August 05, 2019

NIST 800-171 3.1.5

Gregory Morawietz

Gregory Morawietz
Founder/Single Point of Contact

Share This Post

Employ the principle of least privilege, including for specific security functions and privileged accounts.

What is the principle of least privilege?  It is when you give a person's account the bare minimum of permissions and capabilities they need to do their job.  You basically lock their account down to the point that they can't access anything that they shouldn't.    You must have some kind of file infrastructure, login capabilities, and physical network infrastructure in order to do this.  You might keep all users in a separate network or VLAN, or virtual network.    You will need to ensure that in a Microsoft domain, that their user's accounts are in the appropriate security groups and that their privileges on their machines are restricted.   Users should not be able to install applications, insert USB drives, etc.   You want to also lock down anyone's ability to use their mobile devices, personal computers, and home computers on your network or to connect to any of the CUI hosting machines.   You also want to lock down VPN access and ensure that all activity on all of these devices are monitored and tracked.   You want to keep track of all accounts and what privileges they have and have onboarding and offboarding criteria and checklists for all.  

Share This Post