IAM.1

This AWS control checks whether the default version of AWS Identity and Access Management (IAM) policies (also known as customer managed policies) do not have administrator access with a statement that has Effect": "Allow" with "Action": "*" over "Resource": "*". It only checks for the Customer Managed Policies that you created; but not inline and AWS Managed Policies."