Least Privilege Access Model

Least privilege means access is granted only when required, for the minimum scope and time, under verified conditions.

• Subject: user, device, or workload identity.
• Resource: application, service, OT asset, or data segment.
• Action: connect, read, write, admin, or remote console.
• Context: site, zone, time window, risk score, posture.

• Deny-by-default with explicit allow rules.
• Step-up verification for privileged actions.
• Time-boxed maintenance access.
• Break-glass approvals with evidence capture.

• Define resource criticality tiers.
• Group identities by role and environment.
• Document required communication paths.
• Implement staged enforcement and rollback plans.