| 💼 2.1 Organizations | 6 | | | | no data |
|  💼 2.1.1 Ensure centralized root access in AWS Organizations (Manual) | | | | | no data |
|  💼 2.1.2 Ensure authorization guardrails for all AWS Organization accounts (Manual) | | | | | no data |
|  💼 2.1.3 Ensure Organizations management account is not used for workloads (Manual) | | | | | no data |
|  💼 2.1.4 Ensure Organizational Units are structured by environment and sensitivity (Manual | | | | | no data |
|  💼 2.1.5 Ensure delegated admin manages AWS Organizations policies (Manual) | | | | | no data |
|  💼 2.1.6 Ensure delegated admins manage AWS Organizations-integrated services (Manual) | | | | | no data |
| 💼 2.2 Maintain current AWS account contact details (Manual) | | | 1 | | no data |
| 💼 2.3 Ensure security contact information is registered (Manual) | | | 1 | | no data |
| 💼 2.4 Ensure no 'root' user account access key exists (Automated) | | | 1 | | no data |
| 💼 2.5 Ensure MFA is enabled for the 'root' user account (Automated) | | | 1 | | no data |
| 💼 2.6 Ensure hardware MFA is enabled for the 'root' user account (Manual) | | | 1 | | no data |
| 💼 2.7 Eliminate use of the 'root' user for administrative and daily tasks (Manual) | | | 1 | | no data |
| 💼 2.8 Ensure IAM password policy requires minimum length of 14 or greater (Automated) | | | 1 | | no data |
| 💼 2.9 Ensure IAM password policy prevents password reuse (Automated) | | | 1 | | no data |
| 💼 2.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Automated) | | | 1 | | no data |
| 💼 2.11 Ensure credentials unused for 45 days or more are disabled (Automated) | | | 1 | | no data |
| 💼 2.12 Ensure access keys are rotated every 90 days or less (Automated) | | | 1 | | no data |
| 💼 2.13 Ensure IAM users receive permissions only through groups (Automated) | | | 1 | | no data |
| 💼 2.14 Ensure IAM policies that allow full ":" administrative privileges are not attached (Automated) | | | 1 | | no data |
| 💼 2.15 Ensure a support role has been created to manage incidents with AWS Support (Automated) | | | 1 | | no data |
| 💼 2.16 Ensure IAM instance roles are used for AWS resource access from instances (Automated) | | | 1 | | no data |
| 💼 2.17 Ensure that all expired SSL/TLS certificates stored in AWS IAM are removed (Automated) | | | 1 | | no data |
| 💼 2.18 Ensure that IAM External Access Analyzer is enabled for all regions (Automated) | | | 1 | | no data |
| 💼 2.19 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments (Manual) | | | 1 | | no data |
| 💼 2.20 Ensure access to AWSCloudShellFullAccess is restricted (Manual) | | | 1 | | no data |
| 💼 2.21 Ensure AWS resource policies do not allow unrestricted access using 'Principal': '*' (Manual) | | | | | no data |