CMMC Practice AC.2.007: Employ the principle of least privilege, including for specific security functions and privileged accounts.
You should apply the principle of least privilege to all users and processes on all systems. This means you assign the fewest permissions necessary for the user or process to accomplish their business function. Also, you:
• restrict user access to only the machines and information needed to fulfill job responsibilities; and
• limit what system configuration settings users can change, only allowing individuals with a business need to change them.