Benchmark: 8.2.5: Access for terminated users is immediately revoked
Description
If an employee or third party/vendor has left the company and still has access to the network via their user account, unnecessary or malicious access to cardholder data could occur—either by the former employee or by a malicious user who exploits the old and/or unused account.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 8.2.5: Access for terminated users is immediately revoked.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_8_2_5
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_8_2_5 --share
Controls
- EC2 instances should not use key pairs in running state
- IAM groups should have at least one user
- IAM policy should be in use
- IAM root user should not have access keys
- IAM users should be in at least one group
- Ensure a log metric filter and alarm exist for usage of 'root' account