TF 0037 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Credentials which are no longer used should be disabled.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | AWS |
Description
CIS recommends that you remove or deactivate all credentials that have been unused in 90 days or more. Disabling or removing unnecessary credentials reduces the window of opportunity for credentials associated with a compromised or abandoned account to be used.
Resolution
Disable credentials which are no longer used.