• Requirement

    Authorize access for [Assignment: organization-defined individuals or roles] to:

    1. [Assignment: organization-defined security functions (deployed in hardware, software, and firmware)]; and
    2. [Assignment: organization-defined security-relevant information].
  • Discussion

    Security functions include establishing system accounts, configuring access authorizations (i.e., permissions, privileges), configuring settings for events to be audited, and establishing intrusion detection parameters. Security-relevant information includes filtering rules for routers or firewalls, configuration parameters for security services, cryptographic key management information, and access control lists. Authorized personnel include security administrators, system administrators, system security officers, system programmers, and other privileged users.

More Info

  • Title

    Least Privilege | Authorize Access to Security Functions
  • Family

    Access Control
  • NIST 800-53B Baseline(s)

    • Moderate
    • High
  • Related NIST 800-53 ID


NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!