| π AWS Account IAM Password Policy minimum password length is 14 characters or less π’ | 1 | π’ x6 |
| π AWS Account IAM Password Policy Number of passwords to remember is not set to 24 π’ | 1 | π’ x6 |
| π AWS Account Root User credentials were used is the last 30 days π΄π’ | 1 | π΄ x1, π’ x6 |
| π AWS Account Root User has active access keys π’ | 1 | π’ x6 |
| π AWS IAM User Access Keys are not rotated every 90 days or less π’ | 1 | π’ x6 |
| π AWS IAM User has more than one active access key π’ | 1 | π’ x6 |
| π AWS IAM User with console and programmatic access set during the initial creation π’ | | π’ x3 |
| π AWS IAM User with credentials unused for 45 days or more is not disabled π’ | 1 | π’ x6 |
| π Consumer Google Accounts are used π’ | | π’ x3 |
| π Google IAM Service Account has User-Managed Keys π’ | 1 | π’ x6 |
| π Microsoft Entra ID Account Lockout Duration is not set 60 seconds or more π’ | | π’ x3 |
| π Microsoft Entra ID Account Lockout Threshold is not set to 10 or less π’ | | π’ x3 |
| π Microsoft Entra ID Custom Banned Password List is not enforced π’ | | π’ x3 |
| π Microsoft Entra ID User Notify All Admins When Other Admins Reset Their Password is set No π’ | | π’ x3 |
| π Microsoft Entra ID User Notify Users On Password Resets is set to No π’ | | π’ x3 |
| π Microsoft Entra ID User Reconfirm Authentication Information is set to 0 π’ | | π’ x3 |
| π Microsoft Entra ID User Self-Service Password Reset does not require 2 authentication methods π’ | | π’ x3 |