What is least privilege?
Least privilege is the security principle that users and processes should be granted only the minimum access needed to do their assigned tasks — nothing more.
What it means
NIST describes least privilege as restricting access rights to the minimum necessary to accomplish a task. Limiting permissions reduces how much damage a mistake or a compromised account can cause. It is a core idea behind identity and access management, zero trust, and audit findings about over-permissioned accounts.
Sources
- National Institute of Standards and Technology — NIST CSRC Glossary: https://csrc.nist.gov/glossary
Citation Ledger
| ID | Supports | Evidence | Source |
|---|---|---|---|
| CIT-01 | Definition source for What is least privilege? | Official source page | National Institute of Standards and Technology — NIST CSRC Glossary |