πΌ [KMS.2] IAM principals should not have IAM inline policies that allow decryption actions on all KMS keys
-
Contextual name: πΌ [KMS.2] IAM principals should not have IAM inline policies that allow decryption actions on all KMS keys
-
ID:
/frameworks/aws-fsbp-v1.0.0/kms/02 -
Located in: πΌ Key Management Service (KMS)
Descriptionβ
With AWS KMS, you control who can use your KMS keys and gain access to your encrypted data. IAM policies define which actions an identity (user, group, or role) can perform on which resources. Following security best practices, AWS recommends that you allow least privilege. In other words, you should grant to identities only the permissions they need and only for keys that are required to perform a task. Otherwise, the user might use keys that are not appropriate for your data.
Similarβ
- AWS Security Hub
- Internal
- ID:
dec-c-0ecbf812
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-2 Account Management | 13 | 17 | 30 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-2(1) Account Management _ Automated System Account Management | 4 | 16 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3 Access Enforcement | 15 | 4 | 17 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3(7) Access Enforcement _ Role-based Access Control | 7 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control | 10 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-5 Separation of Duties | 1 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-6 Least Privilege | 10 | 21 | 26 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-6(3) Least Privilege _ Network Access to Privileged Commands | 2 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|