This policy provides guidelines for the delegation of user privileges on organization-owned systems. It also provides guidance for usage of high-privilege or administrator accounts.
From the policy:
The risk potential of running user-initiated tasks using the same access levels as components of the operating system is staggeringly high, particularly in an age where ransomware can traverse networks, encrypting files in demand of payment. Privilege levels can mitigate potential damage posed by external threats, internal malicious actors, and simple operator error. Fundamentally, this guide provides direction on how to implement the “principle of least privilege,” a concept defined by computer scientist Jerome Saltzer as “Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job."