Skip to main content

💼 A.9.2.4 Management of secret authentication information of users

  • Contextual name: 💼 A.9.2.4 Management of secret authentication information of users
  • ID: /frameworks/iso-iec-27001-2013/09/02/04
  • Located in: 💼 A.9.2 User access management

Description

The allocation of secret authentication information shall be controlled through a formal management process.

Similar

  • Internal
    • ID: dec-c-659e243a

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v1.1 → 💼 PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes1930
💼 NIST CSF v1.1 → 💼 PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals' security and privacy risks and other organizational risks)1923

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (10)

PolicyLogic CountFlags
📝 AWS IAM Server Certificate is expired 🟢1🟢 x6
📝 AWS IAM User Access Keys are not rotated every 90 days or less 🟢1🟢 x6
📝 AWS IAM User has more than one active access key 🟢1🟢 x6
📝 AWS IAM User with console and programmatic access set during the initial creation 🟢🟢 x3
📝 AWS KMS Symmetric CMK Rotation is not enabled 🟢1🟢 x6
📝 Azure Key Vault Soft Delete and Purge Protection functions are not enabled 🟢1🟢 x6
📝 Azure Non-RBAC Key Vault stores Keys without expiration date 🟢1🟢 x6
📝 Azure Non-RBAC Key Vault stores Secrets without expiration date 🟢1🟢 x6
📝 Azure RBAC Key Vault stores Keys without expiration date 🟢1🟢 x6
📝 Azure RBAC Key Vault stores Secrets without expiration date 🟢1🟢 x6

Internal Rules

RulePoliciesFlags
✉️ dec-x-0be4dfe51
✉️ dec-x-0feec7902
✉️ dec-x-4d6fee7a1
✉️ dec-x-12a853391
✉️ dec-x-82ca41272
✉️ dec-x-307950161
✉️ dec-x-b10e98af1
✉️ dec-x-bcb0c78f1