Ensure GitHub organization security settings require 2FA

Description

This policy checks whether two-factor authentication (2FA) is required for GitHub organization security settings. Requiring 2FA adds an additional layer of security, making it more difficult for unauthorized users to access the organization's resources. Without 2FA, an organization is more vulnerable to phishing and password attacks. Enabling 2FA is essential for protecting sensitive data and preventing unauthorized access.

Code Example

github

Go to Organization Settings > Security > Authentication > Two-factor authentication, and select 'Require two-factor authentication for all members of this organization'.

Remediation

Enable two-factor authentication for the GitHub organization.

Rule Details

Field	Value
ID	IAC-1039
Severity	HIGH
IaC Type	github_configuration
Frameworks	*
Checkov ID	CKV_GITHUB_1

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Ensure GitHub organization security settings require 2FA

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Ensure GitHub organization security settings require 2FA ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Ensure GitHub organization security settings require 2FA

Description

Code Example

Remediation

Rule Details

References