Description
The information system enforces the most restrictive set of rights/privileges or accesses needed by users (or processes acting on behalf of users) for the performance of specified tasks.\n
Supplemental Guidance
The organization employs the concept of least privilege for specific duties and information systems (including specific ports, protocols, and services) in accordance with risk assessments as necessary to adequately mitigate risk to organizational operations, organizational assets, and individuals.\n
Enhancements
(0) None.\n
Compliance Mappings
ISO 27002:2022
5.155.188.128.3
CIS Controls v8
5.4
NIST CSF 2.0
PR.AA-05PR.DS-10
SOC 2 TSC
CC5.2-POF3CC6.1CC6.1-POF12CC6.1-POF13CC6.1-POF7
ISO 17799 (legacy)
11.2.2
COBIT 4.1 (legacy)
PO4.11