Skip to main content

๐Ÿ’ผ 1 Identity and Access Management

  • Contextual name: ๐Ÿ’ผ 1 Identity and Access Management
  • ID: /frameworks/cis-aws-v1.2.0/01
  • Located in: ๐Ÿ’ผ CIS AWS v1.2.0

Descriptionโ€‹

This section contains recommendations for configuring identity and access management related options.

Similarโ€‹

  • Internal
    • ID: dec-b-14fb33d3

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 1.1 Avoid the use of the "root" account11
๐Ÿ’ผ 1.2 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password1
๐Ÿ’ผ 1.3 Ensure credentials unused for 90 days or greater are disabled
๐Ÿ’ผ 1.4 Ensure access keys are rotated every 90 days or less11
๐Ÿ’ผ 1.5 Ensure IAM password policy requires at least one uppercase letter
๐Ÿ’ผ 1.6 Ensure IAM password policy require at least one lowercase letter
๐Ÿ’ผ 1.7 Ensure IAM password policy require at least one symbol
๐Ÿ’ผ 1.8 Ensure IAM password policy require at least one number
๐Ÿ’ผ 1.9 Ensure IAM password policy requires minimum length of 14 or greater1
๐Ÿ’ผ 1.10 Ensure IAM password policy prevents password reuse11
๐Ÿ’ผ 1.11 Ensure IAM password policy expires passwords within 90 days or less
๐Ÿ’ผ 1.12 Ensure no root account access key exists11
๐Ÿ’ผ 1.13 Ensure MFA is enabled for the "root" account1
๐Ÿ’ผ 1.14 Ensure hardware MFA is enabled for the "root" account1
๐Ÿ’ผ 1.15 Ensure security questions are registered in the AWS account
๐Ÿ’ผ 1.16 Ensure IAM policies are attached only to groups or roles11
๐Ÿ’ผ 1.17 Maintain current contact details1
๐Ÿ’ผ 1.18 Ensure security contact information is registered1
๐Ÿ’ผ 1.19 Ensure IAM instance roles are used for AWS resource access from instances11
๐Ÿ’ผ 1.20 Ensure a support role has been created to manage incidents with AWS Support1
๐Ÿ’ผ 1.21 Do not setup access keys during initial user setup for all IAM users that have a console password11
๐Ÿ’ผ 1.22 Ensure IAM policies that allow full ":" administrative privileges are not created11