The security objective of granting users only the access needed to perform official duties. This principle recommends minimum user privileges for both physical and logical access based on job need. Adapted from: FFIEC IT Examination Handbook, Information Security. 2021. https://ithandbook.ffiec.gov/glossary.aspx