Benchmark: 8.2: User identification and related accounts for users and administrators are strictly managed throughout an account's lifecycle
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 8.2: User identification and related accounts for users and administrators are strictly managed throughout an account's lifecycle.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_8_2
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_8_2 --share
Benchmarks
- 8.2.1: All users are assigned a unique ID before access to system components or cardholder data is allowed
- 8.2.2: Group, shared, or generic IDs, or other shared authentication credentials are only used when necessary on an exception basis, and are managed
- 8.2.4: Addition, deletion, and modification of user IDs, authentication factors, and other identifier objects are managed
- 8.2.5: Access for terminated users is immediately revoked
- 8.2.6: Inactive user accounts are removed or disabled within 90 days of inactivity
- 8.2.7: Accounts used by third parties to access, support, or maintain system components via remote access are managed
- 8.2.8: If a user session has been idle for more than 15 minutes, the user is required to re-authenticate to re-activate the terminal or session