb1
✉️ dec-x-157aa4b91
✉️ dec-x-b10e98af1
✉️ dec-x-e58fd8e01