REQ.269 Use principle of least privilege
Privileges for new objects must be set according to the principle of least privilege (umask).
OWASP-ASVS v3.1-4.1 Verify that the principle of least privilege exists. Users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege.
NIST 800-53 AC-6 The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.