Jul 12, 2021 Miscellaneous- Audit deprecated.
- Metadata updated.
- References updated.
|
Jun 17, 2021 Miscellaneous- Metadata updated.
- References updated.
Removed- _1.1 Avoid the use of the 'root' account - 'access_key_1_active != true'
- _1.1 Avoid the use of the 'root' account - 'access_key_2_active != true'
- _1.1 Avoid the use of the 'root' account - 'password_enabled != true'
- _1.11 Ensure IAM password policy expires passwords within 90 days or less
- _1.2 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password - 'Root Account MFA enabled'
- _1.2 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password - 'User Accounts MFA enabled'
- _1.5 Ensure IAM password policy requires at least one uppercase letter
- _1.6 Ensure IAM password policy require at least one lowercase letter
- _1.7 Ensure IAM password policy require at least one symbol
- _1.8 Ensure IAM password policy require at least one number
|
May 21, 2021 Functional Update- 1.13 Ensure there is only one active access key available for any single IAM user
Informational Update- 1.17 Ensure a support role has been created to manage incidents with AWS Support
Added- 1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
Removed- 1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password - AccountMFAEnabled
|
Apr 26, 2021 Functional Update- 4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'metric filter exists'
- 4.12 Ensure a log metric filter and alarm exist for changes to network gateways - 'metric filter exists'
- 4.13 Ensure a log metric filter and alarm exist for route table changes - 'metric filter exists'
- 4.14 Ensure a log metric filter and alarm exist for VPC changes - 'metric filter exists'
- 4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes - 'metric filter exists'
- 4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'metric filter exists'
- 4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'metric filter exists'
- 4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'metric filter exists'
- 4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'metric filter exists'
- 4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes - 'metric filter exists'
|
Mar 10, 2021 Functional Update- 4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes - 'metric filter exists'
|
Feb 10, 2021 Functional Update- 5.1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
Miscellaneous- Metadata updated.
- References updated.
|
