Benchmark: 11.300(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging)
Description
Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include: (b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging).
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 11.300(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging).
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.gxp_21_cfr_part_11_11_300_bSnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.gxp_21_cfr_part_11_11_300_b --shareControls
- EMR cluster Kerberos should be enabled
- IAM password policies for users should have strong configurations
- IAM user access keys should be rotated at least every 90 days
- IAM user credentials that have not been used in 90 days should be disabled
- Secrets Manager secrets should have automatic rotation enabled
- Secrets Manager secrets should be rotated as per the rotation schedule