💼 4 Regulated entities would typically put in place processes to ensure that identities and credentials are issued, managed, verified, revoked and audited for authorised devices, users and software/processes.

• Contextual name: 💼 4 Regulated entities would typically put in place processes to ensure that identities and credentials are issued, managed, verified, revoked and audited for authorised devices, users and software/processes.
• ID: /frameworks/apra-cpg-234/c/4
• Located in: 💼 Attachment C - Identity and access

Description

Empty...

Similar

• Internal
  • ID: dec-c-af51c8ae

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (8)

Policy	Logic Count	Flags
📝 AWS Account IAM Password Policy Number of passwords to remember is not set to 24 🟢	1	🟢 x6
📝 AWS EC2 Instance IAM role is not attached 🟢	1	🟢 x6
📝 AWS IAM User Access Keys are not rotated every 90 days or less 🟢	1	🟢 x6
📝 AWS IAM User has inline or directly attached policies 🟢	1	🟠 x1, 🟢 x5
📝 AWS IAM User MFA is not enabled for all users with console password 🟢	1	🟢 x6
📝 AWS KMS Symmetric CMK Rotation is not enabled 🟢	1	🟢 x6
📝 AWS S3 Bucket MFA Delete is not enabled 🟠🟢	1	🟠 x1, 🟢 x6
📝 Azure Key Vault Role Based Access Control is not enabled 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-4d6fee7a	1
✉️ dec-x-6c93750d	1
✉️ dec-x-4157c58a	1
✉️ dec-x-b92b08f4	1
✉️ dec-x-bcb0c78f	1
✉️ dec-x-c8041456	1
✉️ dec-x-f7c2faac	1
✉️ dec-z-bb731292	1