Access procedures enforce the principles of separation of duties and "least privilege." Access to privileged accounts is limited to privileged users. Use of privileged accounts is limited to privileged functions; that is, privileged users use non-privileged accounts for all non-privileged functions. This control is in addition to an appropriate security clearance and need-to-know authorization.
|MAC / CONF||Impact||Subject Area|
|High||Enclave Computing Environment|
|Unauthorized users could gain access to critical classified and/or sensitive data through the improperly granted privileges. This could result in unauthorized disclosure, modification, and destruction of classified and sensitive information. This implementation guide is aimed to help system administrators implement proper access privileges based on user job functions and need to know and maintain privileged accounts securely.|
| 1. The Information Assurance Manager (IAM) shall determine the number of roles/groups that are associated with specific functions required for the system. |
2. The IAM shall determine the names of the specific roles/groups (e.g., Engineering, IA, Configuration Management) and assign users to specific groups based on user’s job functions.
3. The system administrator shall grant least privileges to individual users within the group (e.g., read, write, execute) only based on user job functions and need to know and upon the completion of background investigation.
4. The system administrator shall grant access to privileged accounts (e.g., root, administrator) only to a limited number of privileged users (e.g., system administrator, database administrator, application administrator).
5. The system administrator shall assign individual unique user accounts (e.g., johndoe1) to users with privileged functions, which must be used only to perform non-privileged functions.
6. The system administrator shall review audit trails regularly to ensure that privileged users use the non-privileged accounts to perform non-privileged functions.
7. The system administrator shall create non-privileged accounts for privileged users to perform non-privileged functions.