Data at risk

AWS KMS master key cross-account access

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCPA, coppa, CPRA, Data Security Posture Management (DSPM) Best Practices, GDPR, HITRUST, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, mpa, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, Orca Best Practices, PDPA, pipeda, UK Cyber Essentials

Description

It was found that external account has permissions on the following Key: {AwsKmsKey}. Permission have been given to the following accounts: {AwsKmsKey.CrossAccountFindings}. Ensure AWS KMS keys do not allow unknown or over-privileged cross-account access.