STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← AC-6 (5) — Least Privilege

CCI-002227

Definition

Restrict privileged accounts on the system to organization-defined personnel or roles.

Parent Control

AC-6 (5)Least PrivilegeAccess Control

Linked STIG Checks (20)

V-224377CAT IIThe BlackBerry UEM server must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, or auditor.BlackBerry UEM Security Technical Implementation GuideV-24342CAT IISign-on to the ESCD Application Console must be restricted to only authorized personnel.IBM Hardware Management Console (HMC) STIGV-24344CAT IIThe Distributed Console Access Facility (DCAF) Console must be restricted to only authorized personnel.IBM Hardware Management Console (HMC) STIGV-24349CAT IIAccess to the Hardware Management Console must be restricted to only authorized personnel. IBM Hardware Management Console (HMC) STIGV-24350CAT IIAutomatic Call Answering to the Hardware Management Console must be disabled.IBM Hardware Management Console (HMC) STIGV-256858CAT IISign-on to the ESCD Application Console must be restricted to only authorized personnel.IBM Hardware Management Console (HMC) Security Technical Implementation GuideV-256860CAT IIThe Distributed Console Access Facility (DCAF) Console must be restricted to only authorized personnel.IBM Hardware Management Console (HMC) Security Technical Implementation GuideV-256871CAT IIAccess to the Hardware Management Console must be restricted to only authorized personnel.IBM Hardware Management Console (HMC) Security Technical Implementation GuideV-256873CAT IIAutomatic Call Answering to the Hardware Management Console must be disabled.IBM Hardware Management Console (HMC) Security Technical Implementation GuideV-82167CAT IIThe MaaS360 MDM server must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, auditor.IBM MaaS360 with Watson v10.x MDM Security Technical Implementation GuideV-241795CAT IIThe Jamf Pro EMM server must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, auditor.Jamf Pro v10.x EMM Security Technical Implementation GuideV-243444CAT IIAdministrative accounts of all high-value IT resources must be assigned to a specific administrative tier in Active Directory to separate highly privileged administrative accounts from less privileged administrative accounts.Microsoft Windows PAW Security Technical Implementation GuideV-91817CAT IIThe MobileIron Core v10 server must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, auditor.MobileIron Core v10.x MDM Security Technical Implementation GuideV-237628CAT IIThe Oracle Linux operating system must use the invoking user's password for privilege escalation when using "sudo".Oracle Linux 7 Security Technical Implementation GuideV-237634CAT IIThe Red Hat Enterprise Linux operating system must use the invoking user's password for privilege escalation when using "sudo".Red Hat Enterprise Linux 7 Security Technical Implementation GuideV-237642CAT IIRHEL 8 must use the invoking user's password for privilege escalation when using "sudo".Red Hat Enterprise Linux 8 Security Technical Implementation GuideV-237604CAT IIThe SUSE operating system must use the invoking user's password for privilege escalation when using "sudo".SLES 12 Security Technical Implementation GuideV-237604CAT IIThe SUSE operating system must use the invoking user's password for privilege escalation when using "sudo".SUSE Linux Enterprise Server 12 Security Technical Implementation GuideV-225646CAT IIThe Samsung SDS EMM must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, auditor.Samsung SDS EMM Security Technical Implementation GuideV-221643CAT IIThe Workspace ONE UEM server must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, or auditor.VMware Workspace ONE UEM Security Technical Implementation Guide