NIST 800-53 AC-6

Least Privilege

Return to master list of NIST 800-53 controls.

Automated Inspection items for NIST SP 800-53 AC-6 assessment.

Automated Inspection items are efficient enough that they can usually be part of a CA-7 Continuous Monitoring program on a daily (or in some cases hourly) basis, simultaneously meeting the requirements of RA-5 Vulnerability Scanning. While NIST 800-53 allows Continuous Monitoring results to be used for CA-2 Security Assessments and CA-4 Security Certification, a separate run using the same automated Inspection items in combination with more laborious items for CA-2 and CA-4 adds no significant burden.

Depending on FIPS 199 impact level and whether the Industrial Control Systems (ICS/SCADA) subset of 800-53 is chosen,  LJK/Security™ starter templates provide automated Inspection items as follows:

NIST SP 800-53 R2 AC-6
Description  Automated Tests
DECnotes files are properly protected.
(DISK,NOTESPROT,ABSOLUTHI)
(DISK,NOTESPROT,PERCENTHI)
Directory files are properly protected.
(DISK,DIRPROT,ABSOLUTHI)
(DISK,DIRPROT,PERCENTHI)
Each Username shall have a privilege level (Category) no greater than Normal.
(UAF,PRIVLEVEL,ABSOLUTHI)
(UAF,PRIVLEVEL,ABSOLUTLO)
General files are properly protected.
(DISK,FILEPROT,ABSOLUTHI)
(DISK,FILEPROT,PERCENTHI)
Help and Library files are properly protected.
(DISK,HELPPROT,ABSOLUTHI)
(DISK,HELPPROT,PERCENTHI)
Inactive devices are owned by [SYSTEM].
(DEVICE,OWNER,WRONG)
Inactive disks are owned by [SYSTEM].
(DISK,OWNER,WRONG)
Inactive terminals are owned by [SYSTEM].
(TERM,OWNER,WRONG)
No Username authorized interactive or network access shall have implicit (UIC-based) privilege.
(UAF,PRIVILEGE,NOIMPLICIT)
No Username shall be authorized Interactive or Non-Interactive access that is not used.
(UAF,LASTLOGIN,INTERACT)
(UAF,LASTLOGIN,OTHER)
No Username shall have indirect access to privilege via GRPNAM privilege.
(UAF,GRPNAM,ABSOLUTHI)
No Username shall have indirect access to privilege via GRPPRV privilege.
(UAF,GRPPRV,ABSOLUTHI)
No Username shall share a UIC with a username having greater privilege.
(UAF,UICPRIV,ABSOLUTHI)
(UAF,UICPRIV,PRIVPROHIB)
No device shall allow access to more than 10 percent of the usernames.
(DEVICE,PROTECTION,PERCENTHI)
No terminal shall allow access to more than 10 percent of the usernames.
(TERM,PROTECTION,PERCENTHI)
Oracle DBMS files are properly protected.
(DISK,DBMSPROT,ABSOLUTHI)
(DISK,DBMSPROT,PERCENTHI)
Oracle Rdb VMS files are properly protected.
(DISK,RDBVMSPROT,ABSOLUTHI)
(DISK,RDBVMSPROT,PERCENTHI)
Privileges associated with a Default DECnet account are Normal.
(DECNET,DEFINCPRIV,ABSOLUTHI)
(DECNET,DEFINCPRIV,ABSOLUTLO)
(DECNET,DEFINCPRIV,AUTHPROHIB)
Queues are properly protected.
(QUEUE,OWNER,WRONG)
(QUEUE,PROTECTION,PERCENTHI)
SYS$COMMON: executable files are properly protected.
(DISK,SYSEXEPROT,ABSOLUTHI)
(DISK,SYSEXEPROT,PERCENTHI)
System parameter FILEPROT does not allow world access or group Write or Delete access.
(VMS,FILEPROT,ABSOLUTHI)
System parameter MAXSYSGROUP is set to the value 8.
(VMS,MAXSYSGRP,ABSOLUTHI)
Usernames authorized interactive access are not granted privileges they never use.
(USAGE,PRIVILEGE,NEVERUSED)
Usernames authorized interactive or network access do not make use of implicit privilege.
(USAGE,PRIVILEGE,NOIMPLICIT)
VMSmail files are properly protected.
(DISK,MAILPROT,ABSOLUTHI)
(DISK,MAILPROT,PERCENTHI)

Manual Inspection items for NIST SP 800-53 AC-6 assessment.

Manual Inspection items are useful mainly for CA-2 Security Assessments and CA-4 Security Certification. For most environments they are too laborious to include in CA-7 Continuous Monitoring.

Depending on FIPS 199 impact level and whether the Industrial Control Systems (ICS/SCADA) subset of 800-53 is chosen,  LJK/Security™ starter templates provide Manual Inspection items in the following groups:

Determination Statement Number Group Names
NIST SP 800-53 R2 AC-6
ACCOUNTS
POLICY

Descriptions above apply to  LJK/Security™ Version 3.0.

The notation NIST SP 800-53 above refers in particular to NIST Special Publication 800-53 Revision 2.

Those NIST Special Publications specify security standards in support of FISMA for US Federal Government civil activities.

Return to master list of NIST 800-53 controls.

Valid HTML 4.01! Viewable with Any Browser