Sergei
Overview
Critical
1High
0Medium
1Low
3Informational
0Security issues (5)
Severity | Non-Compliance | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|
Medium | CIS 1.10 PCI DSS 8.4 | IAM user "Sergei" does not have Multi-factor authentication (MFA) enabled. | PCI DSS Requirement 8.3: Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access. | More info | |
Low | CIS 1.11 | IAM user "Sergei" has both an access key for programmatic access and a password to sign-in to the AWS Management Console. | Consider creating a separate IAM user for programmatic access. | More info | |
Critical | — | IAM user "Sergei" has two access keys. While doing so makes rotation easier, having both access keys enabled increases the risk of a data breach. | Delete or deactivate the first access key for the user "Sergei". | More info | |
Low | — | IAM user "Sergei" has inline IAM policies. | Ensure IAM policies are attached only to groups or roles. | More info | |
Low | — | IAM user "Sergei" is among 8 IAM user administrators. Every additional administrator increases the risk of a data breach. | Keep 2 IAM users with administrative permissions, while giving other IAM users a unique set of security credentials. | More info |