Access Control Skill

Purpose

This skill enforces access control requirements as defined in the Hack23 ISMS Access Control Policy. It ensures that all systems implement proper authentication, authorization, and session management based on the principle of least privilege.

Rules

Principle of Least Privilege

MUST:

• Grant minimum permissions necessary to perform job functions
• Default to deny access (allowlist approach)
• Separate duties for critical functions (no single person has complete control)
• Regularly review and revoke unnecessary permissions
• Document permission requirements for each role
• Implement time-limited access for temporary needs

MUST NOT: