AC-6(8): Privilege Levels For Code Execution

Control Family:

Access Control

Parent Control:

AC-6: Least Privilege

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The information system prevents [Assignment: organization-defined software] from executing at higher privilege levels than users executing the software.

Supplemental Guidance

In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations.