aws_compliance

AWS Compliance

AWS Identity and Access Management (IAM) can help you incorporate the principles of least privilege and separation of duties with access permissions and authorizations, restricting policies from containing 'Effect': 'Allow' with 'Action': '*' over 'Resource': '*'.

iam_policy_no_star_star

gxp_21_cfr_part_11_11_10_d

11.10(d) Limiting system access to authorized individuals

gxp_21_cfr_part_11_11_10_g

11.10(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand

hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_b

164.308(a)(1)(ii)(B) Risk management

hipaa_security_rule_2003_164_308_a_1_ii_b

hipaa_security_rule_2003_164_308_a_3_i

164.308(a)(3)(i) Workforce security

hipaa_final_omnibus_security_rule_2013_164_308_a_3_i

hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_a

164.308(a)(3)(ii)(A) Authorization and/or supervision

hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_b

164.308(a)(3)(ii)(B) Workforce clearance procedure

hipaa_security_rule_2003_164_308_a_3_ii_b

hipaa_final_omnibus_security_rule_2013_164_308_a_4_i

164.308(a)(4)(i) Information access management

hipaa_security_rule_2003_164_308_a_4_i

hipaa_security_rule_2003_164_308_a_4_ii_b

164.308(a)(4)(ii)(B) Access authorization

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_b

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_c

164.308(a)(4)(ii)(C) Access establishment and modification

hipaa_security_rule_2003_164_308_a_4_ii_c

hipaa_final_omnibus_security_rule_2013_164_312_a_1

164.312(a)(1) Access control

hipaa_security_rule_2003_164_312_a_1

nist_800_171_rev_2_3_1_1

3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems)

nist_800_171_rev_2_3_1_2

3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute

nist_800_171_rev_2_3_1_4

3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion

nist_800_171_rev_2_3_1_5

3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts

nist_800_171_rev_2_3_1_6

3.1.6 Use non-privileged accounts or roles when accessing nonsecurity functions

nist_800_171_rev_2_3_1_7

3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs

rbi_itf_nbfc_3_1_c

3.1.c Role based Access Control

nist_800_171_rev_2_3_13_3

3.13.3 Separate user functionality from system management functionality

cis_controls_v8_ig1_3_3

3.3 Configure Data Access Control Lists

nist_800_171_rev_2_3_4_6

3.4.6 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities

cis_controls_v8_ig1_4_6

4.6 Securely Manage Enterprise Assets and Software

cis_controls_v8_ig1_5_4

5.4 Restrict Administrator Privileges to Dedicated Administrator Accounts

nydfs_23_500_02_b_2

500.02(b)(2)

nydfs_23_500_07

500.07 Access Privileges and Management

pci_dss_v321_requirement_7_2_1

7.2.1 Confirm that access control systems are in place on all system components

rbi_itf_nbfc_8_I

8.I Basic Security Aspects

rbi_itf_nbfc_8_II

8.II User Role

nist_800_53_rev_5_ac_2_1

AC-2(1) Automated System Account Management

fedramp_moderate_rev_4_ac_2_1

nist_800_53_rev_5_ac_2_6

AC-2(6) Dynamic Privilege Management

fedramp_moderate_rev_4_ac_2_f

AC-2(f)

nist_800_53_rev_5_ac_2_i_2

AC-2(i)(2)

fedramp_moderate_rev_4_ac_2_j

AC-2(j)

nist_800_53_rev_5_ac_3_12_a

AC-3(12)(a)

nist_800_53_rev_5_ac_3_13

AC-3(13) Attribute-Based Access Control

nist_800_53_rev_5_ac_3_15_a

AC-3(15)(a)

nist_800_53_rev_5_ac_3_15_b

AC-3(15)(b)

nist_800_53_rev_5_ac_3_3

AC-3(3) Mandatory Access Control

nist_800_53_rev_5_ac_3_3_a

AC-3(3)(a)

nist_800_53_rev_5_ac_3_3_b_1

AC-3(3)(b)(1)

nist_800_53_rev_5_ac_3_3_b_2

AC-3(3)(b)(2)

nist_800_53_rev_5_ac_3_3_b_3

AC-3(3)(b)(3)

nist_800_53_rev_5_ac_3_3_b_4

AC-3(3)(b)(4)

nist_800_53_rev_5_ac_3_3_b_5

AC-3(3)(b)(5)

nist_800_53_rev_5_ac_3_3_c

AC-3(3)(c)

nist_800_53_rev_5_ac_3_4

AC-3(4) Discretionary Access Control

nist_800_53_rev_5_ac_3_4_a

AC-3(4)(a)

nist_800_53_rev_5_ac_3_4_b

AC-3(4)(b)

nist_800_53_rev_5_ac_3_4_c

AC-3(4)(c)

nist_800_53_rev_5_ac_3_4_d

AC-3(4)(d)

nist_800_53_rev_5_ac_3_4_e

AC-3(4)(e)

nist_800_53_rev_5_ac_3_7

AC-3(7) Role-Based Access Control

nist_800_53_rev_5_ac_3_8

AC-3(8) Revocation Of Access Authorizations

nist_800_53_rev_5_ac_4_28

AC-4(28) Linear Filter Pipelines

nist_800_53_rev_5_ac_5_b

AC-5(b)

fedramp_moderate_rev_4_ac_5_c

AC-5(c)

nist_800_53_rev_5_ac_6_10

AC-6(10)

fedramp_moderate_rev_4_ac_6_10

AC-6(10) Prohibit Non-Privileged Users From Executing Privileged Functions

nist_800_53_rev_5_ac_6_2

AC-6(2)

nist_800_53_rev_5_ac_6_3

AC-6(3)

acsc_essential_eight_ml_1_5_2

ACSC-EE-ML1-5.2: Restrict administrative privileges ML1

acsc_essential_eight_ml_1_5_5

ACSC-EE-ML1-5.5: Restrict administrative privileges ML1

acsc_essential_eight_ml_2_5_10

ACSC-EE-ML2-5.10: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_2

ACSC-EE-ML2-5.2: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_3

ACSC-EE-ML2-5.3: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_4

ACSC-EE-ML2-5.4: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_5

ACSC-EE-ML2-5.5: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_6

ACSC-EE-ML2-5.6: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_8

ACSC-EE-ML2-5.8: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_8_6

ACSC-EE-ML2-8.6: Regular backups ML2

acsc_essential_eight_ml_2_8_8

ACSC-EE-ML2-8.8: Regular backups ML2

acsc_essential_eight_ml_3_5_12

ACSC-EE-ML3-5.12: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_2

ACSC-EE-ML3-5.2: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_3

ACSC-EE-ML3-5.3: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_5

ACSC-EE-ML3-5.5: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_6

ACSC-EE-ML3-5.6: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_7

ACSC-EE-ML3-5.7: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_9

ACSC-EE-ML3-5.9: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_8_6

ACSC-EE-ML3-8.6: Regular backups ML3

acsc_essential_eight_ml_3_8_8

ACSC-EE-ML3-8.8: Regular backups ML3

nist_800_53_rev_5_ac_24

Access Control Decisions (AC-24)

fedramp_low_rev_4_ac_3

Access Enforcement (AC-3)

nist_800_53_rev_4_ac_3

nist_800_53_rev_5_ac_3

fedramp_moderate_rev_4_ac_3

fedramp_low_rev_4_ac_2

Account Management (AC-2)

nist_800_53_rev_4_ac_2

rbi_cyber_security_annex_i_7_1

Annex I (7.1)

fedramp_moderate_rev_4_sc_2

Application Partitioning (SC-2)

nist_800_53_rev_4_sc_2

article_25

Article 25 Data protection by design and by default

soc_2_cc_1_3

CC1.3 COSO Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives

soc_2_cc_6_1

CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives

IAM policy should not have statements with admin access

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: IAM policy should not have statements with admin access

Description

Usage

SQL

Tags