![]() Security functions include establishing system accounts, setting events to be logged, setting intrusion detection parameters, and configuring access authorizations (i.e., permissions, privileges). Organizations also apply least privilege to the development, implementation, and operation of organizational systems. Organizations consider the creation of additional processes, roles, and system accounts as necessary, to achieve least privilege. The principle of least privilege is applied with the goal of authorized privileges no higher than necessary to accomplish required organizational missions or business functions. Organizations employ the principle of least privilege for specific duties and authorized accesses for users and processes. Let's talk about NIST 800-171 Control 3.1.5 - Employ the principle of least privilege, including for specific security functions and privileged accounts. ![]() In this edition of the On Call Compliance Solutions Compliance Tip of the Week, we discuss how the principle of least privilege is applied with the goal of authorized privileges no higher than necessary to accomplish required organizational missions or business functions. YouTube – NIST 800-171 Control 3.1.5 - Employ the principle of least privilege.NIST resource that defines the requirements for the principle of least privilege Microsoft security best practices for employment of the least privilege principle. Microsoft – Implementing Least-Privileged Administrative Models. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |