Principle 14 - Use Least Common Mechanisms

Detail

Services should be designed to prevent the escalation of privilege by ensuring that any digital mechanisms or functions common to more than one user or process are constrained to and maintained at similar levels of privilege rather than being shared by those with differing needs.

Separation should exist between different consumers of the service to prevent one malicious or compromised consumer from affecting the service or data of another.

Consumers have certain responsibilities when using a cloud service in order for this use to remain secure, and for their data to be adequately protected. This responsibilities must be defined, communicated and controls implemented at the delineation boundaries.

Decision Evaluation Criteria:

• Do logical software designs describe an approach which takes account of and actively prevents the escalation of user or process privileges by design ?
• Do logical software designs should include analysis and statement of user and process minimum required privileges which demonstrate that common functions are not being shared inappropriately or creating potential vulnerabilities ?

Basis

• CSSLP - Use least common mechanisms
• GDS CSP 3 - Provide separation between consumers
• GDS CSP 14 - Secure use of the service by the consumer