This rule mandates rotating IAM user access keys every 90 days to enhance security measures.
Rule | IAM user access keys should be rotated at least every 90 days |
Framework | Federal Financial Institutions Examination Council (FFIEC) |
Severity | ✔ Low |
Rule Description:
IAM user access keys should be rotated at least every 90 days for compliance with the Federal Financial Institutions Examination Council (FFIEC) guidelines. This rule ensures that access keys used by IAM users to authenticate themselves and access resources within the organization's AWS account are regularly changed. Rotating access keys reduces the risk of unauthorized access and helps maintain the security and integrity of sensitive data.
Troubleshooting Steps:
If there are issues or concerns related to access key rotation, here are some troubleshooting steps to consider:
Verify Compliance Requirements: Ensure that rotating IAM user access keys every 90 days aligns with the specific compliance requirements set by FFIEC. Review the organization's security policies and guidelines to confirm the desired access key rotation frequency.
Check IAM User Policies: Validate that the IAM user policies in place allow access key rotation. Look for any explicit denials or restrictions on key rotation. Adjust policies as needed to enable access key rotation.
Review Access Key Creation Date: Identify IAM users whose access keys have been active for more than 90 days. Verify the creation date of each access key to determine whether it needs to be rotated.
Generate New Access Keys: For IAM users with access keys older than 90 days, generate new access keys using the AWS Management Console, AWS CLI, or AWS SDKs. Generate a new access key pair for each user, as a best practice.
Update Applications and Scripts: Update any applications or scripts that use the old access keys for authentication. Replace the old access keys with the newly generated ones to avoid any service disruptions.
Necessary Codes:
No specific codes are required for this rule. The necessary steps can be performed using AWS Management Console, AWS CLI, or AWS SDKs.
Step-by-Step Guide for Remediation:
Follow these steps to rotate IAM user access keys every 90 days:
It is important to establish a regular schedule to review and rotate all IAM user access keys to maintain a high level of security within the AWS environment.