You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Implement strong multi-factor authentication (MFA) for all user accounts. Use phishing resistant MFA where and when available.
(Note: User accounts and identities include:
Root/Global administrator (as it is one that that has enhanced/highest level of privileges over the control plane and addresses all aspects of access control).
Confirm that MFA is implemented as per GC guidance through screenshots, compliance reports, or compliance check enabled through a reporting tool for all user accounts.
Confirm that digital policies are in place to ensure that MFA configurations are enforced.
Confirm and report the count of Root/Global administrator registered (should have at least two and no more than five).
Configure alerting to ensure the prompt detection of a potential compromise, in accordance with the GC Event Logging Guidance.
Confirm if monitoring and auditing is implemented for all user accounts.
Confirm alert notification to the authorized personnel is implemented for flagging misuse, or suspicious activities for all user accounts.
Use separate dedicated accounts for highly privileged roles (e.g. domain admins, global admins, root, and any domain admin equivalent access) when administering cloud services to minimize the blast radius.
Provide evidence that dedicated user accounts are used for administration (e.g., privileged access).