From 717fcb9c81d2bc3cc7a84a3ebea6572d7ff0f5cf Mon Sep 17 00:00:00 2001
From: doc <doc@filenotfound.org>
Date: Mon, 30 Jun 2025 20:06:28 +0000
Subject: uploading documentation

---
 genesishosting/access/least-priv.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 genesishosting/access/least-priv.md

(limited to 'genesishosting/access/least-priv.md')

diff --git a/genesishosting/access/least-priv.md b/genesishosting/access/least-priv.md
new file mode 100644
index 0000000..00f85ac
--- /dev/null
+++ b/genesishosting/access/least-priv.md
@@ -0,0 +1,20 @@
+# Least Privilege Policy
+
+Genesis Hosting enforces least privilege access for all systems.
+
+## Principles
+
+- Users are given the minimum level of access necessary to perform their work
+- Admin tools are isolated by function (e.g., billing vs. system access)
+- Escalation of privileges must be requested, documented, and time-bound
+
+## Tools in Use
+
+- WHMCS permissions are restricted by group
+- SSH access is limited using `AllowUsers` and firewalled IPs
+- TeamTalk server admins are rotated and audited monthly
+
+## Review Cycle
+
+- Access roles are reviewed quarterly
+- Logs of access changes are stored and rotated every 90 days
-- 
cgit v1.2.3