💼 [IAM.1] IAM policies should not allow full "*" administrative privileges

• ID: /frameworks/aws-fsbp-v1.0.0/iam/01

Description

IAM policies define a set of privileges that are granted to users, groups, or roles. Following standard security advice, AWS recommends that you grant least privilege, which means to grant only the permissions that are required to perform a task. When you provide full administrative privileges instead of the minimum set of permissions that the user needs, you expose the resources to potentially unwanted actions.

Instead of allowing full administrative privileges, determine what users need to do and then craft policies that let the users perform only those tasks. It is more secure to start with a minimum set of permissions and grant additional permissions as necessary. Do not start with permissions that are too lenient and then try to tighten them later.

Similar

• AWS Security Hub
  • https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-1
• Internal
  • ID: dec-c-1abf7265

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST SP 800-53 Revision 5 → 💼 AC-2 Account Management	13	20	37		no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-2(1) Account Management _ Automated System Account Management		4	18		no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-3 Access Enforcement	15	5	40		no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-3(7) Access Enforcement _ Role-based Access Control			14		no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control			13		no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-5 Separation of Duties			15		no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-6 Least Privilege	10	23	50		no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-6(2) Least Privilege _ Non-privileged Access for Nonsecurity Functions		4	5		no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-6(3) Least Privilege _ Network Access to Privileged Commands			2		no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-6(10) Least Privilege _ Prohibit Non-privileged Users from Executing Privileged Functions			3		no data
💼 PCI DSS v3.2.1 → 💼 7.2.1 Coverage of all system components.			7		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS IAM Policy allows full administrative privileges🟢	1	🟢 x6	no data

Internal Rules

Rule	Policies	Flags
✉️ dec-x-157aa4b9	1