Young hacker smiling

We hack your software

zero false positives

Expert intelligence + effective automation

REQ.186 Use minimum level of privileges

This document contains the details of the security requirements related to the definition and management of data access in the organization. This requirement establishes the importance of setting the minimum level of privileges to access other systems or database.

Requirement

System must use the minimum level of privileges when accessing other systems or database.

References

  1. OWASP-ASVS v3.1-4.1 Verify that the principle of least privilege exists. Users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege.

  2. NIST 800-53 AC-6 The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.


Service status - Terms of Use