N
|
controlAC-6

Least Privilege (AC-6)

Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks.

Security Baselines

MODERATEHIGHLOW
access-controlauthorizationleast-privilege

Why These Connect

Baselined In2

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports53

These related controls work together — a change to one may affect the others.

Mitigates23

This control helps defend against or reduce the risk of the linked threat technique.

Enhances10

These enhancements add specific capabilities or refinements to the base control.

Related Controls(31)

AC-2Account Management (AC-2)
LMH
AC-3Access Enforcement (AC-3)
LMH
AC-4Information Flow Enforcement (AC-4)
MH
AC-5Separation of Duties (AC-5)
MH
AC-16Security and Privacy Attributes (AC-16)CM-5Access Restrictions for Change (CM-5)
LMH
CM-11User-installed Software (CM-11)
LMH
PL-2System Security and Privacy Plans (PL-2)
LMH
PM-12Insider Threat Program (PM-12)SA-8Security and Privacy Engineering Principles (SA-8)
LMH
SA-15Development Process, Standards, and Tools (SA-15)
MH
SA-17Developer Security and Privacy Architecture and Design (SA-17)
H
SC-38Operations Security (SC-38)AU-2Event Logging (AU-2)
LMH
AU-6Audit Record Review, Analysis, and Reporting (AU-6)
LMH
AU-9Protection of Audit Information (AU-9)
LMH
AU-12Audit Record Generation (AU-12)
LMH
CA-7Continuous Monitoring (CA-7)
LMH
CM-12Information Location (CM-12)
MH
IA-5Authenticator Management (IA-5)
LMH
IA-8Identification and Authentication (Non-organizational Users) (IA-8)
LMH
MA-4Nonlocal Maintenance (MA-4)
LMH
MA-5Maintenance Personnel (MA-5)
LMH
PL-4Rules of Behavior (PL-4)
LMH
PM-31Continuous Monitoring Strategy (PM-31)SC-2Separation of System and User Functionality (SC-2)
MH
SC-3Security Function Isolation (SC-3)
H
SC-28Protection of Information at Rest (SC-28)
MH
SC-30Concealment and Misdirection (SC-30)SC-32System Partitioning (SC-32)SC-39Process Isolation (SC-39)
LMH

Threat Coverage(23 ATT&CK techniques)

T1190Exploit Public-Facing ApplicationT1133External Remote ServicesT1078Valid AccountsT1199Trusted RelationshipT1059Command and Scripting InterpreterT1203Exploitation for Client ExecutionT1047Windows Management InstrumentationT1547Boot or Logon Autostart ExecutionT1136Create AccountT1053Scheduled Task/JobT1068Exploitation for Privilege EscalationT1548Abuse Elevation Control MechanismT1562Impair DefensesT1070Indicator RemovalT1003OS Credential DumpingT1528Steal Application Access TokenT1558Steal or Forge Kerberos TicketsT1087Account DiscoveryT1021Remote ServicesT1005Data from Local SystemT1114Email CollectionT1486Data Encrypted for ImpactT1485Data Destruction

Control Enhancements(10)

AC-6(1)Authorize Access to Security Functions (AC-6(1))
MH
AC-6(2)Non-privileged Access for Nonsecurity Functions (AC-6(2))
MH
AC-6(3)Network Access to Privileged Commands (AC-6(3))
H
AC-6(4)Separate Processing Domains (AC-6(4))
AC-6(5)Privileged Accounts (AC-6(5))
MH
AC-6(6)Privileged Access by Non-organizational Users (AC-6(6))
AC-6(7)Review of User Privileges (AC-6(7))
MH
AC-6(8)Privilege Levels for Code Execution (AC-6(8))
AC-6(9)Log Use of Privileged Functions (AC-6(9))
MH
AC-6(10)Prohibit Non-privileged Users from Executing Privileged Functions (AC-6(10))
MH

See Also

@SP 800-53 OverviewCompare Baselines