AC-6(5)

  • Requirement

    Restrict privileged accounts on the system to [Assignment: organization-defined personnel or roles].

  • Discussion

    Privileged accounts, including super user accounts, are typically described as system administrator for various types of commercial off-the-shelf operating systems. Restricting privileged accounts to specific personnel or roles prevents day-to-day users from accessing privileged information or privileged functions. Organizations may differentiate in the application of restricting privileged accounts between allowed privileges for local accounts and for domain accounts provided that they retain the ability to control system configurations for key parameters and as otherwise necessary to sufficiently mitigate risk.

More Info

  • Title

    Least Privilege | Privileged Accounts
  • Family

    Access Control
  • NIST 800-53B Baseline(s)

    • Moderate
    • High
  • Related NIST 800-53 ID

    IA-2;MA-3;MA-4

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!