Profile Applicability:

  • Level 1

Description:

Ensure that the AWS account contact information, including the email address and phone number, is current and monitored. This contact information is critical for receiving AWS service updates, security notifications, and billing alerts. Keeping this information accurate and monitored ensures timely awareness of important AWS communications.

Rationale:

Maintaining up-to-date contact details ensures that the organization receives critical security, compliance, service-related, and billing notifications from AWS. Delays or failures in receiving these alerts due to outdated contact information can lead to missed incident reports, payment failures, or unauthorized changes going undetected.

Impact:

Failure to maintain current contact information may result in:

  • Missed security alerts and compliance communications

  • Account lockouts or unauthorized activity going unnoticed

  • Unpaid invoices and potential account suspension

Default Value:

AWS accounts are initially configured with the contact information provided at account creation. Updates must be made manually.

Pre-Requisites:

  • Access to the AWS root account or an IAM Identity Center user with permissions to update account settings

  • Internet access to the AWS Management Console

Remediation:

Test Plan:

Using AWS Console:

  1. Sign in to the AWS Management Console using the root account

  2. Navigate to Account Settings via the account dropdown in the top-right corner

  3. Review the following under Alternate Contacts:

    • Security Contact: Email address should be valid and monitored

    • Billing Contact: Email address should be correct

    • Operations Contact: Email address should be updated

Ensure that:

  • All contact emails are valid, monitored, and not using public or personal addresses (e.g., Gmail, Yahoo)

  • Phone numbers are valid and reachable

Implementation Plan:

Using AWS Console:

  1. Sign in to AWS Console with the root account

  2. Click the account name in the top-right → Select Account

  3. Under Contact Information, click Edit

  4. Update:

    • Email address

    • Phone number

    • Company address, if required

  5. Navigate to the Alternate Contacts section

  6. Update:

    • Security Contact email

    • Billing Contact email

    • Operations Contact email

  7. Click Update or Save changes

Backout Plan:

There is no functional backout for updating contact details. However, if incorrect details are entered:

  1. Return to the Account Settings page

  2. Re-edit the contact fields with the correct information

  3. Save the changes

References:

CIS Controls Mapping:

CIS Control Version

Control ID

Control Description

CIS v8

10.5

Configure Trusted Communications Channels

CIS v7

16.13

Conduct Periodic Review of Information System Accounts