Privileged access to systems, applications and data repositories is limited to only what is required for users and services to undertake their duties.
Topic
Privileged access to systems
Applicable to
all
History
Priority
Must
Dec 2023
Privileged access to systems, applications and data repositories is limited to only what is required for users and services to undertake their duties.
The existing control relating to limiting privileged access to data repositories based on user duties was merged into the existing control relating to limiting access to systems and applications based on user duties. [ISM-1508, ISM-1853]
Sep 2019
Privileged access to systems, applications and data repositories is limited to that required for personnel to undertake their duties.
Security controls 0405, 1503, 1507 and 1508 were modified to replace references to ‘information’ with ‘data repositories’ in order to align with language used by the Essential Eight mitigation strategies.
Aug 2019
Privileged access to systems, applications and information is limited to that required for personnel to undertake their duties.
Nov 2018
Privileged access to systems, applications and information is limited to that required for personnel to undertake their duties.
Added to address a gap in guidance on privileged access to systems and resources.