aws_compliance

Once MFA Delete is enabled on your sensitive and classified S3 bucket it requires the user to have two forms of authentication.

s3_bucket_mfa_delete_enabled

pci_dss_v40_requirement_10_3_2

10.3.2: Audit log files are protected to prevent modifications by individuals

pci_dss_v40_requirement_3_5_1_3

3.5.1.3: If disk-level or partition-level encryption is used (rather than file-, column-, or field-level database encryption) to render PAN unreadable

pci_dss_v40_requirement_8_4_1

8.4.1: MFA is implemented for all non-console access into the CDE for personnel with administrative access

pci_dss_v40_requirement_8_4_2

8.4.2 MFA is implemented for all non-console access into the CDE

pci_dss_v40_requirement_8_4_3

8.4.3 MFA is implemented for all remote access originating from outside the entity's network that could access or impact the CDE

pci_dss_v40_appendix_a1_1_2

A1.1.2: Controls are implemented such that each customer only has permission to access its own cardholder data and CDE

pci_dss_v40_appendix_a3_4_1

A3.4.1: User accounts and access privileges to inscope system components are reviewed at least once every six months to ensure user accounts and access privileges remain appropriate based on job function, and that all access is authorized

acsc_essential_eight_ml_1_7_1

ACSC-EE-ML1-7.1: Multi-factor authentication ML1

acsc_essential_eight_ml_1_7_2

ACSC-EE-ML1-7.2: Multi-factor authentication ML1

acsc_essential_eight_ml_1_7_3

ACSC-EE-ML1-7.3: Multi-factor authentication ML1

acsc_essential_eight_ml_1_7_4

ACSC-EE-ML1-7.4: Multi-factor authentication ML1

acsc_essential_eight_ml_2_7_1

ACSC-EE-ML2-7.1: Multi-factor authentication ML2

acsc_essential_eight_ml_2_7_4

ACSC-EE-ML2-7.4: Multi-factor authentication ML2

acsc_essential_eight_ml_2_7_5

ACSC-EE-ML2-7.5: Multi-factor authentication ML2

acsc_essential_eight_ml_2_7_6

ACSC-EE-ML2-7.6: Multi-factor authentication ML2

acsc_essential_eight_ml_2_8_6

ACSC-EE-ML2-8.6: Regular backups ML2

acsc_essential_eight_ml_2_8_8

ACSC-EE-ML2-8.8: Regular backups ML2

acsc_essential_eight_ml_3_7_1

ACSC-EE-ML3-7.1: Multi-factor authentication ML3

acsc_essential_eight_ml_3_7_2

ACSC-EE-ML3-7.2: Multi-factor authentication ML3

acsc_essential_eight_ml_3_7_3

ACSC-EE-ML3-7.3: Multi-factor authentication ML3

acsc_essential_eight_ml_3_7_4

ACSC-EE-ML3-7.4: Multi-factor authentication ML3

acsc_essential_eight_ml_3_7_5

ACSC-EE-ML3-7.5: Multi-factor authentication ML3

acsc_essential_eight_ml_3_7_6

ACSC-EE-ML3-7.6: Multi-factor authentication ML3

acsc_essential_eight_ml_3_7_7

ACSC-EE-ML3-7.7: Multi-factor authentication ML3

acsc_essential_eight_ml_3_8_6

ACSC-EE-ML3-8.6: Regular backups ML3

acsc_essential_eight_ml_3_8_8

ACSC-EE-ML3-8.8: Regular backups ML3

all_controls_s3

Ensure MFA Delete is enabled on S3 buckets

cis_v140_2_1_3

cis_v150_2_1_3

cis_v200_2_1_2

cis_v300_2_1_2

cis_v400_2_1_2

cis_v500_2_1_2

cis_v600_3_1_2

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: Ensure MFA Delete is enabled on S3 buckets

Description

Usage

SQL

Tags