Assessing access assignment controls Beyond establishing who can access an environment and what they can do, another important area to assess is who can configure or modify access assignments for identities. In some environments, the assignment of access may be a completely automated procedure through account life cycle workflows. However, even with this automation, it’s […]
Category: AWS Certification Exam
Assessing privileged access controls – Walk-Through – Assessing IAM Controls
Assessing privileged access controls As an auditor, it’s important to understand who has been granted privileged access within an environment. Knowing who has been granted privileged access and whether that level of access is appropriate given the individual’s job responsibilities is often a foundational step before assessing other IT general computing controls. AWS IAM One […]
Assessing device controls – Walk-Through – Assessing IAM Controls
Assessing device controls In our last walk-through session for IAM controls, let’s look at assessing a common control related to devices – the configuration of multi-factor authentication (MFA). In our sample walk-through, we will validate whether MFA is being enforced for all users and their devices in our AWS and Microsoft Azure cloud environments. AWS […]