πΌ CC6.1-9 Manages Credentials for Infrastructure and Software
- Contextual name: πΌ CC6.1-9 Manages Credentials for Infrastructure and Software
- ID:
/frameworks/soc-2/cc6/01/09 - Located in: πΌ CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives.
Descriptionβ
New internal and external infrastructure and software are registered, authorized, and documented prior to being granted access credentials and implemented on the network or access point. Credentials are removed and access is disabled when access is no longer required or the infrastructure and software are no longer in use.
Similarβ
- Internal
- ID:
dec-c-b1b05177
- ID:
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (3)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS IAM Server Certificate is expired π’ | 1 | π’ x6 |
| π Azure SQL Server Transparent Data Encryption Protector is not encrypted with Customer-managed key π’ | 1 | π’ x6 |
| π Consumer Google Accounts are used π’ | π’ x3 |
Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-12a85339 | 1 | |
| βοΈ dec-x-230b5e35 | 1 | |
| βοΈ dec-z-79f4ab88 | 1 |