OCI-004 Oracle Cloud Infrastructure (OCI)

Membership of the Administrators group is minimal.

Membership of the Administrators group is minimal.

Domain
Oracle Cloud Infrastructure (OCI)
Area
IAM
Automated / manual
Automated

Risk if it fails

Excess admins multiply takeover paths.

Every administrator is a master key to the tenancy. The fewer there are, the fewer accounts an attacker can target to gain total control.

How Tess tests it

1 test — each concludes only on cited evidence.

Membership of the Administrators group is minimal.

Automated
Procedure
List members of the Administrators group and validate each.

Read-only command 

oci iam group list-users --group-id <administrators-group-ocid> --query 'data[].name'

More in Oracle Cloud Infrastructure (OCI)

OCI-001 MFA is enforced for all IAM users, especially administrators. OCI-002 Customer secret keys / API keys are rotated regularly (<=90 days). OCI-003 A strong password policy is configured. OCI-005 IAM policies follow least privilege (no broad 'manage all-resources').

Want Tess to test OCI-004 against your evidence?

Book a demo