AC-6(3): Network Access to Privileged Commands

Control Family:

Access Control

Parent Control:

AC-6: Least Privilege

CSF v1.1 References:

Threats Addressed:


  • High

Previous Version:

Control Statement

Authorize network access to [Assignment: organization-defined privileged commands] only for [Assignment: organization-defined compelling operational needs] and document the rationale for such access in the security plan for the system.

Supplemental Guidance

Network access is any access across a network connection in lieu of local access (i.e., user being physically present at the device).