💼 8.2 Privileged access rights

• Contextual name: 💼 8.2 Privileged access rights
• ID: /frameworks/iso-iec-27001-2022/08/02
• Located in: 💼 8 Technological controls

Description

The allocation and use of privileged access rights shall be restricted and managed.

Similar

• Internal
  • ID: dec-c-6071d426

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (10)

Policy	Logic Count	Flags
📝 AWS Account Root User credentials were used is the last 30 days 🟢	1	🟢 x6
📝 AWS Account Root User has active access keys 🟢	1	🟢 x6
📝 AWS EC2 Instance IAM role is not attached 🟢	1	🟢 x6
📝 AWS IAM User has inline or directly attached policies 🟢	1	🟠 x1, 🟢 x5
📝 AWS IAM User MFA is not enabled for all users with console password 🟢	1	🟢 x6
📝 AWS IAM User with console and programmatic access set during the initial creation 🟢		🟢 x3
📝 AWS S3 Bucket MFA Delete is not enabled 🟠🟢	1	🟠 x1, 🟢 x6
📝 Google GCE Instance is configured to use the Default Service Account 🟢	1	🟢 x6
📝 Google GCE Instance is configured to use the Default Service Account with full access to all Cloud APIs 🟢	1	🟢 x6
📝 Google IAM Service Account has admin privileges 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-0a7801fb	1
✉️ dec-x-6c93750d	1
✉️ dec-x-4157c58a	1
✉️ dec-x-b10e98af	1
✉️ dec-x-b92b08f4	1
✉️ dec-x-e58fd8e0	1
✉️ dec-z-bb731292	1