πΌ 5.18 Access rights
- Contextual name: πΌ 5.18 Access rights
- ID:
/frameworks/iso-iec-27001-2022/05/18 - Located in: πΌ 5 Organizational controls
Descriptionβ
Access rights to information and other associated assets shall be provisioned, reviewed, modified and removed in accordance with the organizationβs topic-specific policy on and rules for access control.
Similarβ
- Internal
- ID:
dec-c-5909ec41
- ID:
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (6)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS EC2 Instance IAM role is not attached π’ | 1 | π’ x6 |
| π AWS IAM User has inline or directly attached policies π’ | 1 | π x1, π’ x5 |
| π Azure Non-RBAC Key Vault stores Keys without expiration date π’ | 1 | π’ x6 |
| π Azure Non-RBAC Key Vault stores Secrets without expiration date π’ | 1 | π’ x6 |
| π Azure RBAC Key Vault stores Keys without expiration date π’ | 1 | π’ x6 |
| π Azure RBAC Key Vault stores Secrets without expiration date π’ | 1 | π’ x6 |
Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-0feec790 | 2 | |
| βοΈ dec-x-6c93750d | 1 | |
| βοΈ dec-x-82ca4127 | 2 | |
| βοΈ dec-x-4157c58a | 1 |