Adopt the Principle of Least Privilege (PoLP)

This standard mandates the adoption of the Principle of Least Privilege (PoLP) to grant only the minimum access required for each role.

1. Adopt the Principle of Least Privilege (PoLP):

Grant only the minimum access required for each role. This approach ensures that users only have the necessary permissions to perform their tasks, reducing the attack surface.

• 1.1 Just-In-Time (JIT) Access Provisioning:
  • 1.1.1 Sensitive Operation Access:
    • Implement just-in-time (JIT) access provisioning for sensitive operations.
    • Automate the provisioning of JIT access.
  • 1.1.2 Provisioning Management:
    • Automate the tracking of JIT access requests.
    • Implement provisioning tutorials.
• 1.2 Time-Limited Administrative Privileges:
  • 1.2.1 Privilege Restriction:
    • Restrict administrative privileges to specific time-limited access windows.
    • Automate the configuration of time-limited privileges.
  • 1.2.2 Privilege Management:
    • Automate the tracking of time-limited privilege usage.
    • Implement privilege feedback collection.
• 1.3 Access Log Auditing:
  • 1.3.1 Permission Change Auditing:
    • Continuously audit access logs and permission changes.
    • Automate the auditing of access logs.
  • 1.3.2 Auditing Management:
    • Automate the tracking of audit results.
    • Implement auditing tutorials.

By adopting PoLP, organisations can ensure minimal access rights and reduce the risk of unauthorised actions.

---