Examples
Security & Compliance
Key questions for security and compliance.
Example Questions
- Do we have security groups permitting SSH from 0.0.0.0/0?
- Which IAM policies were manually created in the AWS console?
- Are there any unencrypted S3 buckets?
- Who approved the last security group change?
- Are all IAM users using MFA?
- Are there any public S3 buckets?
- Are there any expired or soon-to-expire SSL/TLS certificates?
- Which accounts have unused or stale access keys?