Navigate

SA-17 (7)

SA-17 (7): Structure For Least Privilege

The organization requires the developer of the information system, system component, or information system service to structure security-relevant hardware, software, and firmware to facilitate controlling access with least privilege.

Supplemental

None

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Cross Domain (Access), Cross Domain (Multilevel), Cross Domain (Transfer)

Related Controls

The controls below (if any) were marked by NIST as being related to SA-17 (7).

Control	Description
AC-5	The organization: AC-5a.: Separates [Assignment: organization-defined duties of individuals]; AC-5b.: Documents separation of duties of individuals; and AC-5c.: Defines information system access authorizations to support separation of duties.
AC-6	The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Enhancements

The controls below (if any) add on to the requirements of SA-17 (7).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SA-17 (7).

CCI	Definition
CCI-003343	The organization requires the developer of the information system, component, or information system service to structure security-relevant hardware to facilitate controlling access with least privilege.
CCI-003344	The organization requires the developer of the information system, component, or information system service to structure security-relevant software to facilitate controlling access with least privilege.
CCI-003345	The organization requires the developer of the information system, component, or information system service to structure security-relevant firmware to facilitate controlling access with least privilege.