💼 A.9.3.1 Use of secret authentication information

• ID: /frameworks/iso-iec-27001-2013/09/03/01

Description

Users shall be required to follow the organization’s practices in the use of secret authentication information.

Similar

• Internal
  • ID: dec-c-12b29f37

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST CSF v1.1 → 💼 PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes		19	34		no data
💼 NIST CSF v1.1 → 💼 PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals' security and privacy risks and other organizational risks)		19	23		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (3)

Policy	Logic Count	Flags	Compliance
🛡️ AWS Account IAM Password Policy Number of passwords to remember is not set to 24🟢	1	🟢 x6	no data
🛡️ AWS Account Root User credentials were used is the last 30 days🟢	1	🟢 x6	no data
🛡️ AWS IAM User MFA is not enabled for all users with console password🟢	1	🟢 x6	no data

Internal Rules

Rule	Policies	Flags
✉️ dec-x-b92b08f4	1
✉️ dec-x-e58fd8e0	1
✉️ dec-x-f7c2faac	1