STIGViewer Trial workspace — loading your subscription…

NIST 800-171 v2

110 security requirements available

3.1.5Derived Requirement

Access Control

Security Requirement

Employ the principle of least privilege, including for specific security functions and privileged accounts.

Discussion

Organizations employ the principle of least privilege for specific duties and authorized accesses for users and processes. The principle of least privilege is applied with the goal of authorized privileges no higher than necessary to accomplish required organizational missions or business functions. Organizations consider the creation of additional processes, roles, and system accounts as necessary, to achieve least privilege. Organizations also apply least privilege to the development, implementation, and operation of organizational systems. Security functions include establishing system accounts, setting events to be logged, setting intrusion detection parameters, and configuring access authorizations (i.e., permissions, privileges). Privileged accounts, including super user accounts, are typically described as system administrator for various types of commercial off-the-shelf operating systems. Restricting privileged accounts to specific personnel or roles prevents day-to-day users from having access to privileged information or functions. Organizations may differentiate in the application of this requirement between allowed privileges for local accounts and for domain accounts provided organizations retain the ability to control system configurations for key security parameters and as otherwise necessary to sufficiently mitigate risk.

Framework
NIST SP 800-171 Rev 2
Family
Access Control
Requirement Type
derived

Related Frameworks

12 paths across 2 frameworks
NIST 800-533 mappings
AC-6
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI9 mappings
CCI-000225
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-001558
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002221
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002222
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002223
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002226
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002227
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003685
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003686
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent

Related STIGs

125 STIGs reach this control through 25 CCIs via 800-53 control AC-6. Expand a row to see the responsible NICE and O*NET roles.

Operating System — Desktop

5 STIGs

Operating System — Server

24 STIGs
Oracle Linux 9 Security Technical Implementation Guide
V1R52026-02-178 of 448 findings match
Show 16 more STIGs in this category →
Solaris 11 X86 Security Technical Implementation Guide
V3R52026-02-195 of 216 findings match
Oracle Linux 8 Security Technical Implementation Guide
V2R82026-02-132 of 375 findings match
Anduril NixOS Security Technical Implementation Guide
V1R22025-08-191 of 103 findings match
IBM AIX 7.x Security Technical Implementation Guide
V3R22026-02-061 of 283 findings match

Operating System — Mainframe

10 STIGs
IBM z/OS TSS Security Technical Implementation Guide
V9R82026-03-0913 of 230 findings match
IBM z/OS RACF Security Technical Implementation Guide
V9R82026-03-096 of 222 findings match
IBM z/OS ACF2 Security Technical Implementation Guide
V9R82026-03-095 of 225 findings match
CA IDMS Security Technical Implementation Guide
V2R12024-09-134 of 74 findings match
Mainframe Product Security Requirements Guide
V3R42025-09-103 of 194 findings match
Show 2 more STIGs in this category →

Operating System — Mobile

24 STIGs
Show 16 more STIGs in this category →

Network Device

16 STIGs
Network Device Management Security Requirements Guide
V5R42025-09-102 of 105 findings match
Network Device Management Security Requirements Guide
V5R32025-02-112 of 104 findings match
Cisco ASA NDM Security Technical Implementation Guide
V2R42025-12-081 of 47 findings match
Cisco ISE NDM Security Technical Implementation Guide
V2R32025-12-111 of 53 findings match
Domain Name System (DNS) Security Requirements Guide
V4R22025-12-191 of 119 findings match
Show 8 more STIGs in this category →

Database

17 STIGs
Database Security Requirements Guide
V4R52026-02-262 of 142 findings match
Show 9 more STIGs in this category →

Web / Application Server

14 STIGs
Application Server Security Requirements Guide
V4R42025-09-102 of 137 findings match
Show 6 more STIGs in this category →
Web Server Security Requirements Guide
V4R42025-09-101 of 126 findings match

Virtualization / Container

7 STIGs

Cloud / Identity Service

1 STIG

Endpoint Security Management

4 STIGs

Productivity Application

1 STIG

Uncategorized

2 STIGs