Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
Verify and control/limit connections to and use of external information systems.
Control information posted or processed on publicly accessible information systems.
Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems).
Limit system access to the types of transactions and functions that authorized users are permitted to execute.
Control the flow of CUI in accordance with approved authorizations.
Separate the duties of individuals to reduce the risk of malevolent activity without collusion.
Employ the principle of least privilege, including for specific security functions and privileged accounts.
Use non-privileged accounts or roles when accessing nonsecurity functions.