AC-6(3): Network Access To Privileged Commands

Control Family:

Access Control

Parent Control:

AC-6: Least Privilege

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.AC-4
PR.DS-5

Threats Addressed:

Elevation of Privilege

Baselines:

High

Next Version:

NIST Special Publication 800-53 Revision 5:
AC-6(3): Network Access to Privileged Commands

Control Statement

The organization authorizes network access to [Assignment: organization-defined privileged commands] only for [Assignment: organization-defined compelling operational needs] and documents the rationale for such access in the security plan for the information system.

Supplemental Guidance

Network access is any access across a network connection in lieu of local access (i.e., user being physically present at the device).