Least Privilege

Senses

Minimize access

Least privilege reduces blast radius by limiting accounts, roles, and services to only the permissions they need, only for the time they need them. It is a key control for both humans and service identities.

NIST CSRC Glossary

Bibliography

NIST CSRC Glossary
Accessed Jan 05, 2026Summarized
NIST CSRC Glossary — Least privilege
https://csrc.nist.gov/glossary/term/least_privilege
NIST states most site information is public information and may be distributed or copied, except material marked as copyrighted; attribution requested. Verify per-document markings before quoting.
Source: NIST CSRC Glossary (csrc.nist.gov).

(I)

The principle that a security architecture should be designed so that each system entity is granted the minimum system resources and authorizations that the entity needs to do its work. (Compare: economy of mechanism, least trust.) Tutorial: This principle tends to limit damage that can be caused by an accident, error, or unauthorized act. This principle also tends to reduce complexity and promote modularity, which can make certification easier and more effective. This principle is similar to the principle of protocol layering, wherein each layer provides specific, limited communication services, and the functions in one layer are independent of those in other layers.

Tutorial: This principle tends to limit damage that can be caused by an accident, error, or unauthorized act. This principle also tends to reduce complexity and promote modularity, which can make certification easier and more effective. This principle is similar to the principle of protocol layering, wherein each layer provides specific, limited communication services, and the functions in one layer are independent of those in other layers.

IETF RFC 4949 (Internet Security Glossary)