AC-6 (8)
AC-6 (8): Privilege Levels For Code Execution
The information system prevents [Assignment: organization-defined software] from executing at higher privilege levels than users executing the software.
Supplemental
In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations.
CIA Levels | |
---|---|
Confidentiality | low |
Integrity | low |
Availability | unknown |
Overlays |
---|
None |