ECLP-1

ECLP-1 Least Privilege

Overview

Access procedures enforce the principles of separation of duties and "least privilege." Access to privileged accounts is limited to privileged users. Use of privileged accounts is limited to privileged functions; that is, privileged users use non-privileged accounts for all non-privileged functions. This control is in addition to an appropriate security clearance and need-to-know authorization.

MAC / CONF	Impact	Subject Area
CLASSIFIED SENSITIVE PUBLIC	High	Enclave Computing Environment

Details

Threat
Unauthorized users could gain access to critical classified and/or sensitive data through the improperly granted privileges. This could result in unauthorized disclosure, modification, and destruction of classified and sensitive information. This implementation guide is aimed to help system administrators implement proper access privileges based on user job functions and need to know and maintain privileged accounts securely.

Threat

Unauthorized users could gain access to critical classified and/or sensitive data through the improperly granted privileges. This could result in unauthorized disclosure, modification, and destruction of classified and sensitive information. This implementation guide is aimed to help system administrators implement proper access privileges based on user job functions and need to know and maintain privileged accounts securely.

Guidance
1. The Information Assurance Manager (IAM) shall determine the number of roles/groups that are associated with specific functions required for the system. 2. The IAM shall determine the names of the specific roles/groups (e.g., Engineering, IA, Configuration Management) and assign users to specific groups based on user’s job functions. 3. The system administrator shall grant least privileges to individual users within the group (e.g., read, write, execute) only based on user job functions and need to know and upon the completion of background investigation. 4. The system administrator shall grant access to privileged accounts (e.g., root, administrator) only to a limited number of privileged users (e.g., system administrator, database administrator, application administrator). 5. The system administrator shall assign individual unique user accounts (e.g., johndoe1) to users with privileged functions, which must be used only to perform non-privileged functions. 6. The system administrator shall review audit trails regularly to ensure that privileged users use the non-privileged accounts to perform non-privileged functions. 7. The system administrator shall create non-privileged accounts for privileged users to perform non-privileged functions.

Guidance

1. The Information Assurance Manager (IAM) shall determine the number of roles/groups that are associated with specific functions required for the system.
2. The IAM shall determine the names of the specific roles/groups (e.g., Engineering, IA, Configuration Management) and assign users to specific groups based on user’s job functions.
3. The system administrator shall grant least privileges to individual users within the group (e.g., read, write, execute) only based on user job functions and need to know and upon the completion of background investigation.
4. The system administrator shall grant access to privileged accounts (e.g., root, administrator) only to a limited number of privileged users (e.g., system administrator, database administrator, application administrator).
5. The system administrator shall assign individual unique user accounts (e.g., johndoe1) to users with privileged functions, which must be used only to perform non-privileged functions.
6. The system administrator shall review audit trails regularly to ensure that privileged users use the non-privileged accounts to perform non-privileged functions.
7. The system administrator shall create non-privileged accounts for privileged users to perform non-privileged functions.

References

CJCSI - Information Assurance (IA) and Computer Network Defense (CND)
CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 10 August 2004
DISA Windows NT Security Checklist, 10 December 2004
DISA Unix STIG, Version 4, Release 4, 15 September 2003
DISA Application Security Checklist, Version 2, Release 1.5. 28 January 2005
NSA Guide to Securing Windows XP, Chapters 2 and 4, 22 October 2004
NSA Microsoft SQL Server Guides, 02 October 2003
NSA Oracle Database Server Guides, 02 October 2003
NSA Guide to Securing Windows 2000 – Policy Toolsets, 05 March 2003
NSA Guide to Securing Netscape 7.02, 24 June 2003