k9 Security launches initial support for automated IAM security review with findings in OCSF format

by | Aug 22, 2025 | Announcements, Security

k9 Security now automates two critical IAM security review processes and produces high-signal findings in Open Cybersecurity Schema Framework (OCSF) format. This new capability significantly enhances your ability to identify and address critical IAM security risks in your AWS environment.

What’s included in this release

Every time k9 analyzes an AWS account, k9 now automatically reviews the access reports for two common, high-impact IAM security risks: Excess IAM admins and Stale API access keys.

Excess IAM Admins (K9-AWS-IAM-1.1 / Kata 1)

The Excess IAM Admin check (K9-AWS-IAM-1.1) executes Kata 1 and identifies principals with IAM administrator access that haven’t been used in the last 90 days or whose names don’t align with an expected administrative or operational role.

The finding description also recommends a remediation action:

Principal has administrator permissions but may not need those permissions because the principal has not been used in the last 90 days or its name does not indicate administrative/delivery/operational process. Recommended action: Remove or deny IAM administration privileges.

Stale API Access Keys (K9-AWS-IAM-3.1 / Kata 3)

The Stale API Access Key check (K9-AWS-IAM-3.1) executes Kata 3 and identifies IAM users with API access keys that are older than 90 days.

The finding description provides details about the key’s state and age, and also recommends a remediation action:

IAM user has a stale AWS API access key in an Inactive state. The key is 2032 days old and the max-allowed age is 90 days. Recommended action: Delete or rotate the stale API access key.

How IAM Security findings are delivered

For each issue detected, k9 generates detailed findings in OCSF format, reported in three ways:

  • JSON report: The findings member of the resource-access-audit report contains the complete OCSF finding.
  • Excel workbook: The Findings worksheet provides a flattened subset of the most relevant data for analysts.
  • CSV export: The findings.csv file offers the same subset for table-oriented tools and workflows.

Each finding includes enough information to pinpoint the affected resource, assess severity, and act on the recommended remediation.

Reducing risk with automated IAM checks

By automating the identification of these IAM findings, k9 helps your team:

  • Catch misconfigurations before they become incidents
  • Save hours of manual IAM review
  • Improve security and simplify compliance reporting

Reach out to [email protected] with any questions, and stay tuned for more updates as we continue to expand our automated security findings capabilities.