Skip to main content

๐Ÿ’ผ 1 Identity and Access Management

  • Contextual name: ๐Ÿ’ผ 1 Identity and Access Management
  • ID: /frameworks/cis-aws-v3.0.0/01
  • Located in: ๐Ÿ’ผ CIS AWS v3.0.0

Descriptionโ€‹

This section contains recommendations for configuring identity and access management related options.

Similarโ€‹

  • Internal
    • ID: dec-b-689504a3

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 1.1 Maintain current contact details - Level 1 (Manual)1
๐Ÿ’ผ 1.2 Ensure security contact information is registered - Level 1 (Manual)1
๐Ÿ’ผ 1.3 Ensure security questions are registered in the AWS account - Level 1 (Manual)
๐Ÿ’ผ 1.4 Ensure no 'root' user account access key exists - Level 1 (Automated)11
๐Ÿ’ผ 1.5 Ensure MFA is enabled for the 'root' user account - Level 1 (Automated)1
๐Ÿ’ผ 1.6 Ensure hardware MFA is enabled for the 'root' user account - Level 2 (Manual)1
๐Ÿ’ผ 1.7 Eliminate use of the 'root' user for administrative and daily tasks - Level 1 (Manual)11
๐Ÿ’ผ 1.8 Ensure IAM password policy requires minimum length of 14 or greater - Level 1 (Automated)1
๐Ÿ’ผ 1.9 Ensure IAM password policy prevents password reuse - Level 1 (Automated)11
๐Ÿ’ผ 1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password - Level 1 (Automated)1
๐Ÿ’ผ 1.11 Do not setup access keys during initial user setup for all IAM users that have a console password - Level 1 (Manual)11
๐Ÿ’ผ 1.12 Ensure credentials unused for 45 days or greater are disabled - Level 1 (Automated)1
๐Ÿ’ผ 1.13 Ensure there is only one active access key available for any single IAM user - Level 1 (Automated)11
๐Ÿ’ผ 1.14 Ensure access keys are rotated every 90 days or less - Level 1 (Automated)11
๐Ÿ’ผ 1.15 Ensure IAM Users Receive Permissions Only Through Groups - Level 1 (Automated)11
๐Ÿ’ผ 1.16 Ensure IAM policies that allow full ":" administrative privileges are not attached - Level 1 (Automated)1
๐Ÿ’ผ 1.17 Ensure a support role has been created to manage incidents with AWS Support - Level 1 (Automated)1
๐Ÿ’ผ 1.18 Ensure IAM instance roles are used for AWS resource access from instances - Level 2 (Automated)11
๐Ÿ’ผ 1.19 Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed - Level 1 (Automated)11
๐Ÿ’ผ 1.20 Ensure that IAM Access analyzer is enabled for all regions - Level 1 (Automated)11
๐Ÿ’ผ 1.21 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments - Level 2 (Manual)1
๐Ÿ’ผ 1.22 Ensure access to AWSCloudShellFullAccess is restricted - Level 1 (Manual)1