Grant users and systems the minimum level of access required to perform their functions.

• Role-based access control (RBAC) implementation
• Regular access reviews and recertification
• Just-in-time access for administrative tasks