Policy: AWS > CIS v1 > 1 Identity and Access Management

Resource Types

This policy targets the following resource types:

• AWS > Account

Primary Policy

This policy is used with the following primary policy:

• AWS > CIS v1

Related Policies

• 1.01 Avoid the use of the "root" account (Scored)
• 1.02 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)
• 1.03 Ensure credentials unused for 90 days or greater are disabled (Scored)
• 1.04 Ensure access keys are rotated every 90 days or less (Scored)
• 1.05 Ensure IAM password policy requires at least one uppercase letter (Scored)
• 1.06 Ensure IAM password policy require at least one lowercase letter (Scored)
• 1.07 Ensure IAM password policy require at least one symbol (Scored)
• 1.08 Ensure IAM password policy require at least one number (Scored)
• 1.09 Ensure IAM password policy requires minimum length of 14 or greater (Scored)
• 1.10 Ensure IAM password policy prevents password reuse (Scored)
• 1.11 Ensure IAM password policy expires passwords within 90 days or less (Scored)
• 1.12 Ensure no root account access key exists (Scored)
• 1.13 Ensure MFA is enabled for the "root" account (Scored)
• 1.14 Ensure hardware MFA is enabled for the "root" account (Scored)
• 1.15 Ensure security questions are registered in the AWS account (Not Scored)
• 1.16 Ensure IAM policies are attached only to groups or roles (Scored)
• 1.17 Maintain current contact details (Not Scored)
• 1.18 Ensure security contact information is registered (Not Scored)
• 1.19 Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)
• 1.21 Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)
• 1.22 Ensure IAM policies that allow full "*:*"; administrative privileges are not created (Scored)

Controls

• AWS > CIS v1
• AWS > CIS v1 > 1 Identity and Access Management

Policy Specification

string

Skip

Category

• CIS

In Your Workspace

• Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/cis

Policy Type URI

tmod:@turbot/aws-cisv1#/policy/types/s01

GraphQL

query policyType(id: "tmod:@turbot/aws-cisv1#/policy/types/s01") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-cisv1#/policy/types/s01'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-cisv1#/policy/types/s01'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-cisv1#/policy/types/s01"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-cisv1#/policy/types/s01"