| π AWS EKS Cluster has node IAM role with AmazonEKS_CNI_Policy attached π΄π’ | 1 | π΄ x1, π’ x6 |
| π AWS EKS Cluster IAM OIDC provider is not created π’ | 1 | π’ x6 |
| π AWS IAM Role unused π’ | 1 | π’ x6 |
| π AWS Support Role is not created π’ | 1 | π’ x6 |
| π Azure Privileged Role Assignments are not periodically reviewed π’ | | π’ x3 |
| π Azure Subscription Custom Subscription Administrator Roles exist π’ | 1 | π’ x6 |
| π Azure Subscription Resource Lock Administrator Custom Role does not exist π’ | | π’ x3 |
| π Azure User Access Administrator Role has assignments π’ | 1 | π’ x6 |
| π Google IAM Roles related to KMS are not assigned to separate users π’ | 1 | π’ x6 |
| π Google IAM Service Account has admin privileges π’ | 1 | π’ x6 |
| π Google IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level π’ | 1 | π’ x6 |
| π Google User has both Service Account Admin and Service Account User roles assigned π’ | 1 | π’ x6 |
| π Microsoft Entra ID Global Administrator Role assigned to more than 4 users π’ | | π’ x3 |