πΌ [IAM.8] Unused IAM user credentials should be removed
- Contextual name: πΌ [IAM.8] Unused IAM user credentials should be removed
- ID:
/frameworks/aws-fsbp-v1.0.0/iam/08 - Located in: πΌ Identity and Access Management (IAM)
Descriptionβ
IAM users can access AWS resources using different types of credentials, such as passwords or access keys.
Similarβ
- AWS Security Hub
- Internal
- ID:
dec-c-007be9b3
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-2 Account Management | 13 | 17 | 30 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-2(1) Account Management _ Automated System Account Management | 4 | 16 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-2(3) Account Management _ Disable Accounts | 1 | 4 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3 Access Enforcement | 15 | 4 | 17 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3(7) Access Enforcement _ Role-based Access Control | 7 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control | 10 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-6 Least Privilege | 10 | 21 | 26 | |
| πΌ PCI DSS v3.2.1 β πΌ 8.1.4 Remove/disable inactive user accounts within 90 days. | 1 | |||
| πΌ PCI DSS v4.0.1 β πΌ 8.2.6 Inactive user accounts are removed or disabled within 90 days of inactivity. | 1 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (1)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS IAM User with credentials unused for 45 days or more is not disabled π’ | 1 | π’ x6 |