zt_id_024 — Service principal credentials not rotated within 90 days¶
Summary
Severity: Medium · Pillar: Identity · Chain role: AMPLIFIER
Description¶
Service principal password credentials older than 90 days increase the risk of credential compromise through exposure in logs, configuration files, or developer workstations. Regular rotation limits the window of exploitation.
Mapping¶
| Framework | Control / Reference |
|---|---|
| NIST 800-53 | IA-5(1) |
| NIST 800-207 | Tenet 3 - Access granted on a per-session basis |
| CIS Azure | — |
| MITRE ATT&CK Technique | T1552 |
| MITRE ATT&CK Tactic | Credential Access |
| Zero-Trust Tenet | Tenet 3 |
| Framework tags | nist-800-207, argus-zt |
Source¶
Rule defined at policies/azure/zt/identity/zt_id_024.rego.