NIST SP 800-171 & CMMC 2.0 Control 3.1.5 Requirement:

Employ the principle of least privilege, including for specific security functions and privileged accounts.

NIST SP 800-171 & CMMC 2.0 3.1.5 Requirement Explanation:

The principle of least privilege applies to all users and processes on all systems. Least privilege restricts user access to only the devices and information they need to perform their job role. It also restricts their account privileges to limit who can make changes to settings on systems.

Example NIST SP 800-171 & CMMC 2.0 3.1.5 Implementation:

Only provide system users the privileges necessary to complete their work. Create user security groups representing the different job roles in your company. Assign the least amount of privileges necessary to the group. Reserve administrative privileges to a limited number of employees. This generally includes IT staff.

NIST SP 800-171 & CMMC 2.0 3.1.5 Scenario(s):

- Scenario 1:

Alice, a system administrator has decided to revoke local admin rights from the majority of her company's employees. This is because they do not need admin rights to complete their assigned work. Their work generally includes responding to emails and creating word documents. Because admin rights were revoked they can no longer change important settings on their workstations. They can not install software without Alice's permission either.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.