turbot/github_compliance
GitHub
Loading controls...

Control: 4.2.3 Ensure user access to the package registry utilizes Multi-Factor Authentication (MFA)

Description

Enforce Multi-Factor Authentication (MFA) for user access to the package registry.

Rationale

By default, every user authenticates to the system by password only. If a user's password is compromised, the user account and all its related packages are in danger of data theft and malicious builds. It is therefore recommended that each user enables Multi-Factor Authentication. This additional step guarantees that the account stays secure even if the user's password is compromised, as it adds another layer of authentication.

Audit

For each package registry in use, verify that Multi-Factor Authentication is enforced and is the only way to authenticate.

Remediation

For each package registry in use, enforce Multi-Factor Authentication as the only way to authenticate.

Usage

Run the control in your terminal:

steampipe check github_compliance.control.cis_supply_chain_v100_4_2_3

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share github_compliance.control.cis_supply_chain_v100_4_2_3

SQL

This control uses a named query:

org_two_factor_required

Tags