💼 [IAM.3] IAM users' access keys should be rotated every 90 days or less

Contextual name: 💼 [IAM.3] IAM users' access keys should be rotated every 90 days or less
ID: /frameworks/aws-fsbp-v1.0.0/iam/03
Located in: 💼 Identity and Access Management (IAM)

Description

Access keys consist of an access key ID and a secret access key. They are used to sign programmatic requests that you make to AWS. Users need their own access keys to make programmatic calls to AWS from the AWS CLI, Tools for Windows PowerShell, the AWS SDKs, or direct HTTP calls using the API operations for individual AWS services.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-3
Internal
- ID: dec-c-89c3d4a6

Similar Sections (Give Policies To)

Section	Internal Rules	Policies
💼 NIST SP 800-53 Revision 5 → 💼 AC-2(1) Account Management _ Automated System Account Management	4	16
💼 NIST SP 800-53 Revision 5 → 💼 AC-2(3) Account Management _ Disable Accounts	1	4
💼 NIST SP 800-53 Revision 5 → 💼 AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control		11
💼 PCI DSS v4.0.1 → 💼 8.3.9 If passwords/passphrases are used as the only authentication factor for user access then either passwords/passphrases are changed at least once every 90 days, or the security posture of accounts is dynamically analyzed.		2
💼 PCI DSS v4.0.1 → 💼 8.6.3 Passwords/passphrases for any application and system accounts are protected against misuse.		1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS IAM User Access Keys are not rotated every 90 days or less 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-bcb0c78f	1

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​

Internal Rules​