Skip to main content

Repository → 💼 SOC 2 → 💼 CC6 Logical and Physical Access Controls → 💼 CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives.

💼 CC6.1-8 Manages Identification and Authentication

  • ID: /frameworks/soc-2/cc6/01/08

Description

Identification and authentication requirements are established, documented, and managed for individuals and systems accessing entity information, infrastructure and software.

Similar

  • Internal
    • ID: dec-c-a6bb4b85

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (24)

PolicyLogic CountFlagsCompliance
🛡️ AWS Account IAM Access Analyzer is not enabled for all regions🟢1🟢 x6no data
🛡️ AWS Account IAM Password Policy Number of passwords to remember is not set to 24🟢1🟢 x6no data
🛡️ AWS Account Root User credentials were used is the last 30 days🟢1🟢 x6no data
🛡️ AWS CloudTrail S3 Bucket Access Logging is not enabled.🟢1🟢 x6no data
🛡️ AWS IAM Policy allows full administrative privileges🟢1🟢 x6no data
🛡️ AWS IAM User Access Keys are not rotated every 90 days or less🟢1🟢 x6no data
🛡️ AWS IAM User has more than one active access key🟢1🟢 x6no data
🛡️ AWS IAM User with console and programmatic access set during the initial creation🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS S3 Bucket MFA Delete is not enabled🟠🟢1🟠 x1, 🟢 x6no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢1🟢 x6no data
🛡️ AWS S3 Bucket Server Access Logging is not enabled🟢1🟢 x6no data
🛡️ AWS S3 Bucket Versioning is not enabled🟢1🟢 x6no data
🛡️ Azure App Service Authentication is disabled and Basic Authentication is enabled🟢1🟢 x6no data
🛡️ Azure App Service Basic Authentication is enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure App Service is not registered with Microsoft Entra ID🟢1🟢 x6no data
🛡️ Azure Cosmos DB Account Private Endpoints are not used🟢1🟢 x6no data
🛡️ Azure Cosmos DB Entra ID Client Authentication is not used🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services🟢1🟢 x6no data
🛡️ Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP)🟢1🟢 x6no data
🛡️ Azure Storage Account Trusted Azure Services are not enabled as networking exceptions🟢1🟢 x6no data
🛡️ Azure Storage Blob Containers Soft Delete is not enabled🟢1🟢 x6no data
🛡️ Google GCE Instance Block Project-Wide SSH Keys is not enabled🟢1🟢 x6no data
🛡️ Google GCE Instance OS Login is not enabled🟢1🟢 x6no data
🛡️ Google IAM Service Account has admin privileges🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-1fc681bc1
✉️ dec-x-2a9e52551
✉️ dec-x-157aa4b91
✉️ dec-x-0289e9c91
✉️ dec-x-3179d53c1
✉️ dec-x-307950161
✉️ dec-x-a8281d051
✉️ dec-x-ab7fc52e1
✉️ dec-x-b4d3d9dc2
✉️ dec-x-b10e98af1
✉️ dec-x-bcb0c78f1
✉️ dec-x-bf1f13f61
✉️ dec-x-ca52f63a2
✉️ dec-x-d5fbfc401
✉️ dec-x-e58fd8e01
✉️ dec-x-e00143332
✉️ dec-x-f7c2faac1
✉️ dec-z-bb7312921