Description
Identify the least amount of access required for each application/role to complete its actions. If this role is compromised, an attacker is limited in the scope of their subsequent attacks.
Best Practices
- Access to secrets should be segregated by at least application, if not role
- Only grant the identity access to the resources it manages/uses
- Where appropriate, use virtual networks or other network segregation approach
- Goal is to reduce the ability for an attacker to use a single vulnerability as a foothold to compromise other parts of the system
- More information on lowering privileged account exposure can be found in Identity Management best practices
Description
Identify the least amount of access required for each application/role to complete its actions. If this role is compromised, an attacker is limited in the scope of their subsequent attacks.
Best Practices