CCI-002227

Implementation Guidance

Determine if privileged accounts on the system are restricted to [AC-06(05)_ODP; personnel or roles to which privileged accounts on the system are to be restricted is/are defined].

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing least privilege; list of system-generated privileged accounts; list of system administration personnel; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for defining least privileges necessary to accomplish specified tasks; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms implementing least privilege functions].