Term:Least Privilege

From FISMApedia
Jump to: navigation, search

CNSSI 4009

Least Privilege - Principle requiring that each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. Application of this principle limits the damage that can result from accident, error, or unauthorized use of an IS.

DoDI 8551.01

Least Privilege - The principle requiring that each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. Application of this principle limits the damage that can result from accident, error or unauthorized use of an information system ( reference (e)). E2.1.10.

GAO-09-232G

Least Privilege - Principle requiring that each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. Application of this principle limits the damage that can result from accident, error, or unauthorized use of an IS.

NIST IR 7298

Least Privilege - The security objective of granting users only those accesses they need to perform their official duties. SOURCE: SP 800-12

NIST SP 800-123

Least Privilege - Offering only the required functionality to each authorized user, so that no one can use functions that are not necessary.

NIST SP 800-57P2

Least Privilege - A security principle that restricts the access privileges of authorized personnel (e.g., program execution privileges, file modification privileges) to the minimum necessary to perform their jobs.