AC-6(8): Privilege Levels For Code Execution

Control Family:

Access Control

Parent Control:

AC-6: Least Privilege

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.AC-4
PR.DS-5

Threats Addressed:

Elevation of Privilege

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
AC-6(8): Privilege Levels for Code Execution

Control Statement

The information system prevents [Assignment: organization-defined software] from executing at higher privilege levels than users executing the software.

Supplemental Guidance

In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations.