Benchmark: 1 Identity and Access Management
Overview
This section contains recommendations for configuring identity and access management related options.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-alicloud-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 1 Identity and Access Management.
Run this benchmark in your terminal:
powerpipe benchmark run alicloud_compliance.benchmark.cis_v100_1Snapshot and share results via Turbot Pipes:
powerpipe benchmark run alicloud_compliance.benchmark.cis_v100_1 --shareControls
- 1.1 Avoid the use of the 'root' account
- 1.2 Ensure no root account access key exists
- 1.3 Ensure MFA is enabled for the 'root' account
- 1.4 Ensure that multi-factor authentication is enabled for all RAM users that have a console password
- 1.5 Ensure users not logged on for 90 days or longer are disabled for console logon
- 1.6 Ensure access keys are rotated every 90 days or less
- 1.7 Ensure RAM password policy requires at least one uppercase letter
- 1.8 Ensure RAM password policy requires at least one lowercase letter
- 1.9 Ensure RAM password policy require at least one symbol
- 1.10 Ensure RAM password policy require at least one number
- 1.11 Ensure RAM password policy requires minimum length of 14 or greater
- 1.12 Ensure RAM password policy prevents password reuse
- 1.13 Ensure RAM password policy expires passwords within 90 days or less
- 1.14 Ensure RAM password policy temporarily blocks logon after 5 incorrect logon attempts within an hour
- 1.16 Ensure RAM policies are attached only to groups or roles