Benchmark: 1 Identity and Access Management

Usage

Browse dashboards and select 1 Identity and Access Management:

steampipe dashboard

Or run the benchmarks in your terminal:

steampipe check aws_compliance.benchmark.cis_v140_1

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share aws_compliance.benchmark.cis_v140_1

Controls

• 1.1 Maintain current contact details
• 1.2 Ensure security contact information is registered
• 1.3 Ensure security questions are registered in the AWS account
• 1.4 Ensure no 'root' user account access key exists
• 1.5 Ensure MFA is enabled for the 'root' user account
• 1.6 Ensure hardware MFA is enabled for the 'root' user account
• 1.7 Eliminate use of the 'root' user for administrative and daily tasks
• 1.8 Ensure IAM password policy requires minimum length of 14 or greater
• 1.9 Ensure IAM password policy prevents password reuse
• 1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
• 1.11 Do not setup access keys during initial user setup for all IAM users that have a console password
• 1.12 Ensure credentials unused for 45 days or greater are disabled
• 1.13 Ensure there is only one active access key available for any single IAM user
• 1.14 Ensure access keys are rotated every 90 days or less
• 1.15 Ensure IAM Users Receive Permissions Only Through Groups
• 1.16 Ensure IAM policies that allow full "*:*" administrative privileges are not attached
• 1.17 Ensure a support role has been created to manage incidents with AWS Support
• 1.18 Ensure IAM instance roles are used for AWS resource access from instances
• 1.19 Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
• 1.20 Ensure that IAM Access analyzer is enabled for all regions
• 1.21 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments

Tags