OCI-001 Oracle Cloud Infrastructure (OCI)

MFA is enforced for all IAM users, especially administrators.

MFA is enforced for all IAM users, especially administrators.

Domain
Oracle Cloud Infrastructure (OCI)
Area
IAM
Automated / manual
Automated

Risk if it fails

Password-only logins are easily phished.

Without a second factor, one stolen password lets an attacker sign in as the user. If that user is in the Administrators group, the whole tenancy is theirs.

How Tess tests it

1 test — each concludes only on cited evidence.

MFA is enforced for all IAM users, especially administrators.

Automated
Procedure
Confirm MFA status (is_mfa_activated) for each user.

Read-only command 

oci iam user list --all --query "data[].{name:name,mfa:\"is-mfa-activated\"}" --output table

More in Oracle Cloud Infrastructure (OCI)

OCI-002 Customer secret keys / API keys are rotated regularly (<=90 days). OCI-003 A strong password policy is configured. OCI-004 Membership of the Administrators group is minimal. OCI-005 IAM policies follow least privilege (no broad 'manage all-resources').

Want Tess to test OCI-001 against your evidence?

Book a demo