Help Center
Go back to application
Help Center
Go back to application
Platform Terms Glossary
Task Management
Task Management explained Creating Tasks Setting up Task NotificationsGiving permissions to team members
Organization
Working together in KertosInviting UsersCreating rolesAssigning System AccessCreating Departments and Assigning Users
Integrations
Discovery
Tasks
Device Management
Human Resource Information Systems
Inventory
Inventorization of vendorsInventorization of systemsInventorization of assetsEU AI Act: Inventorization of AI use cases
Risks
Managing risksApplying controls to risks
Trust Center
Setting up your trust center
Incidents
Reporting incidents
KAIA
KAIA explainedPrinciples of AI at Kertos
Interacting with KAIA
Compliance
Frameworks explainedManaging & implementing controlsCreating & managing policiesCompleting & assigning trainings
Privacy Management
Creating a RoPACreating TOMsCreating DPIAs
Data Subject Requests
API Reference
Ingress API Docs for DSRs Webhook API Docs for DSRs
Auto Checks
Auto Checks explained
Auto Checks Detailed Explanation
Enforce MFA on the AWS Root AccountVerify CloudTrail is logging management events across all AWS regionsEnsure no IAM AWS-managed policies grant full administrative accessConfirm that Amazon GuardDuty is enabled for threat detectionEnsure the root account does not have any active access keysConfirm IAM Access Analyzer is enabled to monitor access permissionsConfigure a log metric filter and alarm for unauthorized API callsConfigure a log metric filter and alarm for root account usageEnsure customer-managed IAM policies do not grant full administrative accessPrevent IAM identities from having inline policies with unrestricted accessMaintain accurate and up-to-date AWS account contact informationRegister a valid security contact in the AWS account settingsBlock IAM Inline Policies That Enable Privilege EscalationPrevent IAM Inline Policies from Granting Full CloudTrail AccessAvoid Full KMS Access in Inline IAM PoliciesPrevent Overly Permissive Role Assumption in Custom IAM PoliciesPrevent Privilege Escalation via Customer-Managed IAM PoliciesAvoid IAM Policies Granting Full CloudTrail AccessAvoid IAM Policies Granting Unrestricted KMS AccessPrevent IAM Roles from Assigning ReadOnlyAccess Permissions to External AWS AccountsProtect IAM Service Roles from Confused Deputy Attacks Using Proper Trust PoliciesAvoid Provisioning Access Keys During Initial IAM User Creation When Console Login is EnabledDetect IAM Users with Multiple Active Access Keys and Enforce Key Rotation

Maintain accurate and up-to-date AWS account contact information

Framework Reference: A.5.24 (Contact with authorities) Integration: AWS – Billing Console

Why this matters

Timely communication from AWS is critical during incidents involving security breaches, policy violations, or billing issues. If your contact information is outdated or points to a single individual, you may miss urgent alerts from AWS—leading to service interruptions or delayed incident response.

To mitigate this risk, it’s essential to keep contact details updated and ensure they are connected to shared email addresses and phone lines monitored by multiple team members.

What this check does

This check verifies that the account contact information in AWS is:

Present and filled out correctly

Includes a valid email and phone number

Updated within a reasonable timeframe (e.g., not older than 12 months)

It also ensures contact details are set up in a way that allows AWS to reach your organization reliably.

How to fix it

From the AWS Console

Sign in to the AWS Billing and Cost Management Console using an account with billing permissions

Click on your account name in the top-right corner

Select Account

Under Account Settings, click Edit

Update the email address, phone number, and physical address as needed

Click Save Changes

Optionally, update Contact Information (billing, operations, and security contact types) to distinct addresses or mailing lists

Tip: Use mailing lists like security@yourcompany.com or billing@yourcompany.com instead of individual emails to avoid single points of failure.

Exceptions

There are no valid exceptions to keeping contact information updated. Even accounts used solely for testing or automation should have reachable contact info to avoid automated suspension due to undeliverable messages or suspicious behavior.

Best Practices

Assign role-based addresses (e.g., aws-abuse@, infra-ops@) instead of personal ones

Review contact details at least once every 6–12 months

Ensure phone numbers route to reachable desks or shared lines

Further Resources

Manage AWS Account Contact Information

Was this article helpful?

Powered by Product Fruits