Profile Applicability:
Level 1
Description:
Access permissions granted to installed applications must be restricted to the minimum necessary for their intended function. This includes limiting file system access, network permissions, user data, and system resources to reduce the risk of exploitation or unauthorized actions.
Rationale:
Applying the principle of least privilege minimizes the attack surface by preventing applications from gaining excessive permissions that could be abused by attackers or cause unintentional damage. It supports security best practices and helps meet compliance requirements.
Impact:
Pros:
Reduces risk of privilege escalation and lateral movement.
Limits potential damage from compromised applications.
Enhances overall system security and stability.
Supports regulatory compliance.
Cons:
May require detailed access analysis and configuration effort.
Overly restrictive permissions might impact application functionality if not carefully managed.
Default value:
By default, some applications may request or be granted broad access beyond what is necessary.
Audit:
Review application permissions and access controls periodically. Verify that permissions align with documented requirements and least privilege principles.
Remediation:
Establish policies to enforce least privilege access for applications. Use endpoint protection tools and permission management systems to restrict access. Train IT and security teams on permission auditing and management.
References:
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
https://owasp.org/www-community/Principle_of_Least_Privilege