An S3 bucket is configured to allow access control changes from any authenticated user
Historically, access to all Amazon S3 resources was controlled through an access control list (ACL). Now, Amazon recommends that you control S3 access instead by using IAM or S3 bucket policies. By default, only the account owner has access to an S3 bucket and its contents, but you can change the permissions to allow access by any authenticated user. If you provide unrestricted ability to change the bucket ACL, any AWS user can edit the permissions on objects in the bucket. Public control of bucket permissions is never appropriate, so we recommend that you disable "Write ACP" access.
You should only allow trusted users to make bucket ACL changes.
|Framework Name||Control #||Control Description|
|nist-sp800-171 Revision 1||3.4.6||Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.|