AWS KMS master key cross-account access

Data at risk

AWS KMS master key cross-account access

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
coppa
CPRA
Data Security Posture Management (DSPM) Best Practices
GDPR
HITRUST
iso_27001_2022
iso_27002_2022
Mitre ATT&CK
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
Orca Best Practices
PDPA
pipeda
UK Cyber Essentials

Description

It was found that external account has permissions on the following Key: {AwsKmsKey}. Permission have been given to the following accounts: {AwsKmsKey.CrossAccountFindings}. Ensure AWS KMS keys do not allow unknown or over-privileged cross-account access.

AWS KMS master key cross-account access

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS