Icinga 2 private key is readable for users (readable by Users group)

During a recent security audit, it was found that the private key file at C:\ProgramData\icinga2\var\lib\icinga2\certs\[hostname].key has what appears like overly permissive permissions, specifically read access for the Users group.

Is this access necessary or can the permissions be tightened to restrict access further?

Thank you

