💼 AC-2(1) Account Management | Automated System Account Management

Contextual name: 💼 AC-2(1) Account Management | Automated System Account Management
ID: /frameworks/nist-sp-800-53-r5/ac/02/01
Located in: 💼 AC-2 Account Management

Description

Support the management of system accounts using [Assignment: organization-defined automated mechanisms].

Similar

Sections
- /frameworks/aws-fsbp-v1.0.0/appsync/05
- /frameworks/aws-fsbp-v1.0.0/ecs/01
- /frameworks/aws-fsbp-v1.0.0/ecs/04
- /frameworks/aws-fsbp-v1.0.0/ecs/05
- /frameworks/aws-fsbp-v1.0.0/elasticache/06
- /frameworks/aws-fsbp-v1.0.0/eventbridge/03
- /frameworks/aws-fsbp-v1.0.0/iam/01
- /frameworks/aws-fsbp-v1.0.0/iam/02
- /frameworks/aws-fsbp-v1.0.0/iam/03
- /frameworks/aws-fsbp-v1.0.0/iam/04
- /frameworks/aws-fsbp-v1.0.0/iam/05
- /frameworks/aws-fsbp-v1.0.0/iam/06
- /frameworks/aws-fsbp-v1.0.0/iam/07
- /frameworks/aws-fsbp-v1.0.0/iam/08
- /frameworks/aws-fsbp-v1.0.0/iam/21
- /frameworks/aws-fsbp-v1.0.0/kms/01
- /frameworks/aws-fsbp-v1.0.0/kms/02
- /frameworks/aws-fsbp-v1.0.0/neptune/07
- /frameworks/aws-fsbp-v1.0.0/opensearch/07
- /frameworks/aws-fsbp-v1.0.0/rds/10
- /frameworks/aws-fsbp-v1.0.0/rds/12
- /frameworks/aws-fsbp-v1.0.0/s3/12
- /frameworks/aws-fsbp-v1.0.0/sagemaker/03
- /frameworks/aws-fsbp-v1.0.0/secrets-manager/01
- /frameworks/aws-fsbp-v1.0.0/secrets-manager/02
- /frameworks/aws-fsbp-v1.0.0/secrets-manager/03
- /frameworks/aws-fsbp-v1.0.0/secrets-manager/04
Internal
- ID: dec-c-ded31828

Similar Sections (Take Policies From)

Section	Internal Rules	Policies
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [AppSync.5] AWS AppSync GraphQL APIs should not be authenticated with API keys
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.1] Amazon ECS task definitions should have secure networking modes and user definitions.
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.4] ECS containers should run as non-privileged
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.5] ECS containers should be limited to read-only access to root filesystems
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ElastiCache.6] ElastiCache (Redis OSS) replication groups of earlier versions should have Redis OSS AUTH enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EventBridge.3] EventBridge custom event buses should have a resource-based policy attached
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.1] IAM policies should not allow full "*" administrative privileges	1	1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.2] IAM users should not have IAM policies attached	1	1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.3] IAM users' access keys should be rotated every 90 days or less	1	1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.4] IAM root user access key should not exist	1	1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.5] MFA should be enabled for all IAM users that have a console password		1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.6] Hardware MFA should be enabled for the root user		1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.7] Password policies for IAM users should have strong configurations	1	2
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.8] Unused IAM user credentials should be removed		1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.21] IAM customer managed policies that you create should not allow wildcard actions for services
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [KMS.1] IAM customer managed policies should not allow decryption actions on all KMS keys
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [KMS.2] IAM principals should not have IAM inline policies that allow decryption actions on all KMS keys
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Neptune.7] Neptune DB clusters should have IAM database authentication enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.7] OpenSearch domains should have fine-grained access control enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.10] IAM authentication should be configured for RDS instances
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.12] IAM authentication should be configured for RDS clusters
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.12] ACLs should not be used to manage user access to S3 general purpose buckets
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SageMaker.3] Users should not have root access to SageMaker AI notebook instances
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SecretsManager.1] Secrets Manager secrets should have automatic rotation enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SecretsManager.2] Secrets Manager secrets configured with automatic rotation should rotate successfully
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SecretsManager.3] Remove unused Secrets Manager secrets
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SecretsManager.4] Secrets Manager secrets should be rotated within a specified number of days

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP High Security Controls → 💼 AC-2(1) Automated System Account Management (M)(H)			16

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (16)

Policy	Logic Count	Flags
📝 AWS Account IAM Password Policy minimum password length is 14 characters or less 🟢	1	🟢 x6
📝 AWS Account IAM Password Policy Number of passwords to remember is not set to 24 🟢	1	🟢 x6
📝 AWS Account Root User has active access keys 🟢	1	🟢 x6
📝 AWS Account Root User Hardware MFA is not enabled. 🟢		🟢 x3
📝 AWS IAM Policy allows full administrative privileges 🟢	1	🟢 x6
📝 AWS IAM User Access Keys are not rotated every 90 days or less 🟢	1	🟢 x6
📝 AWS IAM User has inline or directly attached policies 🟢	1	🟠 x1, 🟢 x5
📝 AWS IAM User MFA is not enabled for all users with console password 🟢	1	🟢 x6
📝 AWS IAM User with credentials unused for 45 days or more is not disabled 🟢	1	🟢 x6
📝 Azure App Service is not registered with Microsoft Entra ID 🟢	1	🟢 x6
📝 Azure Non-RBAC Key Vault stores Keys without expiration date 🟢	1	🟢 x6
📝 Azure Non-RBAC Key Vault stores Secrets without expiration date 🟢	1	🟢 x6
📝 Azure RBAC Key Vault stores Keys without expiration date 🟢	1	🟢 x6
📝 Azure RBAC Key Vault stores Secrets without expiration date 🟢	1	🟢 x6
📝 Azure SQL Database Transparent Data Encryption is not enabled 🟢	1	🟢 x6
📝 Azure SQL Server Microsoft Entra authentication is not configured 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-0feec790	2
✉️ dec-x-1fc681bc	1
✉️ dec-x-2fcb6d85	2
✉️ dec-x-82ca4127	2

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (16)​

Internal Rules​

Description

Similar

Similar Sections (Take Policies From)

Similar Sections (Give Policies To)

Sub Sections

Policies (16)

Internal Rules