Summary

The system should set minimal or no permissions for new users/roles and users/roles should not receive access to new features until it is explicitly granted.

Description

Systems should have a set of roles with different levels of privilege to access resources. The privileges of each role must be clearly defined and the role of each user should also be clearly stated. Furthermore, permissions and access should be granted using the principle of deny by default.

References

• CAPEC-122. Privilege abuse
• CAPEC-233. Privilege escalation
• CWE-276. Incorrect default permissions
• CWE-285. Improper authorization
• CWE-732. Incorrect permission assignment for critical resource
• NERCCIP-005-5_R1_3. Electronic security perimeter
• OWASP10-A1. Broken access control
• SOC2-CC6_3. Logical and physical access controls
• CERTJ-FIO01-J. Create files with appropriate access permissions
• PADSS-5_2_8. Improper access controls
• CMMC-SC_L2-3_13_6. Network communication by exception
• HITRUST-09_c. Segregation of duties
• LGPD-46. Security and Secrecy of Data
• IEC62443-RDF-5_2. Zone boundary protection
• WASC-W_02. Insufficient authorization
• NISTSSDF-PW_9_1. Configure software to have secure settings by default
• OWASPSCP-7. Error handling and logging
• PCI-7_3_3. Access control system is set to deny by default
• SIG-N_1_9. Network security
• ASVS-4_1_1. General access control design
• SANS25-11. Missing authorization
• CASA-4_1_1. General Access Control Design
• CASA-4_3_3. Other Access Control Considerations
• CASA-13_1_4. Generic Web Service Security
• CWE25-862. Missing authorization
• NIST-PR_IR-01. Networks and environments are protected from unauthorized logical access and usage