Least Privilege | AC-6

Description

• Accounts must be created with a baseline appropriate for the category of (For example, MCC Users receive a minimum level of access to information resources approved for all employees).
• Information Resource Custodians are responsible for ensuring that access is given to the minimum degree necessary for users to accomplish assigned tasks.
• Administrator and special access accounts are only authorized to perform limited privileged access tasks, such as system maintenance and administration.
• Information Resource Owners or their designees are responsible for ensuring that users with administrative accounts are aware of the extraordinary responsibilities associated with the use of privileged accounts.
• Privileges should be escalated only when necessary to accomplish assigned tasks.

Last updated: 3/11/2024