Ensure credentials unused for 45 days or greater are disabled Description: AWS IAM users can access AWS resources using different types of credentials, such as passwords or access keys. It is recommended that all credentials that have been unused in 45 or greater days be deactivated or removed. Rati… (1.12, CIS Amazon Web Services Foundations Benchmark, v1.4.0, Level 1)
Ensure credentials unused for 45 days or greater are disabled Description: AWS IAM users can access AWS resources using different types of credentials, such as passwords or access keys. It is recommended that all credentials that have been unused in 45 or greater days be deactivated or removed. Rati… (1.12, CIS Amazon Web Services Foundations Benchmark, v1.4.0, Level 2)
initialize authenticator content; (5.7.1 ¶ 1(h), IEC 62443-3-3: Industrial communication networks â Network and system security â Part 3-3: System security requirements and security levels, Edition 1)
support the use of initial authenticator content; (5.7.1 ¶ 1 a), IEC 62443-4-2: Security for industrial automation and control systems â Part 4-2: Technical security requirements for IACS components, Edition 1.0)
If passwords/passphrases are used as the only authentication factor for user access, inspect system configuration settings to verify that passwords/passphrases are managed in accordance with ONE of the elements specified in this requirement. (8.3.9, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
Additional testing procedure for service provider assessments only: If passwords/passphrases are used as the only authentication factor for customer user access, inspect system configuration settings to verify that passwords/passphrases are managed in accordance with ONE of the elements specified in… (8.3.10.1, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
Examine user account lists on system components and applicable documentation to verify that shared authentication credentials are only used when necessary, on an exception basis, and are managed in accordance with all elements specified in this requirement. (8.2.2.a, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)