Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

IAM User should not have any Inline or Attached Policies

This rule states that IAM users must not possess any inline or attached policies for enhanced security measures.

RuleIAM user should not have any inline or attached policies
FrameworkNIST 800-171 Revision 2
Severity
Low

Rule Description

Any IAM user in the system should not have any inline or attached policies that are not compliant with the NIST 800-171 Revision 2 standard. This rule aims to ensure that all IAM users adhere to the required security controls and protections outlined in the NIST 800-171 guidelines.

Rule Justification

The NIST 800-171 Revision 2 standard provides a set of security controls for protecting the confidentiality, integrity, and availability of Controlled Unclassified Information (CUI). By enforcing this rule, the organization ensures that IAM users do not have any inappropriate permissions or policies that could potentially lead to the compromise of sensitive data.

Troubleshooting Steps

If an IAM user is found to have inline or attached policies that are not compliant with NIST 800-171 Revision 2, follow these troubleshooting steps to resolve the issue:

  2. 1.

    Identify the IAM user(s) with non-compliant policies:

    • Access the AWS Management Console.
    • Navigate to the IAM service.
    • Go to the Users section and search for the IAM user(s) with non-compliant policies.
    • Note down the username(s) of the affected user(s).
  4. 2.

    Review and validate the non-compliant policies:

    • Select each IAM user with non-compliant policies.
    • Review the list of inline and attached policies associated with the user.
    • Verify if any policy violates the NIST 800-171 Revision 2 standard.
    • Take note of the specific policy names or content that is non-compliant.
  6. 3.

    Remediate non-compliant policies:

    • Detach any non-compliant attached policies:

      • Select the IAM user.
      • Go to the Permissions tab.
      • Under the "Managed policies" section, click on the attached policy(s) that are non-compliant.
      • Click "Detach policy" to remove the non-compliant policy.

    • Remove any non-compliant inline policies:

      • Select the IAM user.
      • Go to the Permissions tab.
      • Under the "Inline policies" section, click on the non-compliant policy(s).
      • Click "Delete" to remove the non-compliant policy.
  8. 4.

    Re-evaluate permissions and assign compliant policies:

    • Review the remaining policies for the IAM user.
    • Ensure that only policies compliant with NIST 800-171 Revision 2 are attached or inline.
    • If necessary, create and attach new policies that align with the required security controls.
    • Test the user's permissions to ensure they have the access necessary to perform their authorized tasks without violating the NIST 800-171 Revision 2 standard.

Necessary Code

No specific code is required for this remediation process. The remediation steps involve manual actions performed through the AWS Management Console.

Remediation Steps Summary

  2. 1.
    Identify the IAM user(s) with non-compliant policies.
  4. 2.
    Review and validate the non-compliant policies.
  6. 3.
    Detach any non-compliant attached policies.
  8. 4.
    Remove any non-compliant inline policies.
  10. 5.
    Re-evaluate permissions and assign compliant policies.
  12. 6.
    Test the user's permissions to ensure compliance with NIST 800-171 Revision 2.

Is your System Free of Underlying Vulnerabilities?
Find Out Now