πΌ 2.1 Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing a system on the network.
-
Contextual name: πΌ 2.1 Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing a system on the network.
-
ID:
/frameworks/pci-dss-v3.2.1/02/01 -
Located in: πΌ 2 Do not use vendor-supplied defaults for system passwords and other security parameters.
Descriptionβ
This applies to ALL default passwords, including but not limited to those used by operating systems, software that provides security services, application and system accounts, point-of-sale (POS) terminals, payment applications, Simple Network Management Protocol (SNMP) community strings, etc.).
Similarβ
- Sections
/frameworks/pci-dss-v4.0/02/02/02/frameworks/aws-fsbp-v1.0.0/ec2/02/frameworks/aws-fsbp-v1.0.0/iam/04
- Internal
- ID:
dec-c-7ace62ef
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [EC2.2] VPC default security groups should not allow inbound or outbound traffic | 1 | |||
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [IAM.4] IAM root user access key should not exist | 1 | 1 | ||
| πΌ PCI DSS v4.0 β πΌ 2.2.2 Vendor default accounts are managed. | 8 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0 β πΌ 2.2.2 Vendor default accounts are managed. | 8 |
Sub Sectionsβ
Policies (8)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS Account Root User has active access keys π’ | 1 | π’ x6 |
| π AWS EC2 Default Security Group does not restrict all traffic π’ | 1 | π’ x6 |
| π Google API Key is not restricted for unused APIs π’ | 1 | π’ x6 |
| π Google API Key is not rotated every 90 days π’ | 1 | π’ x6 |
| π Google Cloud MySQL Instance allows anyone to connect with administrative privileges π’ | π’ x3 | |
| π Google GCE Instance is configured to use the Default Service Account π’ | 1 | π’ x6 |
| π Google GCE Instance is configured to use the Default Service Account with full access to all Cloud APIs π’ | 1 | π’ x6 |
| π Google Project has API Keys π’ | 1 | π x1, π’ x5 |