AC-6.1: Authorize Access to Security Functions

access is authorized for individuals and roles to security-relevant information .

Access control policy

procedures addressing least privilege

list of security functions (deployed in hardware, software, and firmware) and security-relevant information for which access must be explicitly authorized

system configuration settings and associated documentation

system audit records

system security plan

other relevant documents or records

Organizational personnel with responsibilities for defining least privileges necessary to accomplish specified tasks

organizational personnel with information security responsibilities

system/network administrators

Mechanisms implementing least privilege functions