Control: AWS > CIS v1 > 1 Identity and Access Management
Covers recommendations addressing Identity and Access Management.
Primary Policies
The following policies can be used to configure this control:
- 1 Identity and Access Management > 1.01 Avoid the use of the "root" account (Scored)
- 1 Identity and Access Management > 1.02 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)
- 1 Identity and Access Management > 1.03 Ensure credentials unused for 90 days or greater are disabled (Scored)
- 1 Identity and Access Management > 1.04 Ensure access keys are rotated every 90 days or less (Scored)
- 1 Identity and Access Management > 1.05 Ensure IAM password policy requires at least one uppercase letter (Scored)
- 1 Identity and Access Management > 1.06 Ensure IAM password policy require at least one lowercase letter (Scored)
- 1 Identity and Access Management > 1.07 Ensure IAM password policy require at least one symbol (Scored)
- 1 Identity and Access Management > 1.08 Ensure IAM password policy require at least one number (Scored)
- 1 Identity and Access Management > 1.09 Ensure IAM password policy requires minimum length of 14 or greater (Scored)
- 1 Identity and Access Management > 1.10 Ensure IAM password policy prevents password reuse (Scored)
- 1 Identity and Access Management > 1.11 Ensure IAM password policy expires passwords within 90 days or less (Scored)
- 1 Identity and Access Management > 1.12 Ensure no root account access key exists (Scored)
- 1 Identity and Access Management > 1.13 Ensure MFA is enabled for the "root" account (Scored)
- 1 Identity and Access Management > 1.14 Ensure hardware MFA is enabled for the "root" account (Scored)
- 1 Identity and Access Management > 1.15 Ensure security questions are registered in the AWS account (Not Scored)
- 1 Identity and Access Management > 1.15 Ensure security questions are registered in the AWS account (Not Scored) > Attestation
- 1 Identity and Access Management > 1.16 Ensure IAM policies are attached only to groups or roles (Scored)
- 1 Identity and Access Management > 1.17 Maintain current contact details (Not Scored)
- 1 Identity and Access Management > 1.17 Maintain current contact details (Not Scored) > Attestation
- 1 Identity and Access Management > 1.18 Ensure security contact information is registered (Not Scored)
- 1 Identity and Access Management > 1.18 Ensure security contact information is registered (Not Scored) > Attestation
- 1 Identity and Access Management > 1.19 Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)
- 1 Identity and Access Management > 1.19 Ensure IAM instance roles are used for AWS resource access from instances (Not Scored) > Attestation
- 1 Identity and Access Management > 1.21 Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)
- 1 Identity and Access Management > 1.22 Ensure IAM policies that allow full "*:*"; administrative privileges are not created (Scored)
- 1 Identity and Access Management
Category
In Your Workspace
Developers
- tmod:@turbot/aws-cisv1#/control/types/s01
- tmod:@turbot/cis#/control/categories/cis
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-cisv1#/control/types/s01"
Get Controls
Control Type URI
Category URI
GraphQL
CLI