Loading controls...
Benchmark: 1 Identity and Access Management
Overview
This section contains recommendations for configuring identity and access management related options.
Usage
Browse dashboards and select 1 Identity and Access Management:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_compliance.benchmark.cis_v120_1Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.benchmark.cis_v120_1Controls
- 1.1 Avoid the use of the "root" account
- 1.2 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
- 1.3 Ensure credentials unused for 90 days or greater are disabled
- 1.4 Ensure access keys are rotated every 90 days or less
- 1.5 Ensure IAM password policy requires at least one uppercase letter
- 1.6 Ensure IAM password policy require at least one lowercase letter
- 1.7 Ensure IAM password policy require at least one symbol
- 1.8 Ensure IAM password policy require at least one number
- 1.9 Ensure IAM password policy requires minimum length of 14 or greater
- 1.10 Ensure IAM password policy prevents password reuse
- 1.11 Ensure IAM password policy expires passwords within 90 days or less
- 1.12 Ensure no root account access key exists
- 1.13 Ensure MFA is enabled for the "root" account
- 1.14 Ensure hardware MFA is enabled for the "root" account
- 1.15 Ensure security questions are registered in the AWS account
- 1.16 Ensure IAM policies are attached only to groups or roles
- 1.17 Maintain current contact details
- 1.18 Ensure security contact information is registered
- 1.19 Ensure IAM instance roles are used for AWS resource access from instances
- 1.20 Ensure a support role has been created to manage incidents with AWS Support
- 1.21 Do not setup access keys during initial user setup for all IAM users that have a console password
- 1.22 Ensure IAM policies that allow full "*:*" administrative privileges are not created