Skip to main content

💼 [IAM.8] Unused IAM user credentials should be removed

Contextual name: 💼 [IAM.8] Unused IAM user credentials should be removed
ID: /frameworks/aws-fsbp-v1.0.0/iam/08
Located in: 💼 Identity and Access Management (IAM)

Description

IAM users can access AWS resources using different types of credentials, such as passwords or access keys.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-8
Internal
- ID: dec-c-007be9b3

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 AC-2 Account Management	13	20	34
💼 NIST SP 800-53 Revision 5 → 💼 AC-2(1) Account Management _ Automated System Account Management		4	16
💼 NIST SP 800-53 Revision 5 → 💼 AC-2(3) Account Management _ Disable Accounts		1	4
💼 NIST SP 800-53 Revision 5 → 💼 AC-3 Access Enforcement	15	5	37
💼 NIST SP 800-53 Revision 5 → 💼 AC-3(7) Access Enforcement _ Role-based Access Control			14
💼 NIST SP 800-53 Revision 5 → 💼 AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control			11
💼 NIST SP 800-53 Revision 5 → 💼 AC-6 Least Privilege	10	23	49
💼 PCI DSS v3.2.1 → 💼 8.1.4 Remove/disable inactive user accounts within 90 days.			1
💼 PCI DSS v4.0.1 → 💼 8.2.6 Inactive user accounts are removed or disabled within 90 days of inactivity.			1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS IAM User with credentials unused for 45 days or more is not disabled 🟢	1	🟢 x6

Description
Similar
Similar Sections (Give Policies To)
Sub Sections
Policies (1)