Skip to main content

πŸ’Ό A.9.2.4 Management of secret authentication information of users

  • Contextual name: πŸ’Ό A.9.2.4 Management of secret authentication information of users
  • ID: /frameworks/iso-iec-27001-2013/09/02/04
  • Located in: πŸ’Ό A.9.2 User access management

Description​

The allocation of secret authentication information shall be controlled through a formal management process.

Similar​

  • Internal
    • ID: dec-c-659e243a

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes1922
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals' security and privacy risks and other organizational risks)1922

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (10)​

PolicyLogic CountFlags
πŸ“ AWS IAM Server Certificate is expired 🟒1🟒 x6
πŸ“ AWS IAM User Access Keys are not rotated every 90 days or less 🟒1🟒 x6
πŸ“ AWS IAM User has more than one active access key 🟒1🟒 x6
πŸ“ AWS IAM User with console and programmatic access set during the initial creation 🟒🟒 x3
πŸ“ AWS KMS Symmetric CMK Rotation is not enabled 🟒1🟒 x6
πŸ“ Azure Key Vault Soft Delete and Purge Protection functions are not enabled 🟒1🟒 x6
πŸ“ Azure Non-RBAC Key Vault stores Keys without expiration date 🟒1🟒 x6
πŸ“ Azure Non-RBAC Key Vault stores Secrets without expiration date 🟒1🟒 x6
πŸ“ Azure RBAC Key Vault stores Keys without expiration date 🟒1🟒 x6
πŸ“ Azure RBAC Key Vault stores Secrets without expiration date 🟒1🟒 x6

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-0be4dfe51
βœ‰οΈ dec-x-0feec7902
βœ‰οΈ dec-x-4d6fee7a1
βœ‰οΈ dec-x-12a853391
βœ‰οΈ dec-x-82ca41272
βœ‰οΈ dec-x-307950161
βœ‰οΈ dec-x-b10e98af1
βœ‰οΈ dec-x-bcb0c78f1