Skip to main content

๐Ÿ’ผ 1 Identity and Access Management

  • Contextual name: ๐Ÿ’ผ 1 Identity and Access Management
  • ID: /frameworks/cis-aws-v4.0.1/01
  • Located in: ๐Ÿ’ผ CIS AWS v4.0.1

Descriptionโ€‹

This section contains recommendations for configuring identity and access management related options.

Similarโ€‹

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 1.1 Maintain current contact details (Manual)1
๐Ÿ’ผ 1.2 Ensure security contact information is registered (Manual)1
๐Ÿ’ผ 1.3 Ensure security questions are registered in the AWS account (Manual)
๐Ÿ’ผ 1.4 Ensure no 'root' user account access key exists (Automated)1
๐Ÿ’ผ 1.5 Ensure MFA is enabled for the 'root' user account (Automated)1
๐Ÿ’ผ 1.6 Ensure hardware MFA is enabled for the 'root' user account (Manual)1
๐Ÿ’ผ 1.7 Eliminate use of the 'root' user for administrative and daily tasks (Manual)1
๐Ÿ’ผ 1.8 Ensure IAM password policy requires minimum length of 14 or greater (Automated)1
๐Ÿ’ผ 1.9 Ensure IAM password policy prevents password reuse (Automated)1
๐Ÿ’ผ 1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Automated)1
๐Ÿ’ผ 1.11 Do not create access keys during initial setup for IAM users with a console password (Manual)1
๐Ÿ’ผ 1.12 Ensure credentials unused for 45 days or more are disabled (Automated)1
๐Ÿ’ผ 1.13 Ensure there is only one active access key for any single IAM user (Automated)1
๐Ÿ’ผ 1.14 Ensure access keys are rotated every 90 days or less (Automated)1
๐Ÿ’ผ 1.15 Ensure IAM users receive permissions only through groups (Automated)1
๐Ÿ’ผ 1.16 Ensure IAM policies that allow full ":" administrative privileges are not attached (Automated)1
๐Ÿ’ผ 1.17 Ensure a support role has been created to manage incidents with AWS Support (Automated)1
๐Ÿ’ผ 1.18 Ensure IAM instance roles are used for AWS resource access from instances (Automated)1
๐Ÿ’ผ 1.19 Ensure that all expired SSL/TLS certificates stored in AWS IAM are removed (Automated)1
๐Ÿ’ผ 1.20 Ensure that IAM Access Analyzer is enabled for all regions (Automated)1
๐Ÿ’ผ 1.21 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments (Manual)1
๐Ÿ’ผ 1.22 Ensure access to AWSCloudShellFullAccess is restricted (Manual)1