Contents
Summary
This standard defines the Department for Education (DfE)'s approach to the principle of least privilege when accessing or managing resources within the DfE’s Enterprise Landing Zone Model (ELZM).
Categories
The categories applicable to this standard are:
- IT Operations
-
- Infrastructure Operations
- Security
-
- Technical
-
- Technical Management
Purpose
The principle of least privilege (PoLP) is an information security concept mandating that a user, program, or system only has the minimum access rights and permissions necessary to complete its required tasks, and nothing more. The primary objectives: • Reduced Attack Surface: Limiting privileges makes it harder for attackers to gain access or move laterally within a system. • Minimized Damage: If an account or application is compromised, the damage it can cause is confined to only the essential functions it was granted access for. • Improved Stability: With fewer elevated permissions, there's less chance of accidental changes to sensitive settings or data, leading to a more stable environment. • Enhanced Compliance: Many regulatory frameworks require organizations to control access to sensitive data, making PoLP a foundational security practice.
How to meet this standard
• Granular Permissions: Instead of broad administrative access, users and applications will only be granted the appropriate permissions required to carry out their role or function. • Role-Based Access Control: Permissions are assigned based on task related responsibilities, ensuring only the necessary access is granted for each task. • Privileged Access Management: Mechanisms are put in place to control, monitor, and secure privileged accounts and credentials.
For further details on how this standard is applied please refer to: DfE Patterns and Standards - DfE Azure Platforms
Approved products
Approved product or service
Owner and contacts
- Other point of contact
-
Jane
Houston