Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Ensure Security Questions are Registered in the AWS Account Rule

This rule ensures that security questions are set up in the AWS account for enhanced security measures.

RuleEnsure security questions are registered in the AWS account
Frameworkcis_v150
Severity
Medium

Rule Description:

The rule "cis_v150" requires users to register security questions for their AWS accounts. Security questions provide an additional layer of authentication and help ensure the security and integrity of the account.

Remediation Steps:

Follow the steps below to register security questions for your AWS account:

  2. 1.
    Sign in to the AWS Management Console with your account credentials.
  4. 2.
    Open the IAM (Identity and Access Management) console.
  6. 3.
    In the navigation pane, choose "Account settings".
  8. 4.
    On the "Account Settings" page, scroll down to the "Security Questions" section.
  10. 5.
    Click on the "Edit" button next to the "Security Questions" heading.
  12. 6.
    You will be prompted to answer your existing security question (if already set). Provide the correct answer to proceed. If you don't remember the answer, choose the "I don't remember, remove it" option to remove the existing security question.
  14. 7.
    Once you have answered the existing security question or removed it, click the "Add security question" button.
  16. 8.
    Enter a new security question in the "Question" field.
  18. 9.
    Provide a unique and memorable answer for the question in the "Answer" field.
  20. 10.
    Click the "Save security questions" button to register the new security question.

Troubleshooting Steps:

  • If you are unable to sign in to the AWS Management Console, ensure you are using valid account credentials. If you are still unable to sign in, follow the password reset process provided by AWS.
  • If you are not seeing the "Account settings" option in the IAM console navigation pane, ensure that you have sufficient permissions and are accessing the console with a user that has appropriate IAM permissions.
  • If you encounter any error messages during the security question registration process, ensure that you are providing valid question and answer inputs. Make sure you adhere to any specific requirements mentioned by AWS, such as minimum character lengths or allowed special characters.

CLI Commands (if applicable):

The remediation steps above can be performed through the AWS Management Console. However, if you prefer using the AWS Command Line Interface (CLI), you can use the following commands:

  2. 1.
    To add security questions:
aws iam create-virtual-mfa-device --virtual-mfa-device-name "My-Security-Questions-MFA"
  2. 1.
    To delete an existing security question:
aws iam delete-virtual-mfa-device --serial-number "arn:aws:iam::123456789012:mfa/My-Security-Questions-MFA"

Ensure to replace "My-Security-Questions-MFA" with your desired MFA device name.

Note: These commands assume you have already configured the AWS CLI and have appropriate permissions to perform IAM actions.

Conclusion:

Registering security questions for your AWS account helps enhance the overall security posture of your account. By following the provided steps, whether through the AWS Management Console or CLI, you can ensure compliance with the "cis_v150" rule and strengthen the protection of your AWS resources.

Is your System Free of Underlying Vulnerabilities?
Find Out Now