Control: AWS > CIS v1 > 1 Identity and Access Management

Primary Policies

The following policies can be used to configure this control:

• 1 Identity and Access Management > 1.01 Avoid the use of the "root" account (Scored)
• 1 Identity and Access Management > 1.02 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)
• 1 Identity and Access Management > 1.03 Ensure credentials unused for 90 days or greater are disabled (Scored)
• 1 Identity and Access Management > 1.04 Ensure access keys are rotated every 90 days or less (Scored)
• 1 Identity and Access Management > 1.05 Ensure IAM password policy requires at least one uppercase letter (Scored)
• 1 Identity and Access Management > 1.06 Ensure IAM password policy require at least one lowercase letter (Scored)
• 1 Identity and Access Management > 1.07 Ensure IAM password policy require at least one symbol (Scored)
• 1 Identity and Access Management > 1.08 Ensure IAM password policy require at least one number (Scored)
• 1 Identity and Access Management > 1.09 Ensure IAM password policy requires minimum length of 14 or greater (Scored)
• 1 Identity and Access Management > 1.10 Ensure IAM password policy prevents password reuse (Scored)
• 1 Identity and Access Management > 1.11 Ensure IAM password policy expires passwords within 90 days or less (Scored)
• 1 Identity and Access Management > 1.12 Ensure no root account access key exists (Scored)
• 1 Identity and Access Management > 1.13 Ensure MFA is enabled for the "root" account (Scored)
• 1 Identity and Access Management > 1.14 Ensure hardware MFA is enabled for the "root" account (Scored)
• 1 Identity and Access Management > 1.15 Ensure security questions are registered in the AWS account (Not Scored)
• 1 Identity and Access Management > 1.15 Ensure security questions are registered in the AWS account (Not Scored) > Attestation
• 1 Identity and Access Management > 1.16 Ensure IAM policies are attached only to groups or roles (Scored)
• 1 Identity and Access Management > 1.17 Maintain current contact details (Not Scored)
• 1 Identity and Access Management > 1.17 Maintain current contact details (Not Scored) > Attestation
• 1 Identity and Access Management > 1.18 Ensure security contact information is registered (Not Scored)
• 1 Identity and Access Management > 1.18 Ensure security contact information is registered (Not Scored) > Attestation
• 1 Identity and Access Management > 1.19 Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)
• 1 Identity and Access Management > 1.19 Ensure IAM instance roles are used for AWS resource access from instances (Not Scored) > Attestation
• 1 Identity and Access Management > 1.21 Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)
• 1 Identity and Access Management > 1.22 Ensure IAM policies that allow full "*:*"; administrative privileges are not created (Scored)
• 1 Identity and Access Management

Category

• CIS

In Your Workspace

• Controls by Resource report
• Controls by Control Type report

Developers

Control Type URI

tmod:@turbot/aws-cisv1#/control/types/s01

Category URI

tmod:@turbot/cis#/control/categories/cis

GraphQL

query controlType(id: "tmod:@turbot/aws-cisv1#/control/types/s01") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-cisv1#/control/types/s01'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-cisv1#/control/types/s01"