Access Control Skill Purpose This skill enforces access control requirements as defined in the Hack23 ISMS Access Control Policy. It ensures that all systems implement proper authentication, authorization, and session management based on the principle of least privilege. Rules Principle of Least Privilege MUST: - Grant minimum permissions necessary to perform job functions - Default to deny access (allowlist approach) - Separate duties for critical functions (no single person has complete control) - Regularly review and revoke unnecessary permissions - Document permission requirements for eac…