|
Article 5
|
(Least Privilege)
- The information and communication system account shall be least privileged in principle, only authorizing access to users (or processes acting on behalf of users) for completing an operation as necessary according to the authority and responsibility and business function of each department of the organization.
- An organization shall define the roles and duties of its personnel and segregate conflicting roles.
|