💼 5.3 Periodic Identity Reviews
- ID:
/frameworks/cis-azure-v6.0.0/05/03
Description​
Security Best Practices for Identity services should include operational reviews that periodically ensure the integrity and necessity of accounts and permissions. These operational practices should be performed regularly on a cadence that is based on your organization's policy or compliance requirements. NOTE: The recommendations in this section may not have a precise audit or remediation procedure because they may not be a configurable setting as much as they are an operative task that should be performed on a periodic basis.
Similar​
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 5.3.1 Ensure that Azure Admin Accounts Are Not Used for Daily Operations (Manual) | 1 | no data | |||
| 💼 5.3.2 Ensure that Guest Users are Reviewed on a Regular Basis (Manual) | 1 | no data | |||
| 💼 5.3.3 Ensure That Use of the 'User Access Administrator' Role is Restricted (Automated) | 1 | no data | |||
| 💼 5.3.4 Ensure that All 'Privileged' Role Assignments are Periodically Reviewed (Manual) | 1 | no data | |||
| 💼 5.3.5 Ensure Disabled User Accounts do not Have Read, Write, or Owner Permissions (Manual) | 1 | no data | |||
| 💼 5.3.6 Ensure 'Tenant Creator' Role Assignments are Periodically Reviewed (Manual) | 1 | no data | |||
| 💼 5.3.7 Ensure All Non-privileged Role Assignments are Periodically Reviewed (Manual) | 1 | no data |