💼 AC-2(7) Privileged User Accounts (M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/ac/02/07
Description
(a) Establish and administer privileged user accounts in accordance with [Selection: Assignment: a role-based access scheme; an attribute-based access scheme];
(b) Monitor privileged role or attribute assignments;
(c) Monitor changes to roles or attributes; and
(d) Revoke access when privileged role or attribute assignments are no longer appropriate.
Similar
- Sections
/frameworks/fedramp-high-security-controls/ac/02/07
- Internal
- ID:
dec-c-e144afcf
- ID:
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 AC-2(7) Privileged User Accounts (M)(H) | 6 | 7 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (7)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS Account IAM Access Analyzer is not enabled for all regions🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS Account Root User credentials were used is the last 30 days🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Instance IAM role is not attached🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS IAM Policy allows full administrative privileges🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS IAM User has inline or directly attached policies🟢 | 1 | 🟠 x1, 🟢 x5 | no data |
| 🛡️ Azure Subscription Activity Log Alert for Create Policy Assignment does not exist🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist🟢 | 1 | 🟢 x6 | no data |