FedRAMP Controls / AC
AC-6(2) Non-privileged Access for Nonsecurity Functions
Family AC
Baselines moderate
Mapped KSIs 1
Control statement
Require that users of system accounts (or roles) with access to {{ insert: param, ac-06.02_odp }} use non-privileged accounts or roles, when accessing nonsecurity functions.
Guidance: Examples of security functions include but are not limited to: establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters, system programming, system and security administration, other privileged functions. Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is
preserved in the catalog database.
Covered by these Key Security Indicators
| KSI | Title | Category |
|---|---|---|
| KSI-IAM-04 | Just-in-Time Authorization Use a least-privileged, role and attribute-based, and just-in-time security authorization model for all user and non-user accounts and services. | Identity and Access Management |