Access key not rotated in the last 90 days

Authentication

Access key not rotated in the last 90 days

Risk Level

Hazardous (3)

Platform(s)

Compliance Frameworks

AliCloud CIS
Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
CPRA
Data Security Posture Management (DSPM) Best Practices
GDPR
HITRUST
ISO/IEC 27001
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

Access keys provide programmatic access to a given user. Since they are used in code, configuration files, on premise and cloud storages, they may be stolen, and therefore should be rotated often. We have found that the user {AliCloudUser} (ID: {AliCloudUser.UserId}) has an access key that was not rotated in the last 90 days.

Recommended Mitigation

Disable and delete the access key and create a new one, if needed.

Access key not rotated in the last 90 days

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS