Other benchmark rules that do not apply for a new account

Identity and Access Management

  1. Avoid the use of the "root" account
  2. Ensure Multi-Factor Authentication (MFA) is enabled for all IAM users that have a console password
  3. Ensure credentials unused for 90 days or greater are disabled
  4. Ensure Access keys are rotated every 90 days or less
  5. Ensure no root account access key exists
  6. Ensure MDA is enabled for the "root" account
  7. Ensure hardware MFA is enabled for the "root" account
  8. Ensure IAM policies are attached only to groups or roles
  9. Ensure IAM policies that allow full ":" administrative privileges are not created

Logging

  1. Ensure AWS Config is enabled in all regions
  2. Ensure rotation for customer created CMKs is enabled

Networking

  1. Ensure no security groups allow ingress from 0.0.0.0/0 to port 22
  2. Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389
  3. Ensure routing tables for VPC peering are "least access"