AC-6(6): Privileged Access by Non-organizational Users

Control Family:

Access Control

Parent Control:

AC-6: Least Privilege

CSF v1.1 References:

PR.AC-4
PR.DS-5

Threats Addressed:

Elevation of Privilege

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
AC-6(6): Privileged Access By Non-Organizational Users

Control Statement

Prohibit privileged access to the system by non-organizational users.

Supplemental Guidance

An organizational user is an employee or an individual considered by the organization to have the equivalent status of an employee. Organizational users include contractors, guest researchers, or individuals detailed from other organizations. A non-organizational user is a user who is not an organizational user. Policies and procedures for granting equivalent status of employees to individuals include a need-to-know, citizenship, and the relationship to the organization.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5