Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: IAM Policy Should Not Have Statements with Admin Access

This rule ensures IAM policies do not contain statements granting admin access.

RuleIAM policy should not have statements with admin access
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
High

Rule Description

The purpose of this rule/policy is to ensure that IAM (Identity and Access Management) policies within an organization do not contain statements granting administrative access for the NIST (National Institute of Standards and Technology) Cybersecurity Framework (CSF) version 1. The NIST CSF provides a blueprint for managing and reducing cybersecurity risk.

Remediation Steps

Step 1: Review existing IAM policies

  1. 1.
    Access the AWS Management Console.
  2. 2.
    Go to the IAM service.

Step 2: Identify policies with admin access

  1. 1.
    Within the IAM console, navigate to the "Policies" section.
  2. 2.
    Review each policy and its statements.
  3. 3.
    Look for policies that contain statements granting admin access for NIST CSF v1.

Step 3: Modify policies to remove admin access

  1. 1.
    Select the policy that contains admin access for NIST CSF v1.
  2. 2.
    Edit the policy.
  3. 3.
    Identify the specific statement(s) granting admin access.
  4. 4.
    Remove the statement(s) from the policy.

Step 4: Validate policy changes

  1. 1.
    Save the modified policy.
  2. 2.
    Test the new policy to ensure it no longer grants admin access for NIST CSF v1.

Troubleshooting Steps

If troubleshooting is needed, follow these steps:

Step 1: Identify the issue

  1. 1.
    Review the policy that was modified.
  2. 2.
    Verify if any errors or misconfigurations were made during the modification process.

Step 2: Rollback changes if necessary

  1. 1.
    If the issue is significant or there are unintended consequences, revert to the previous version of the policy.
  2. 2.
    Evaluate and validate the reverted policy to ensure it no longer grants admin access for NIST CSF v1.

Step 3: Analyze error logs or policies

  1. 1.
    Check error logs or review policy statements for any inconsistencies or mistakes.
  2. 2.
    Ensure the policy is correctly written, following the AWS IAM policy language syntax.

Step 4: Seek assistance from AWS support if needed

  1. 1.
    If troubleshooting steps do not resolve the issue, contact AWS support for further assistance.
  2. 2.
    Provide them with detailed information about the problem and the steps you've taken so far.

Necessary Code

No specific code examples are required for this rule. The remediation steps involve modifications within the AWS Management Console using its graphical UI.

Verification

To validate that the IAM policy no longer contains statements granting admin access for NIST CSF v1, follow these steps:

  1. 1.
    Test the modified policy by assigning it to an appropriate IAM user or group.
  2. 2.
    Attempt to perform administrative actions that were previously allowed with the policy.
  3. 3.
    Verify that the attempted administrative actions are denied or restricted.

If the administrative actions are denied or restricted as expected, the policy has been successfully remediated.

Is your System Free of Underlying Vulnerabilities?
Find Out Now