aws_compliance

AWS Compliance

Checks if AWS Identity and Access Management (IAM) policies grant permissions to all actions on individual AWS resources. The rule is non-compliant if the managed IAM policy allows full access to at least 1 AWS service.

iam_all_policy_no_service_wild_card

gxp_21_cfr_part_11_11_10_d

11.10(d) Limiting system access to authorized individuals

gxp_21_cfr_part_11_11_10_g

11.10(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand

hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_a

164.308(a)(3)(ii)(A) Authorization and/or supervision

hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_b

164.308(a)(3)(ii)(B) Workforce clearance procedure

hipaa_final_omnibus_security_rule_2013_164_308_a_4_i

164.308(a)(4)(i) Information access management

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_b

164.308(a)(4)(ii)(B) Access authorization

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_c

164.308(a)(4)(ii)(C) Access establishment and modification

nist_800_171_rev_2_3_1_2

3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute

nist_800_171_rev_2_3_1_4

3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion

rbi_itf_nbfc_3_1_c

3.1.c Role based Access Control

cis_controls_v8_ig1_3_3

3.3 Configure Data Access Control Lists

pci_dss_v321_requirement_7_1_2_a

7.1.2.a Interview personnel responsible for assigning access to verify that access to privileged user IDs is assigned only to roles that specifically require such privileged access and restricted to least privileges necessary to perform job responsibilities

rbi_itf_nbfc_8_I

8.I Basic Security Aspects

fedramp_moderate_rev_4_ac_2_f

AC-2(f)

fedramp_moderate_rev_4_ac_2_j

AC-2(j)

nist_800_53_rev_5_ac_5_b

AC-5(b)

fedramp_moderate_rev_4_ac_5_c

AC-5(c)

nist_800_53_rev_5_ac_6_10

AC-6(10)

fedramp_moderate_rev_4_ac_6_10

AC-6(10) Prohibit Non-Privileged Users From Executing Privileged Functions

nist_800_53_rev_5_ac_6_2

AC-6(2)

acsc_essential_eight_ml_2_5_2

ACSC-EE-ML2-5.2: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_3

ACSC-EE-ML2-5.3: Restrict administrative privileges ML2

acsc_essential_eight_ml_3_5_2

ACSC-EE-ML3-5.2: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_3

ACSC-EE-ML3-5.3: Restrict administrative privileges ML3

fedramp_moderate_rev_4_ac_3

Access Enforcement (AC-3)

nist_800_53_rev_5_ac_3

fedramp_low_rev_4_ac_3

fedramp_low_rev_4_ac_2

Account Management (AC-2)

rbi_cyber_security_annex_i_7_1

Annex I (7.1)

nist_800_53_rev_5_cm_5_1_a

CM-5(1)(a)

ffiec_d_3_pc_am_b_1

D3.PC.Am.B.1

ffiec_d_3_pc_am_b_16

D3.PC.Am.B.16

ffiec_d_3_pc_am_b_2

D3.PC.Am.B.2

ffiec_d_3_pc_am_b_3

D3.PC.Am.B.3

ffiec_d_3_pc_am_b_6

D3.PC.Am.B.6

ffiec_d_3_pc_im_b_7

D3.PC.Im.B.7

all_controls_iam

nist_csf_pr_ac_1

PR.AC-1

nist_csf_pr_ac_4

PR.AC-4

Ensure IAM policy should not grant full access to service

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: Ensure IAM policy should not grant full access to service

Description

Usage

SQL

Tags