New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question]: AWS account security questions have been deprecated #3382
Comments
Hi @Fennerr, it's great to talk about this topic since we talked internally about that recently. We know the following as stated by AWS: Starting January 5, 2024, AWS will no longer support security challenge questions for accounts that have not already enabled and used them. This will remove the option to add new security challenge questions from the Accounts page in the AWS Management Console. If you have already set security challenge questions or have already set them on the management account in your AWS Organization, you can continue to use them. After January 6, 2025, AWS will no longer support security challenge questions for all remaining customers. We encourage you to add MFA instead. For more information, see AWS Accounts discontinues the use of security challenge questions. Right now, that check is present in several compliance frameworks we support but as far as I understand, if the check
So, from my understanding we can remove the check but we need to think what happens with the compliance frameworks that are using it. |
I think for now the allowlist/mutelist is the way to go. |
Okay cool - Im not sure what's going to happen with the compliance frameworks (if you need to wait for the framework to catchup with the changes before changing the checks in prowler or not). Might be worth adding a line to the status_extended saying that you cannot act on this finding, only check it, as it has been deprecated |
Steps to Reproduce
Not actually a bug, but not a feature request either. AWS is deprecating security questions for accounts, ao the check should be removed
https://github.com/prowler-cloud/prowler/tree/mastoter/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account
https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-security-challenge.html
Expected behavior
Remove the check
Actual Result with Screenshots or Logs
N/A
How did you install Prowler?
Cloning the repository from github.com (git clone)
Environment Resource
N/A
OS used
N/A
Prowler version
Na
Pip version
Na
Context
No response
The text was updated successfully, but these errors were encountered: