Skip to main content

💼 PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes

Description

Empty...

Similar

  • Sections
    • /frameworks/iso-iec-27001-2013/09/02/01
    • /frameworks/iso-iec-27001-2013/09/02/02
    • /frameworks/iso-iec-27001-2013/09/02/03
    • /frameworks/iso-iec-27001-2013/09/02/04
    • /frameworks/iso-iec-27001-2013/09/02/06
    • /frameworks/iso-iec-27001-2013/09/03/01
    • /frameworks/iso-iec-27001-2013/09/04/02
    • /frameworks/iso-iec-27001-2013/09/04/03
    • /frameworks/nist-sp-800-53-r4/ac/01
    • /frameworks/nist-sp-800-53-r4/ac/02
    • /frameworks/nist-sp-800-53-r4/ia/01
    • /frameworks/nist-sp-800-53-r4/ia/02
    • /frameworks/nist-sp-800-53-r4/ia/03
    • /frameworks/nist-sp-800-53-r4/ia/04
    • /frameworks/nist-sp-800-53-r4/ia/05
    • /frameworks/nist-sp-800-53-r4/ia/06
    • /frameworks/nist-sp-800-53-r4/ia/07
    • /frameworks/nist-sp-800-53-r4/ia/08
    • /frameworks/nist-sp-800-53-r4/ia/09
    • /frameworks/nist-sp-800-53-r4/ia/10
    • /frameworks/nist-sp-800-53-r4/ia/11
  • Internal
    • ID: dec-c-f8ba50fb

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 ISO/IEC 27001:2013 → 💼 A.9.2.1 User registration and de-registration11
💼 ISO/IEC 27001:2013 → 💼 A.9.2.2 User access provisioning44
💼 ISO/IEC 27001:2013 → 💼 A.9.2.3 Management of privileged access rights38
💼 ISO/IEC 27001:2013 → 💼 A.9.2.4 Management of secret authentication information of users810
💼 ISO/IEC 27001:2013 → 💼 A.9.2.6 Removal or adjustment of access rights
💼 ISO/IEC 27001:2013 → 💼 A.9.3.1 Use of secret authentication information33
💼 ISO/IEC 27001:2013 → 💼 A.9.4.2 Secure log-on procedures1
💼 ISO/IEC 27001:2013 → 💼 A.9.4.3 Password management system11
💼 NIST SP 800-53 Revision 4 → 💼 AC-1 ACCESS CONTROL POLICY AND PROCEDURES
💼 NIST SP 800-53 Revision 4 → 💼 AC-2 ACCOUNT MANAGEMENT1336
💼 NIST SP 800-53 Revision 4 → 💼 IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES
💼 NIST SP 800-53 Revision 4 → 💼 IA-2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)1312
💼 NIST SP 800-53 Revision 4 → 💼 IA-3 DEVICE IDENTIFICATION AND AUTHENTICATION411
💼 NIST SP 800-53 Revision 4 → 💼 IA-4 IDENTIFIER MANAGEMENT7
💼 NIST SP 800-53 Revision 4 → 💼 IA-5 AUTHENTICATOR MANAGEMENT1522
💼 NIST SP 800-53 Revision 4 → 💼 IA-6 AUTHENTICATOR FEEDBACK
💼 NIST SP 800-53 Revision 4 → 💼 IA-7 CRYPTOGRAPHIC MODULE AUTHENTICATION
💼 NIST SP 800-53 Revision 4 → 💼 IA-8 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)5
💼 NIST SP 800-53 Revision 4 → 💼 IA-9 SERVICE IDENTIFICATION AND AUTHENTICATION2
💼 NIST SP 800-53 Revision 4 → 💼 IA-10 ADAPTIVE IDENTIFICATION AND AUTHENTICATION
💼 NIST SP 800-53 Revision 4 → 💼 IA-11 RE-AUTHENTICATION

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v2.0 → 💼 PR.AA-01: Identities and credentials for authorized users, services, and hardware are managed by the organization38
💼 NIST CSF v2.0 → 💼 PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties91

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (30)

PolicyLogic CountFlags
📝 AWS Account IAM Access Analyzer is not enabled for all regions 🟢1🟢 x6
📝 AWS Account IAM Password Policy Number of passwords to remember is not set to 24 🟢1🟢 x6
📝 AWS Account Root User credentials were used is the last 30 days 🟢1🟢 x6
📝 AWS EC2 Instance IAM role is not attached 🟢1🟢 x6
📝 AWS IAM Policy allows full administrative privileges 🟢1🟢 x6
📝 AWS IAM Server Certificate is expired 🟢1🟢 x6
📝 AWS IAM User Access Keys are not rotated every 90 days or less 🟢1🟢 x6
📝 AWS IAM User has inline or directly attached policies 🟢1🟠 x1, 🟢 x5
📝 AWS IAM User has more than one active access key 🟢1🟢 x6
📝 AWS IAM User MFA is not enabled for all users with console password 🟢1🟢 x6
📝 AWS IAM User with console and programmatic access set during the initial creation 🟢🟢 x3
📝 AWS KMS Symmetric CMK Rotation is not enabled 🟢1🟢 x6
📝 AWS S3 Bucket MFA Delete is not enabled 🟠🟢1🟠 x1, 🟢 x6
📝 Azure App Service Authentication is disabled and Basic Authentication is enabled 🟢1🟢 x6
📝 Azure App Service Basic Authentication is enabled 🟢🟢 x3
📝 Azure App Service is not registered with Microsoft Entra ID 🟢1🟢 x6
📝 Azure Key Vault Soft Delete and Purge Protection functions are not enabled 🟢1🟢 x6
📝 Azure Non-RBAC Key Vault stores Keys without expiration date 🟢1🟢 x6
📝 Azure Non-RBAC Key Vault stores Secrets without expiration date 🟢1🟢 x6
📝 Azure RBAC Key Vault stores Keys without expiration date 🟢1🟢 x6
📝 Azure RBAC Key Vault stores Secrets without expiration date 🟢1🟢 x6
📝 Consumer Google Accounts are used 🟢🟢 x3
📝 Google Accounts are not configured with MFA 🟢🟢 x3
📝 Google BigQuery Dataset is anonymously or publicly accessible 🟢1🟢 x6
📝 Google Cloud Audit Logging is not configured properly 🟢1🟢 x6
📝 Google GCE Instance is configured to use the Default Service Account 🟢1🟢 x6
📝 Google GCE Instance is configured to use the Default Service Account with full access to all Cloud APIs 🟢1🟢 x6
📝 Google IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level 🟢1🟢 x6
📝 Google Storage Bucket is anonymously or publicly accessible 🟢1🟢 x6
📝 Google User has both Service Account Admin and Service Account User roles assigned 🟢1🟢 x6

Internal Rules

RulePoliciesFlags
✉️ dec-x-0be4dfe51
✉️ dec-x-0feec7902
✉️ dec-x-1fc681bc1
✉️ dec-x-4d6fee7a1
✉️ dec-x-6c93750d1
✉️ dec-x-12a853391
✉️ dec-x-82ca41272
✉️ dec-x-157aa4b91
✉️ dec-x-4157c58a1
✉️ dec-x-307950161
✉️ dec-x-ab7fc52e1
✉️ dec-x-b10e98af1
✉️ dec-x-b92b08f41
✉️ dec-x-bcb0c78f1
✉️ dec-x-ca52f63a2
✉️ dec-x-e58fd8e01
✉️ dec-x-f7c2faac1
✉️ dec-z-79f4ab881
✉️ dec-z-bb7312921