Skip to main content

πŸ’Ό A.9.3.1 Use of secret authentication information

  • Contextual name: πŸ’Ό A.9.3.1 Use of secret authentication information
  • ID: /frameworks/iso-iec-27001-2013/09/03/01
  • Located in: πŸ’Ό A.9.3 User responsibilities

Description​

Users shall be required to follow the organization’s practices in the use of secret authentication information.

Similar​

  • Internal
    • ID: dec-c-12b29f37

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes1922
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals' security and privacy risks and other organizational risks)1922

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (3)​

PolicyLogic CountFlags
πŸ“ AWS Account IAM Password Policy Number of passwords to remember is not set to 24 🟒1🟒 x6
πŸ“ AWS Account Root User credentials were used is the last 30 days πŸ”΄πŸŸ’1πŸ”΄ x1, 🟒 x6
πŸ“ AWS IAM User MFA is not enabled for all users with console password 🟒1🟒 x6

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-b92b08f41
βœ‰οΈ dec-x-e58fd8e01
βœ‰οΈ dec-x-f7c2faac1