v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/github_compliance
Overview
2Dashboards
37Controls
33Queries
2Variables
GitHub

Control: 4.2.3 Ensure user access to the package registry utilizes Multi-Factor Authentication (MFA)

Description

Enforce Multi-Factor Authentication (MFA) for user access to the package registry.

Rationale

By default, every user authenticates to the system by password only. If a user's password is compromised, the user account and all its related packages are in danger of data theft and malicious builds. It is therefore recommended that each user enables Multi-Factor Authentication. This additional step guarantees that the account stays secure even if the user's password is compromised, as it adds another layer of authentication.

Audit

For each package registry in use, verify that Multi-Factor Authentication is enforced and is the only way to authenticate.

Remediation

For each package registry in use, enforce Multi-Factor Authentication as the only way to authenticate.

Usage

Run the control in your terminal:

powerpipe control run github_compliance.control.cis_supply_chain_v100_4_2_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_compliance.control.cis_supply_chain_v100_4_2_3 --share

SQL

This control uses a named query:

org_two_factor_required

Tags

category = Compliance
cis = true
cis_section_id = 4.2
cis_supply_chain_v100 = true
cis_type = manual
cis_version = v1.0.0
plugin = github
service = GitHub