Least Privilege

Last updated: December 1, 2024

Least Privilege is a security principle requiring that users, processes, and systems receive only the minimum permissions necessary to perform their functions.

CISSP Relevance

Least Privilege is emphasized in Domain 5 (Identity and Access Management) and Domain 7 (Security Operations).

NIST documents this principle in their cybersecurity glossary.

Related terms: Access Control, Separation of Duties