💼 A.9.2.4 Management of secret authentication information of users

• ID: /frameworks/iso-iec-27001-2013/09/02/04

Description

The allocation of secret authentication information shall be controlled through a formal management process.

Similar

• Internal
  • ID: dec-c-659e243a

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST CSF v1.1 → 💼 PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes		19	34		no data
💼 NIST CSF v1.1 → 💼 PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals' security and privacy risks and other organizational risks)		19	23		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (10)

Policy	Logic Count	Flags	Compliance
🛡️ AWS IAM Server Certificate is expired🟢	1	🟢 x6	no data
🛡️ AWS IAM User Access Keys are not rotated every 90 days or less🟢	1	🟢 x6	no data
🛡️ AWS IAM User has more than one active access key🟢	1	🟢 x6	no data
🛡️ AWS IAM User with console and programmatic access set during the initial creation🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ AWS KMS Symmetric CMK Rotation is not enabled🟢	1	🟢 x6	no data
🛡️ Azure Key Vault Soft Delete and Purge Protection functions are not enabled🟢	1	🟢 x6	no data
🛡️ Azure Non-RBAC Key Vault stores Keys without expiration date🟢	1	🟢 x6	no data
🛡️ Azure Non-RBAC Key Vault stores Secrets without expiration date🟢	1	🟢 x6	no data
🛡️ Azure RBAC Key Vault stores Keys without expiration date🟢	1	🟢 x6	no data
🛡️ Azure RBAC Key Vault stores Secrets without expiration date🟢	1	🟢 x6	no data

Internal Rules

Rule	Policies	Flags
✉️ dec-x-0be4dfe5	1
✉️ dec-x-0feec790	2
✉️ dec-x-4d6fee7a	1
✉️ dec-x-12a85339	1
✉️ dec-x-82ca4127	2
✉️ dec-x-30795016	1
✉️ dec-x-b10e98af	1
✉️ dec-x-bcb0c78f	1