Navigate

CCI-000039

CCI-000039 Definition

Require that users of system accounts, or roles, with access to organization-defined security functions or security-relevant information, use non-privileged accounts or roles, when accessing nonsecurity functions.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if users of system accounts (or roles) with access to [AC-06(02)_ODP; security functions or security-relevant information, the access to which requires users to use non-privileged accounts to access non-security functions, are defined] are required to use non-privileged accounts or roles when accessing non-security functions.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing least privilege; list of system-generated security functions or security-relevant information assigned to system accounts or roles; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for defining least privileges necessary to accomplish specified tasks; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms implementing least privilege functions].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000039.

Control	Description
AC-6(2)	Require that users of system accounts (or roles) with access to [security functions or security-relevant information, the access to which requires users to use non-privileged accounts to access non-security functions, are defined;] use non-privileged accounts or roles, when accessing nonsecurity functions.