Benchmark: 3.5 Identification and Authentication
Description
IA controls are specific to the identification and authentication policies in an organization. This includes the identification and authentication of organizational and non-organizational users and how the management of those systems.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 3.5 Identification and Authentication.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_800_171_rev_2_3_5
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_800_171_rev_2_3_5 --share
Benchmarks
- 3.5.1 Identify system users, processes acting on behalf of users, and devices
- 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems
- 3.5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts
- 3.5.4 Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts
- 3.5.5 Prevent reuse of identifiers for a defined period
- 3.5.6 Disable identifiers after a defined period of inactivity
- 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created
- 3.5.8 Prohibit password reuse for a specified number of generations
- 3.5.9 Allow temporary password use for system logons with an immediate change to a permanent password