The Center for Internet Security (CIS) released an updated version (v2.0) of their CIS AWS Benchmark last week. The new version of the benchmark includes 2 new recommendations, 1 removed, and updates to descriptions and remediation steps.
The Steampipe AWS Compliance mod, is packed with hundreds of open source controls that evaluate your AWS accounts for compliance with 25 benchmarks (NIST, PCI, SOC2, etc). The mod now also includes new controls for AWS CIS v2.0.
My last company we used only virtual MFA as it was easier to manage with a remote team. For Root MFA, could easily enforce a 2 group action through a password manager, one group to obtain the password, the other to get the TOTP.
Before having the ability to apply both HW and Virtual tokens per user, what did you do? only use HW devices? Or just Virtual?
What use cases do you have now for both at the same time?
Love seeing more projects focused on using SQL to query many things. It is a common and familiar language to query and report.
I help lead an open source project https//steampipe.io which can query CSV with SQL, among 85+ other endpoints like cloud providers, SaaS APIs, code, logs and more using SQL to query and join data: https://hub.steampipe.io/plugins