DORMANT.

38 access grants across production DB, AWS root, GitHub admin, Stripe, Vault. 13 dormant grants — last login over 90 days ago. 5 violate the over-privileged check at SOC2 CC6.2.

The grants nobody uses are the grants attackers love.

AR-016 · George A. · production DB REVOKE

Last login 73 days ago · admin role · no on-call rotation.

Revoke today, capture in evidence packet, attest in CC6.2.