AC-6(9): Log Use of Privileged Functions

Control Family:

Access Control

Parent Control:

AC-6: Least Privilege

CSF v1.1 References:


  • Moderate
  • High

Previous Version:

Control Statement

Log the execution of privileged functions.

Supplemental Guidance

The misuse of privileged functions, either intentionally or unintentionally by authorized users or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Logging and analyzing the use of privileged functions is one way to detect such misuse and, in doing so, help mitigate the risk from insider threats and the advanced persistent threat.