add(control): IAM controls #827
Conversation
✅ Deploy Preview for common-cloud-controls ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
services/identity/iam/controls.yaml
Outdated
| - tlp-green | ||
| - tlp-amber | ||
| - tlp-red | ||
| recommendation: "" |
There was a problem hiding this comment.
IAM user credentials (such as passwords or access keys) that have not been used for 90 days or more must be automatically removed or deactivated.
services/identity/iam/controls.yaml
Outdated
| - tlp-green | ||
| - tlp-amber | ||
| - tlp-red | ||
| recommendation: "" |
There was a problem hiding this comment.
When a static credential such as an access key has existed for 90 days or more, it must be automatically rotated to reduce the risk of compromise due to long-term exposure. Organizations should implement automated checks to identify aging credentials and enforce rotation policies. Additionally, access key usage should be regularly monitored, and credentials that are no longer in use should be deactivated or deleted promptly. Where possible, prefer temporary, short-lived credentials over long-lived static ones to further minimize risk.
services/identity/iam/controls.yaml
Outdated
| - tlp-green | ||
| - tlp-amber | ||
| - tlp-red | ||
| recommendation: "" |
There was a problem hiding this comment.
When a new cloud account is provisioned, a password policy must be configured for all IAM users to align with the minimum requirements defined in PCI DSS v4.0.1. This includes, at a minimum:
- A password length of at least 12 characters.
- A mix of upper- and lower-case letters, numbers, and special characters.
- Prevention of the use of previously used passwords (password history).
- Password expiration at a defined interval (e.g., every 90 days).
- Account lockout after a defined number of failed login attempts.
|
Thank you for the review and suggestions @zigmax, I pushed an update adding the recommendations you suggested |
No description provided.