| 💼 2.1 Maintain current contact details (Manual) | | | 1 | | no data |
| 💼 2.2 Ensure security contact information is registered (Manual) | | | 1 | | no data |
| 💼 2.3 Ensure no 'root' user account access key exists (Automated) | | | 1 | | no data |
| 💼 2.4 Ensure MFA is enabled for the 'root' user account (Automated) | | | 1 | | no data |
| 💼 2.5 Ensure hardware MFA is enabled for the 'root' user account (Manual) | | | 1 | | no data |
| 💼 2.6 Eliminate use of the 'root' user for administrative and daily tasks (Manual) | | | 1 | | no data |
| 💼 2.7 Ensure IAM password policy requires minimum length of 14 or greater (Automated) | | | 1 | | no data |
| 💼 2.8 Ensure IAM password policy prevents password reuse (Automated) | | | 1 | | no data |
| 💼 2.9 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Automated) | | | 1 | | no data |
| 💼 2.10 Do not create access keys during initial setup for IAM users with a console password (Manual) | | | 1 | | no data |
| 💼 2.11 Ensure credentials unused for 45 days or more are disabled (Automated) | | | 1 | | no data |
| 💼 2.12 Ensure there is only one active access key for any single IAM user (Automated) | | | 1 | | no data |
| 💼 2.13 Ensure access keys are rotated every 90 days or less (Automated) | | | 1 | | no data |
| 💼 2.14 Ensure IAM users receive permissions only through groups (Automated) | | | 1 | | no data |
| 💼 2.15 Ensure IAM policies that allow full ":" administrative privileges are not attached (Automated) | | | 1 | | no data |
| 💼 2.16 Ensure a support role has been created to manage incidents with AWS Support (Automated) | | | 1 | | no data |
| 💼 2.17 Ensure IAM instance roles are used for AWS resource access from instances (Automated) | | | 1 | | no data |
| 💼 2.18 Ensure that all expired SSL/TLS certificates stored in AWS IAM are removed (Automated) | | | 1 | | no data |
| 💼 2.19 Ensure that IAM External Access Analyzer is enabled for all regions (Automated) | | | 1 | | no data |
| 💼 2.20 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments (Manual) | | | 1 | | no data |
| 💼 2.21 Ensure access to AWSCloudShellFullAccess is restricted (Manual) | | | 1 | | no data |