aws_compliance

AWS Compliance

Enable this rule to restrict access to resources in the AWS Cloud.

iam_user_mfa_enabled

gxp_21_cfr_part_11_11_10_d

11.10(d) Limiting system access to authorized individuals

gxp_21_cfr_part_11_11_10_g

11.10(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand

gxp_21_cfr_part_11_11_200_a

11.200(a) Biometric electronic signature components and controls

hipaa_security_rule_2003_164_308_a_3_ii_a

164.308(a)(3)(ii)(A) Authorization and/or supervision

hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_a

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_b

164.308(a)(4)(ii)(B) Access authorization

hipaa_security_rule_2003_164_312_d

164.312(d) Person or entity authentication

hipaa_final_omnibus_security_rule_2013_164_312_d

audit_manager_control_tower_multi_factor_authentication_3_0_1

3.0.1 - Disallow access to IAM users without MFA

nist_800_171_rev_2_3_1_1

3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems)

nist_800_171_rev_2_3_1_2

3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute

rbi_itf_nbfc_3_1_c

3.1.c Role based Access Control

nist_800_171_rev_2_3_5_1

3.5.1 Identify system users, processes acting on behalf of users, and devices

nist_800_171_rev_2_3_5_2

3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems

nist_800_171_rev_2_3_5_3

3.5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts

nist_800_171_rev_2_3_5_4

3.5.4 Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts

cis_controls_v8_ig1_5_2

5.2 Use Unique Passwords

nydfs_23_500_02_b_2

500.02(b)(2)

nydfs_23_500_12

500.12 Multi-factor Authentication

pci_dss_v321_requirement_8_3_1

8.3.1 Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access

pci_dss_v321_requirement_8_3_1_a

8.3.1.a Examine network and/or system configurations, as applicable, to verify multi-factor authentication is required for all non-console administrative access into the CDE

pci_dss_v321_requirement_8_3_2_a

8.3.2.a Examine system configurations for remote access servers and systems to verify multi-factor authentication is required for all remote access by personnel, both user and administrator, and all third-party/vendor remote access (including access to applications and system components for support or maintenance purposes)

pci_dss_v321_requirement_8_6_c

8.6.c Examine system configuration settings and/or physical controls, as applicable, to verify that controls are implemented to ensure only the intended account can use that mechanism to gain access

rbi_itf_nbfc_8_I

8.I Basic Security Aspects

nist_800_53_rev_5_ac_2_1

AC-2(1) Automated System Account Management

fedramp_moderate_rev_4_ac_2_1

fedramp_moderate_rev_4_ac_2_f

AC-2(f)

fedramp_moderate_rev_4_ac_2_j

AC-2(j)

nist_800_53_rev_5_ac_3_12_a

AC-3(12)(a)

nist_800_53_rev_5_ac_3_13

AC-3(13) Attribute-Based Access Control

nist_800_53_rev_5_ac_3_15_a

AC-3(15)(a)

nist_800_53_rev_5_ac_3_15_b

AC-3(15)(b)

nist_800_53_rev_5_ac_3_2

AC-3(2) Dual Authorization

nist_800_53_rev_5_ac_3_3

AC-3(3) Mandatory Access Control

nist_800_53_rev_5_ac_3_3_a

AC-3(3)(a)

nist_800_53_rev_5_ac_3_3_b_1

AC-3(3)(b)(1)

nist_800_53_rev_5_ac_3_3_b_2

AC-3(3)(b)(2)

nist_800_53_rev_5_ac_3_3_b_3

AC-3(3)(b)(3)

nist_800_53_rev_5_ac_3_3_b_4

AC-3(3)(b)(4)

nist_800_53_rev_5_ac_3_3_b_5

AC-3(3)(b)(5)

nist_800_53_rev_5_ac_3_3_c

AC-3(3)(c)

nist_800_53_rev_5_ac_3_4

AC-3(4) Discretionary Access Control

nist_800_53_rev_5_ac_3_4_a

AC-3(4)(a)

nist_800_53_rev_5_ac_3_4_b

AC-3(4)(b)

nist_800_53_rev_5_ac_3_4_c

AC-3(4)(c)

nist_800_53_rev_5_ac_3_4_d

AC-3(4)(d)

nist_800_53_rev_5_ac_3_4_e

AC-3(4)(e)

nist_800_53_rev_5_ac_3_8

AC-3(8) Revocation Of Access Authorizations

nist_800_53_rev_5_ac_4_28

AC-4(28) Linear Filter Pipelines

nist_800_53_rev_5_ac_7_4

AC-7(4) Use Of Alternate Authentication Factor

nist_800_53_rev_5_ac_7_4_a

AC-7(4)(a)

acsc_essential_eight_ml_1_7_1

ACSC-EE-ML1-7.1: Multi-factor authentication ML1

acsc_essential_eight_ml_1_7_2

ACSC-EE-ML1-7.2: Multi-factor authentication ML1

acsc_essential_eight_ml_1_7_3

ACSC-EE-ML1-7.3: Multi-factor authentication ML1

acsc_essential_eight_ml_1_7_4

ACSC-EE-ML1-7.4: Multi-factor authentication ML1

acsc_essential_eight_ml_2_7_1

ACSC-EE-ML2-7.1: Multi-factor authentication ML2

acsc_essential_eight_ml_2_7_4

ACSC-EE-ML2-7.4: Multi-factor authentication ML2

acsc_essential_eight_ml_2_7_5

ACSC-EE-ML2-7.5: Multi-factor authentication ML2

acsc_essential_eight_ml_2_7_6

ACSC-EE-ML2-7.6: Multi-factor authentication ML2

acsc_essential_eight_ml_3_7_1

ACSC-EE-ML3-7.1: Multi-factor authentication ML3

acsc_essential_eight_ml_3_7_2

ACSC-EE-ML3-7.2: Multi-factor authentication ML3

acsc_essential_eight_ml_3_7_3

ACSC-EE-ML3-7.3: Multi-factor authentication ML3

acsc_essential_eight_ml_3_7_4

ACSC-EE-ML3-7.4: Multi-factor authentication ML3

acsc_essential_eight_ml_3_7_5

ACSC-EE-ML3-7.5: Multi-factor authentication ML3

acsc_essential_eight_ml_3_7_6

ACSC-EE-ML3-7.6: Multi-factor authentication ML3

acsc_essential_eight_ml_3_7_7

ACSC-EE-ML3-7.7: Multi-factor authentication ML3

nist_800_53_rev_5_ac_24

Access Control Decisions (AC-24)

fedramp_low_rev_4_ac_2

Account Management (AC-2)

cisa_cyber_essentials_booting_up_things_to_do_first_2

Booting Up: Things to Do First-2

soc_2_cc_6_6

CC6.6 The entity implements logical access security measures to protect against threats from sources outside its system boundaries

nist_800_53_rev_5_cm_5_1_a

CM-5(1)(a)

ffiec_d_3_pc_am_b_6

D3.PC.Am.B.6

nist_800_53_rev_5_ia_2_1

IA-2(1) Multi-Factor Authentication To Privileged Accounts

fedramp_moderate_rev_4_ia_2_1

IA-2(1) Network Access To Privileged Accounts

nist_800_53_rev_4_ia_2_1

fedramp_moderate_rev_4_ia_2_1_2

IA-2(1)(2)

nist_800_53_rev_4_ia_2_11

IA-2(11) Remote Access - Separate Device

nist_800_53_rev_5_ia_2_2

IA-2(2) Multi-Factor Authentication To Non-Privileged Accounts

nist_800_53_rev_4_ia_2_2

IA-2(2) Network Access To Non-Privileged Accounts

nist_800_53_rev_5_ia_2_6

IA-2(6) Acces To Accounts — Separate Device

nist_800_53_rev_5_ia_2_6_a

IA-2(6)(a)

nist_800_53_rev_5_ia_2_8

IA-2(8) Access To Accounts — Replay Resistant

all_controls_iam

fedramp_low_rev_4_ia_2

Identification and Authentication (Organizational users) (IA-2)

nist_csf_pr_ac_1

PR.AC-1

nist_csf_pr_ac_3

PR.AC-3

nist_csf_pr_ac_7

PR.AC-7

nist_800_53_rev_5_sc_23_3

SC-23(3) Unique System-Generated Session Identifiers

cisa_cyber_essentials_your_surroundings_2

Your Surroundings-2

cisa_cyber_essentials_your_systems_3

Your Systems-3

IAM user MFA should be enabled

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: IAM user MFA should be enabled

Description

Usage

SQL

Tags