Benchmark: 11.200(a) Biometric electronic signature components and controls
Description
(a) Electronic signatures that are not based upon biometrics shall: (1) Employ at least two distinct identification components such as an identification code and password. (i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual. (ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components. (2) Be used only by their genuine owners; and (3) Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 11.200(a) Biometric electronic signature components and controls.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.gxp_21_cfr_part_11_11_200_a
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.gxp_21_cfr_part_11_11_200_a --share
Controls
- IAM password policies for users should have strong configurations
- IAM root user hardware MFA should be enabled
- IAM root user MFA should be enabled
- IAM root user should not have access keys
- IAM user access keys should be rotated at least every 90 days
- IAM users with console access should have MFA enabled
- IAM user MFA should be enabled