A security engineer has recently rotated all IAM access keys in an AWS account and subsequently configured AWS Config to enable several managed rules, including mfa-enabled-for-iam-console-access, iam-user-mfa-enabled, access-keys-rotated, and iam-user-unused-credentials-check. Despite these actions, the security engineer observes that all resources are showing as noncompliant after invoking the IAM GenerateCredentialReport API operation. What might be a potential reason for these resources to be flagged as noncompliant?