Skip to main content

💼 User Account Management

  • ID: /frameworks/cloudaware/identity-and-access-governance/user-account-management

Description

Policies for identifying excessive or improperly configured user accounts.

Similar

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (19)

PolicyLogic CountFlagsCompliance
🛡️ AWS CloudTrail Root Account Usage Monitoring is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS IAM User has inline or directly attached policies🟢1🟠 x1, 🟢 x5no data
🛡️ AWS IAM User is not managed centrally in multi-account environments🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google IAM Policy Binding Member (User) is assigned a basic role🟢1🟢 x6no data
🛡️ Google Project with KMS keys has a principal with Owner role🟢1🟢 x6no data
🛡️ Microsoft Entra ID Admin accounts are not used for daily operations🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Guest Invite Settings is not set to Only Users Assigned To Specific Admin Roles Can Invite Guest Users🟢1🟢 x6no data
🛡️ Microsoft Entra ID Guest Users are not reviewed on a regular basis🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Guest Users restricted to their own directory objects🟢1🟢 x6no data
🛡️ Microsoft Entra ID Owners Can Manage Group Membership Requests In The Access Panel is set to Yes🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Restrict User Ability To Access Groups Features In The Access Pane is set to No🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID User Consent For Applications is not set to Allow From Verified Publishers🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID User Consent For Applications is not set to Do Not Allow User Consent🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID User Settings Restrict Access To Microsoft Entra Admin Center is set to No🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Users Can Create Microsoft 365 Groups In Azure Portals, API Or PowerShell is set to Yes🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Users Can Create Security Groups In Azure Portals, API Or PowerShell is set to Yes🟢⚪🟢 x2, ⚪ x1no data
🛡️ Microsoft Entra ID Users Can Register Applications is set to Yes🟢1🟢 x6no data
🛡️ Snowflake User Default Role is ACCOUNTADMIN🟢1🟢 x6no data
🛡️ Snowflake User Default Role is not set🟢1🟢 x6no data