aws_compliance

This control checks if customer managed IAM policies are attached to an AWS Identity and Access Management (IAM) role. The rule is non-compliant if a customer managed IAM policy is not attached to any IAM role.

iam_custom_managed_policy_attached_to_role

gxp_21_cfr_part_11_11_10_d

11.10(d) Limiting system access to authorized individuals

cis_controls_v8_ig1_3_3

3.3 Configure Data Access Control Lists

pci_dss_v40_requirement_7_2_1

7.2.1: An access control model is defined and includes granting access

pci_dss_v40_requirement_7_2_2

7.2.2: Access is assigned to users, including privileged users

pci_dss_v40_requirement_7_2_5

7.2.5: All application and system accounts and related access privileges are assigned and managed

pci_dss_v40_requirement_7_3_1

7.3.1: An access control system(s) is in place that restricts access based on a user's need to know and covers all system components

pci_dss_v40_requirement_7_3_2

7.3.2: The access control system(s) is configured to enforce permissions assigned to individuals, applications, and systems based on job classification and function

pci_dss_v40_requirement_7_3_3

7.3.3: The access control system(s) is set to “deny all” by default

pci_dss_v40_requirement_8_2_7

8.2.7: Accounts used by third parties to access, support, or maintain system components via remote access are managed

pci_dss_v40_requirement_8_2_8

8.2.8: If a user session has been idle for more than 15 minutes, the user is required to re-authenticate to re-activate the terminal or session

pci_dss_v40_requirement_8_3_4

8.3.4: Invalid authentication attempts are limited

acsc_essential_eight_ml_2_5_2

ACSC-EE-ML2-5.2: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_3

ACSC-EE-ML2-5.3: Restrict administrative privileges ML2

acsc_essential_eight_ml_3_5_2

ACSC-EE-ML3-5.2: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_3

ACSC-EE-ML3-5.3: Restrict administrative privileges ML3

soc_2_cc_1_3

CC1.3 COSO Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives

soc_2_cc_6_3

CC6.3 The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity’s objectives

nist_csf_v2_gv_rr_01

GV.RR-01

nist_csf_v2_gv_rr_02

GV.RR-02

nist_csf_v2_gv_sc_02

GV.SC-02

all_controls_iam

nist_csf_v2_pr_aa_01

PR.AA-01

nist_csf_v2_pr_aa_02

PR.AA-02

nist_csf_v2_pr_aa_03

PR.AA-03

nist_csf_v2_pr_aa_05

PR.AA-05

nist_csf_pr_ac_1

PR.AC-1

nist_csf_pr_ac_4

PR.AC-4

IAM customer managed policies should be attached to IAM role

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: IAM customer managed policies should be attached to IAM role

Description

Usage

SQL

Tags