💼 Credential Lifecycle Management

• Contextual name: 💼 Credential Lifecycle Management
• ID: /frameworks/cloudaware/identity-and-access-governance/credential-lifecycle-management
• Located in: 💼 Identity & Access Governance

Description

Ensuring secure creation, rotation, and retirement of credentials.

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (18)

Policy	Logic Count	Flags
📝 AWS Account IAM Password Policy minimum password length is 14 characters or less 🟢	1	🟢 x6
📝 AWS Account IAM Password Policy Number of passwords to remember is not set to 24 🟢	1	🟢 x6
📝 AWS Account Root User credentials were used is the last 30 days 🟢	1	🟢 x6
📝 AWS Account Root User has active access keys 🟢	1	🟢 x6
📝 AWS IAM User Access Keys are not rotated every 90 days or less 🟢	1	🟢 x6
📝 AWS IAM User has more than one active access key 🟢	1	🟢 x6
📝 AWS IAM User with console and programmatic access set during the initial creation 🟢		🟢 x3
📝 AWS IAM User with credentials unused for 45 days or more is not disabled 🟢	1	🟢 x6
📝 Consumer Google Accounts are used 🟢		🟢 x3
📝 Google IAM Service Account has User-Managed Keys 🟢	1	🟢 x6
📝 Microsoft Entra ID Account Lockout Duration is not set 60 seconds or more 🟢		🟢 x3
📝 Microsoft Entra ID Account Lockout Threshold is not set to 10 or less 🟢		🟢 x3
📝 Microsoft Entra ID Custom Banned Password List is not enforced 🟢		🟢 x3
📝 Microsoft Entra ID User Notify All Admins When Other Admins Reset Their Password is set No 🟢		🟢 x3
📝 Microsoft Entra ID User Notify Users On Password Resets is set to No 🟢		🟢 x3
📝 Microsoft Entra ID User Reconfirm Authentication Information is set to 0 🟢		🟢 x3
📝 Microsoft Entra ID User Self-Service Password Reset does not require 2 authentication methods 🟢		🟢 x3
📝 Snowflake User password is not rotated every 90 days 🟢	1	🟢 x6