💼 PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties

Contextual name: 💼 PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties
ID: /frameworks/nist-csf-v1.1/pr-ac/04
Located in: 💼 Identity Management, Authentication and Access Control (PR.AC)

Description

Empty...

Similar

Sections
- /frameworks/iso-iec-27001-2013/06/01/02
- /frameworks/iso-iec-27001-2013/09/01/02
- /frameworks/iso-iec-27001-2013/09/02/03
- /frameworks/iso-iec-27001-2013/09/04/01
- /frameworks/iso-iec-27001-2013/09/04/04
- /frameworks/iso-iec-27001-2013/09/04/05
- /frameworks/nist-sp-800-53-r4/ac/01
- /frameworks/nist-sp-800-53-r4/ac/02
- /frameworks/nist-sp-800-53-r4/ac/03
- /frameworks/nist-sp-800-53-r4/ac/05
- /frameworks/nist-sp-800-53-r4/ac/06
- /frameworks/nist-sp-800-53-r4/ac/14
- /frameworks/nist-sp-800-53-r4/ac/16
- /frameworks/nist-sp-800-53-r4/ac/24
Internal
- ID: dec-c-2c2dde09

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies
💼 ISO/IEC 27001:2013 → 💼 A.6.1.2 Segregation of duties
💼 ISO/IEC 27001:2013 → 💼 A.9.1.2 Access to networks and network services		17	18
💼 ISO/IEC 27001:2013 → 💼 A.9.2.3 Management of privileged access rights		3	4
💼 ISO/IEC 27001:2013 → 💼 A.9.4.1 Information access restriction		19	20
💼 ISO/IEC 27001:2013 → 💼 A.9.4.4 Use of privileged utility programs
💼 ISO/IEC 27001:2013 → 💼 A.9.4.5 Access control to program source code
💼 NIST SP 800-53 Revision 4 → 💼 AC-1 ACCESS CONTROL POLICY AND PROCEDURES
💼 NIST SP 800-53 Revision 4 → 💼 AC-2 ACCOUNT MANAGEMENT	13	2	2
💼 NIST SP 800-53 Revision 4 → 💼 AC-3 ACCESS ENFORCEMENT	10
💼 NIST SP 800-53 Revision 4 → 💼 AC-5 SEPARATION OF DUTIES		3	3
💼 NIST SP 800-53 Revision 4 → 💼 AC-6 LEAST PRIVILEGE	10	2	2
💼 NIST SP 800-53 Revision 4 → 💼 AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION	1
💼 NIST SP 800-53 Revision 4 → 💼 AC-16 SECURITY ATTRIBUTES	10
💼 NIST SP 800-53 Revision 4 → 💼 AC-24 ACCESS CONTROL DECISIONS	2

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v2.0 → 💼 PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties			58

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (35)

Policy	Logic Count	Flags
📝 AWS Account IAM Access Analyzer is not enabled for all regions 🟢	1	🟢 x6
📝 AWS Account Root User credentials were used is the last 30 days 🔴🟢	1	🔴 x1, 🟢 x6
📝 AWS Account Root User has active access keys 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted CIFS traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted DNS traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted FTP traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted ICMP traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted NetBIOS traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted RPC traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted SMTP traffic 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MongoDB 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MSSQL 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MySQL 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to PostgreSQL 🟢	1	🟢 x6
📝 AWS IAM Policy allows full administrative privileges 🟢	1	🟢 x6
📝 AWS IAM User has inline or directly attached policies 🟢	1	🟠 x1, 🟢 x5
📝 AWS RDS Instance is publicly accessible and in an unrestricted public subnet 🟢	1	🟢 x6
📝 AWS RDS Snapshot is publicly accessible 🟢	1	🟢 x6
📝 AWS S3 Bucket is not configured to block public access 🟢	1	🟢 x6
📝 Azure App Service Authentication is disabled and Basic Authentication is enabled 🟢	1	🟢 x6
📝 Azure App Service Basic Authentication is enabled 🟢		🟢 x3
📝 Azure Cosmos DB Account Private Endpoints are not used 🟢	1	🟢 x6
📝 Azure Cosmos DB Account Virtual Network Filter is not enabled 🟢	1	🟢 x6
📝 Azure Cosmos DB Entra ID Client Authentication is not used 🟢		🟢 x3
📝 Azure Network Security Group allows unrestricted HTTP(S) access from the Internet 🟢	1	🟢 x6
📝 Azure Network Security Group allows unrestricted RDP access from the Internet 🟢	1	🟢 x6
📝 Azure Network Security Group allows unrestricted SSH access from the Internet 🟢	1	🟢 x6
📝 Azure Network Security Group allows unrestricted UDP access from the Internet 🟢	1	🟢 x6
📝 Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services 🟢	1	🟢 x6
📝 Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP) 🟢	1	🟢 x6
📝 Azure Storage Account Allow Blob Anonymous Access is set enabled 🟢	1	🟢 x6
📝 Azure Storage Account Trusted Azure Services are not enabled as networking exceptions 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-0a7801fb	1
✉️ dec-x-4c15a09f	1
✉️ dec-x-14bf01f3	1
✉️ dec-x-46a83a30	1
✉️ dec-x-157aa4b9	1
✉️ dec-x-0289e9c9	1
✉️ dec-x-599c86b4	1
✉️ dec-x-083928f5	1
✉️ dec-x-63737248	1
✉️ dec-x-ab7fc52e	1
✉️ dec-x-b3342905	1
✉️ dec-x-bf1f13f6	1
✉️ dec-x-e43fd12e	1
✉️ dec-x-ec547a7c	1
✉️ dec-x-f4cc003a	1
✉️ dec-x-f937c35f	1
✉️ dec-z-c82c9f97	1

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (35)​

Internal Rules​

Description

Similar

Similar Sections (Take Policies From)

Similar Sections (Give Policies To)

Sub Sections

Policies (35)

Internal Rules