AC-6(8): Privilege Levels for Code Execution

Control Family:

Access Control

Parent Control:

AC-6: Least Privilege

CSF v1.1 References:

PR.AC-4
PR.DS-5

Threats Addressed:

Elevation of Privilege

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
AC-6(8): Privilege Levels For Code Execution

Control Statement

Prevent the following software from executing at higher privilege levels than users executing the software: [Assignment: organization-defined software].

Supplemental Guidance

In certain situations, software applications or programs need to execute with elevated privileges to perform required functions. However, depending on the software functionality and configuration, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications or programs, those users may indirectly be provided with greater privileges than assigned.