aws_compliance

This rule ensures that AWS Secrets Manager secrets have rotated successfully according to the rotation schedule. Rotating secrets on a regular schedule can shorten the period that a secret is active, and potentially reduce the business impact if it is compromised.

secretsmanager_secret_rotated_as_scheduled

gxp_21_cfr_part_11_11_10_d

11.10(d) Limiting system access to authorized individuals

gxp_21_cfr_part_11_11_10_g

11.10(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand

gxp_21_cfr_part_11_11_300_b

11.300(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging)

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_b

164.308(a)(4)(ii)(B) Access authorization

hipaa_security_rule_2003_164_308_a_5_ii_d

164.308(a)(5)(ii)(D) Password management

hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_d

rbi_itf_nbfc_3_1_c

3.1.c Role based Access Control

nist_800_172_3_5_2_e

3.5.2e Employ automated mechanisms for the generation, protection, rotation, and management of passwords for systems and system components that do not support multifactor authentication or complex account management

nydfs_23_500_07

500.07 Access Privileges and Management

pci_dss_v40_requirement_8_2_2

8.2.2: Group, shared, or generic IDs, or other shared authentication credentials are only used when necessary on an exception basis, and are managed

pci_dss_v40_requirement_8_3_10_1

8.3.10.1 Additional requirement for service providers only: If passwords/passphrases are used as the only authentication factor for customer user access (i.e., in any single-factor authentication implementation)

pci_dss_v40_requirement_8_3_5

8.3.5: If passwords/passphrases are used as authentication factors to meet Requirement 8.3.1, they are set and reset for each user

pci_dss_v40_requirement_8_3_7

8.3.7: Individuals are not allowed to submit a new password/passphrase that is the same as any of the last four passwords/passphrases used

pci_dss_v40_requirement_8_3_9

8.3.9: If passwords/passphrases are used as the only authentication factor for user access (i.e., in any single-factor authentication implementation)

pci_dss_v40_requirement_8_6_3

8.6.3: 3 Passwords/passphrases for any application and system accounts are protected against misuse

rbi_itf_nbfc_8_I

8.I Basic Security Aspects

nist_800_53_rev_4_ac_2_1

AC-2(1) Automated System Account Management

nist_800_53_rev_5_ac_2_1

nist_800_53_rev_5_ac_3_12_a

AC-3(12)(a)

nist_800_53_rev_5_ac_3_13

AC-3(13) Attribute-Based Access Control

nist_800_53_rev_5_ac_3_15_a

AC-3(15)(a)

nist_800_53_rev_5_ac_3_15_b

AC-3(15)(b)

nist_800_53_rev_5_ac_3_3

AC-3(3) Mandatory Access Control

nist_800_53_rev_5_ac_3_3_a

AC-3(3)(a)

nist_800_53_rev_5_ac_3_3_b_1

AC-3(3)(b)(1)

nist_800_53_rev_5_ac_3_3_b_2

AC-3(3)(b)(2)

nist_800_53_rev_5_ac_3_3_b_3

AC-3(3)(b)(3)

nist_800_53_rev_5_ac_3_3_b_4

AC-3(3)(b)(4)

nist_800_53_rev_5_ac_3_3_b_5

AC-3(3)(b)(5)

nist_800_53_rev_5_ac_3_3_c

AC-3(3)(c)

nist_800_53_rev_5_ac_3_4

AC-3(4) Discretionary Access Control

nist_800_53_rev_5_ac_3_4_a

AC-3(4)(a)

nist_800_53_rev_5_ac_3_4_b

AC-3(4)(b)

nist_800_53_rev_5_ac_3_4_c

AC-3(4)(c)

nist_800_53_rev_5_ac_3_4_d

AC-3(4)(d)

nist_800_53_rev_5_ac_3_4_e

AC-3(4)(e)

nist_800_53_rev_5_ac_3_8

AC-3(8) Revocation Of Access Authorizations

nist_800_53_rev_5_ac_4_28

AC-4(28) Linear Filter Pipelines

nist_800_53_rev_5_ac_24

Access Control Decisions (AC-24)

nist_800_53_rev_4_ac_2

Account Management (AC-2)

soc_2_cc_6_1

CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives

soc_2_cc_6_2

CC6.2 Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity

nist_800_53_rev_5_cm_5_1_a

CM-5(1)(a)

nist_csf_pr_ac_1

PR.AC-1

nist_800_53_rev_5_sc_23_3

SC-23(3) Unique System-Generated Session Identifiers

all_controls_secretsmanager

Secrets Manager

Secrets Manager secrets should be rotated as per the rotation schedule

foundational_security_secretsmanager_2

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: Secrets Manager secrets should be rotated as per the rotation schedule

Description

Usage

SQL

Tags