Severity :
...
Low
Description: This control ensures that OCI IAM groups are created with IAM users and policies and are not empty. While having empty groups does not present a direct security risk, it does broaden the management landscape which could potentially introduce risks in the future. If empty IAM groups are reported , they should be removed.
Remediation Steps:
...
Perform following to remove empty IAM groups :
Login to the OCI console at https://www.oracle.com/cloud/sign-in.html .
In the navigation, Click Identity & Security.
Under Identity, click Groups.
Select the group reported from the list of groups. Make sure the right Compartment is selected.
Click Delete.
Confirm when prompted.
Important:
Reference: