Citation Mapping
Project 24131 –
Task 950339
Instructions: Map a Citation from the Authority Document. | Task Description: Map the "1.12" Citation | Authority Document URL: Website URI Document URI |
Citation Reference: 1.12
Citation Guidance:
Ensure credentials unused for 45 days or greater are disabled (Automated)
Description:
AWS IAM users can access AWS resources using different types of credentials, such as passwords or access keys. It is recommended that all credentials that have been unused in 45 or greater days be deactivated or removed.
Rationale:
Disabling or removing unnecessary credentials will reduce the window of opportunity for credentials associated with a compromised or abandoned account to be used.
Audit:
Perform the following to determine if unused credentials exist:
From Console:
1. Login to the AWS Management Console
2. Click Services
3. Click IAM
4. Click on Users
5. Click the Settings (gear) icon.
6. Select Console last sign-in, Access key last used, and Access Key Id
7. Click on Close
8. Check and ensure that Console last sign-in is less than 45 days ago.
Note - Never means the user has never logged in.
9. Check and ensure that Access key age is less than 45 days and that Access key last used does not say None If the user hasn't signed into the Console in the last 45 days or Access keys are over 45 days old refer to the remediation.
From Command Line:
Download Credential Report:
1. Run the following commands:
aws iam generate-credential-report
aws iam get-credential-report --query 'Content' --output text | base64 -d | cut -d, -f1,4,5,6,9,10,11,14,15,16 | grep -v '^ |
Why are you sending the task back? (optional)