Security Requirements for 03.01.06 Least Privilege – Privileged Accounts

Privileged accounts refer to accounts that are granted elevated privileges to access resources (including security functions or security-relevant information) that are otherwise restricted for non-privileged accounts. These accounts are typically described as system administrator or super user accounts. For example, a privileged account is often required in order to perform privileged functions such as executing commands that could modify system behavior. Restricting privileged accounts to specific personnel or roles ensures that only those authorized users can access and manipulate security functions or security-relevant information. Requiring the use of non-privileged accounts when such access is not needed can limit unauthorized access to and manipulation of security functions or security-relevant information.

View CPRT 03.01.06

  1. 03.01.06.a

    Restrict privileged accounts on the system to [Assignment: organization-defined personnel or roles]..

  1. 03.01.06.b

    Require that users (or roles) with privileged accounts use non-privileged accounts when accessing non-security functions or non-security information.