1. The principle requiring that each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. Application of this principle limits the damage that can result from accident, error, or unauthorized use of an information system (IS. ) 2. The principle of granting only such access rights as are required for subjects to perform their authorized tasks. Note: Extension of the principle of need-to-know covering all access rights, not just "read access". See also: Role. 3. This principle requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use.