AC-6: Least Privilege

NIST Baseline:  Moderate 

DIR Required By:  07/20/2023   

Review Date:  04/17/2024 

1. Accounts are created with a baseline appropriate for the category of account (Domain users receive a minimum level of access to information resources approved for all employees). All subsequent access granted is based on the minimum degree necessary for the account to complete necessary tasks and job duties; as determined by the information resource custodian. Privileges should be escalated only when necessary to accomplish assigned tasks.  

2. Confidential information shall be accessible only to authorized users. 

3. Third parties or other state organizations are, at a minimum, required to follow the same conditions and policies of least privilege and confidentiality if Tarleton State University provides access to information resources. 

---

References/Additional Resources

None.  See any applicable internal procedures.