>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC-6(4)Least Privilege

Technical

>Control Description

LEAST PRIVILEGE | SEPARATE PROCESSING DOMAINS The information system provides separate processing domains to enable finer-grained allocation of user privileges.

>Supplemental Guidance

Providing separate processing domains for finer-grained allocation of user privileges includes, for example: (i) using virtualization techniques to allow additional privileges within a virtual machine while restricting privileges to other virtual machines or to the underlying actual machine; (ii) employing hardware and/or software domain separation mechanisms; and (iii) implementing separate physical domains. Related controls: AC-4, SC-3, SC-30, SC-32.

>Tailoring Guidance

This security control/enhancement specifies a very specialized and/or advanced capability that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis.

Ask AI

Configure your API key to use AI features.