mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 06:45:08 +00:00
added more checks mappings to ISO27001 group, and reordered the list of comment mappings to go from lower to highest requirements in ISO
This commit is contained in:
Mario Platt
@@ -15,88 +15,160 @@ GROUP_ID[18]='iso27001'
|
||||
GROUP_NUMBER[18]='18.0'
|
||||
GROUP_TITLE[18]='ISO 27001:2013 Readiness - ONLY AS REFERENCE - [iso27001] *****'
|
||||
GROUP_RUN_BY_DEFAULT[18]='N' # run it when execute_all is called
|
||||
GROUP_CHECKS[18]='check11,check110,check111,check112,check113,check116,check12,check122,check13,check14,check15,check16,check17,check18,check19,check21,check23,check24,check25,check26,check29,check31,check310,check311,check312,check313,check314,check32,check33,check34,check35,check36,check37,check38,check39,check41,check42,check43,extra711,extra72,extra723,extra731,extra735,extra76,extra78,extra792,extra798'
|
||||
GROUP_CHECKS[18]='check11,check110,check111,check112,check113,check114,check115,check116,check119,check12,check122,check13,check14,check15,check16,check17,check18,check19,check21,check22,check23,check24,check25,check26,check27,check28,check29,check31,check310,check311,check312,check313,check314,check32,check33,check34,check35,check36,check37,check38,check39,check41,check42,check43,check44,extra71,extra710,extra7100,extra711,extra7113,extra7123,extra7125,extra7126,extra7128,extra7129,extra713,extra714,extra7130,extra718,extra719,extra72,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra731,extra73,extra731,extra735,extra739,extra74,extra741,extra747,extra748,extra75,extra756,extra757,extra758,extra759,extra76,extra760,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra77,extra771,extra772,extra774,extra776,extra777,extra778,extra78,extra789,extra79,extra790,extra792,extra793,extra794,extra795,extra796,extra798'
|
||||
|
||||
# # Category Objective ID Objective Name Prowler check ID Check Summary
|
||||
# 1 A.10 Cryptography A.10.1 Cryptographic Controls extra735 Setup Encryption at rest for RDS instances
|
||||
# 2 A.10 Cryptography A.10.1 Cryptographic Controls extra792 Detect use of insecure ciphers on ELBs
|
||||
# 3 A.10 Cryptography A.10.1 Cryptographic Controls check37 Detect Customer Master Keys (CMKs) scheduled for deletion
|
||||
# 4 A.12 Operations Security A.12.4 Logging and Monitoring check314 Ensure a log metric filter and alarm exist for VPC changes
|
||||
# 5 A.12 Operations Security A.12.4 Logging and Monitoring check313 Ensure a log metric filter and alarm exist for route table changes
|
||||
# 6 A.12 Operations Security A.12.4 Logging and Monitoring check312 Ensure a log metric filter and alarm exist for changes to network gateways
|
||||
# 7 A.12 Operations Security A.12.4 Logging and Monitoring check311 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)
|
||||
# 8 A.12 Operations Security A.12.4 Logging and Monitoring check310 Ensure a log metric filter and alarm exist for security group changes
|
||||
# 9 A.12 Operations Security A.12.4 Logging and Monitoring check39 Ensure a log metric filter and alarm exist for AWS Config configuration changes
|
||||
# 10 A.12 Operations Security A.12.4 Logging and Monitoring check38 Ensure a log metric filter and alarm exist for S3 bucket policy changes
|
||||
# 11 A.12 Operations Security A.12.4 Logging and Monitoring check37 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
|
||||
# 12 A.12 Operations Security A.12.4 Logging and Monitoring check36 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
|
||||
# 13 A.12 Operations Security A.12.4 Logging and Monitoring check35 Ensure a log metric filter and alarm exist for CloudTrail configuration changes
|
||||
# 14 A.12 Operations Security A.12.4 Logging and Monitoring check34 Ensure a log metric filter and alarm exist for IAM policy changes
|
||||
# 15 A.12 Operations Security A.12.4 Logging and Monitoring check33 Ensure a log metric filter and alarm exist for usage of "root" account
|
||||
# 16 A.12 Operations Security A.12.4 Logging and Monitoring check32 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA
|
||||
# 17 A.12 Operations Security A.12.4 Logging and Monitoring check31 Ensure a log metric filter and alarm exist for unauthorized API calls
|
||||
# 18 A.12 Operations Security A.12.4 Logging and Monitoring check26 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
|
||||
# 19 A.12 Operations Security A.12.4 Logging and Monitoring check25 Ensure AWS Config is enabled in all regions
|
||||
# 20 A.12 Operations Security A.12.4 Logging and Monitoring check24 Ensure CloudTrail trails are integrated with CloudWatch Logs
|
||||
# 21 A.12 Operations Security A.12.4 Logging and Monitoring check29 Ensure VPC flow logging is enabled in all VPCs
|
||||
# 22 A.12 Operations Security A.12.4 Logging and Monitoring check23 Ensure the S3 bucket CloudTrail logs to is not publicly accessible
|
||||
# 23 A.12 Operations Security A.12.4 Logging and Monitoring check21 Ensure CloudTrail is enabled in all regions
|
||||
# 24 A.12 Operations Security A.12.6 Technical Vulnerability Management check43 Ensure the default security group of every VPC restricts all traffic
|
||||
# 25 A.12 Operations Security A.12.6 Technical Vulnerability Management check42 Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389
|
||||
# 26 A.12 Operations Security A.12.6 Technical Vulnerability Management check41 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22
|
||||
# 27 A.12 Operations Security A.12.6 Technical Vulnerability Management extra76 Check for publicly shared AMIs
|
||||
# 28 A.12 Operations Security A.12.6 Technical Vulnerability Management extra72 Ensure EBS snapshots are not publicly accessible
|
||||
# 29 A.12 Operations Security A.12.6 Technical Vulnerability Management extra731 Ensure SNS topics do not allow global send or subscribe
|
||||
# 30 A.12 Operations Security A.12.6 Technical Vulnerability Management extra711 Ensure Redshift clusters do not have a public endpoint
|
||||
# 31 A.12 Operations Security A.12.6 Technical Vulnerability Management extra723 Ensure RDS snapshots are not publicly accessible
|
||||
# 32 A.12 Operations Security A.12.6 Technical Vulnerability Management extra78 Ensure RDS instances are not accessible to the world.
|
||||
# 33 A.12 Operations Security A.12.6 Technical Vulnerability Management check23 Ensure the S3 bucket CloudTrail logs to is not publicly accessible
|
||||
# 34 A.13 Communications Security A.13.1 Network Security Management check43 Ensure the default security group of every VPC restricts all traffic
|
||||
# 35 A.13 Communications Security A.13.1 Network Security Management check42 Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389
|
||||
# 36 A.13 Communications Security A.13.1 Network Security Management check41 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22
|
||||
# 37 A.13 Communications Security A.13.1 Network Security Management extra72 Ensure EBS snapshots are not publicly accessible
|
||||
# 38 A.13 Communications Security A.13.1 Network Security Management extra731 Ensure SNS topics do not allow global send or subscribe
|
||||
# 39 A.13 Communications Security A.13.1 Network Security Management extra711 Ensure Redshift clusters do not have a public endpoint
|
||||
# 40 A.13 Communications Security A.13.1 Network Security Management extra723 Ensure RDS snapshots are not publicly accessible
|
||||
# 41 A.13 Communications Security A.13.1 Network Security Management extra78 Ensure RDS instances are not accessible to the world.
|
||||
# 82 A.13 Communications Security A.13.1 Network Security Management extra798 Ensure Lambda Functions are not publicly accessible
|
||||
# 42 A.9 Access Control A.9.2 User Access Management check122 Ensure IAM policies that allow full "*:*" administrative privileges are not created.
|
||||
# 43 A.9 Access Control A.9.2 User Access Management check111 Ensure IAM password policy expires passwords within 90 days or less
|
||||
# 44 A.9 Access Control A.9.2 User Access Management check110 Ensure IAM password policy prevents password reuse
|
||||
# 45 A.9 Access Control A.9.2 User Access Management check19 Ensure IAM password policy requires minimum length of 14 or greater
|
||||
# 46 A.9 Access Control A.9.2 User Access Management check18 Ensure IAM password policy require at least one number
|
||||
# 47 A.9 Access Control A.9.2 User Access Management check17 Ensure IAM password policy require at least one symbol
|
||||
# 48 A.9 Access Control A.9.2 User Access Management check16 Ensure IAM password policy require at least one lowercase letter
|
||||
# 49 A.9 Access Control A.9.2 User Access Management check15 Ensure IAM password policy requires at least one uppercase letter
|
||||
# 50 A.9 Access Control A.9.2 User Access Management check11 Avoid the use of the 'root' account
|
||||
# 51 A.9 Access Control A.9.2 User Access Management check116 Ensure IAM policies are attached only to groups or roles
|
||||
# 52 A.9 Access Control A.9.2 User Access Management check12 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have console access
|
||||
# 53 A.9 Access Control A.9.2 User Access Management check113 Ensure MFA is enabled for the 'root' account
|
||||
# 54 A.9 Access Control A.9.2 User Access Management check14 Ensure access keys are rotated every 90 days or less
|
||||
# 55 A.9 Access Control A.9.2 User Access Management check13 Ensure credentials unused for 90 days or greater are disabled
|
||||
# 56 A.9 Access Control A.9.2 User Access Management check112 Ensure no root account access key exists
|
||||
# 57 A.9 Access Control A.9.3 User Responsibilities check111 Ensure IAM password policy expires passwords within 90 days or less
|
||||
# 58 A.9 Access Control A.9.3 User Responsibilities check110 Ensure IAM password policy prevents password reuse
|
||||
# 59 A.9 Access Control A.9.3 User Responsibilities check19 Ensure IAM password policy requires minimum length of 14 or greater
|
||||
# 60 A.9 Access Control A.9.3 User Responsibilities check18 Ensure IAM password policy require at least one number
|
||||
# 61 A.9 Access Control A.9.3 User Responsibilities check17 Ensure IAM password policy require at least one symbol
|
||||
# 62 A.9 Access Control A.9.3 User Responsibilities check16 Ensure IAM password policy require at least one lowercase letter
|
||||
# 63 A.9 Access Control A.9.3 User Responsibilities check15 Ensure IAM password policy requires at least one uppercase letter
|
||||
# 64 A.9 Access Control A.9.3 User Responsibilities check12 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have console access
|
||||
# 65 A.9 Access Control A.9.3 User Responsibilities check14 Ensure access keys are rotated every 90 days or less
|
||||
# 66 A.9 Access Control A.9.3 User Responsibilities check13 Ensure credentials unused for 90 days or greater are disabled
|
||||
# 67 A.9 Access Control A.9.4 System and Application Access Control check122 Ensure IAM policies that allow full "*:*" administrative privileges are not created.
|
||||
# 68 A.9 Access Control A.9.4 System and Application Access Control check111 Ensure IAM password policy expires passwords within 90 days or less
|
||||
# 69 A.9 Access Control A.9.4 System and Application Access Control check110 Ensure IAM password policy prevents password reuse
|
||||
# 70 A.9 Access Control A.9.4 System and Application Access Control check19 Ensure IAM password policy requires minimum length of 14 or greater
|
||||
# 71 A.9 Access Control A.9.4 System and Application Access Control check18 Ensure IAM password policy require at least one number
|
||||
# 72 A.9 Access Control A.9.4 System and Application Access Control check17 Ensure IAM password policy require at least one symbol
|
||||
# 73 A.9 Access Control A.9.4 System and Application Access Control check16 Ensure IAM password policy require at least one lowercase letter
|
||||
# 74 A.9 Access Control A.9.4 System and Application Access Control check15 Ensure IAM password policy requires at least one uppercase letter
|
||||
# 75 A.9 Access Control A.9.4 System and Application Access Control check11 Avoid the use of the 'root' account
|
||||
# 76 A.9 Access Control A.9.4 System and Application Access Control check116 Ensure IAM policies are attached only to groups or roles
|
||||
# 77 A.9 Access Control A.9.4 System and Application Access Control check12 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have console access
|
||||
# 78 A.9 Access Control A.9.4 System and Application Access Control check113 Ensure MFA is enabled for the 'root' account
|
||||
# 79 A.9 Access Control A.9.4 System and Application Access Control check14 Ensure access keys are rotated every 90 days or less
|
||||
# 80 A.9 Access Control A.9.4 System and Application Access Control check13 Ensure credentials unused for 90 days or greater are disabled
|
||||
# 81 A.9 Access Control A.9.4 System and Application Access Control check112 Ensure no root account access key exists
|
||||
# 1 A.9 Access Control A.9.2 User Access Management check122 Ensure IAM policies that allow full "*:*" administrative privileges are not created.
|
||||
# 2 A.9 Access Control A.9.2 User Access Management check111 Ensure IAM password policy expires passwords within 90 days or less
|
||||
# 3 A.9 Access Control A.9.2 User Access Management check110 Ensure IAM password policy prevents password reuse
|
||||
# 4 A.9 Access Control A.9.2 User Access Management check19 Ensure IAM password policy requires minimum length of 14 or greater
|
||||
# 5 A.9 Access Control A.9.2 User Access Management check18 Ensure IAM password policy require at least one number
|
||||
# 6 A.9 Access Control A.9.2 User Access Management check17 Ensure IAM password policy require at least one symbol
|
||||
# 7 A.9 Access Control A.9.2 User Access Management check16 Ensure IAM password policy require at least one lowercase letter
|
||||
# 8 A.9 Access Control A.9.2 User Access Management check15 Ensure IAM password policy requires at least one uppercase letter
|
||||
# 9 A.9 Access Control A.9.2 User Access Management check11 Avoid the use of the 'root' account
|
||||
# 10 A.9 Access Control A.9.2 User Access Management check116 Ensure IAM policies are attached only to groups or roles
|
||||
# 11 A.9 Access Control A.9.2 User Access Management check12 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have console access
|
||||
# 12 A.9 Access Control A.9.2 User Access Management check114 Ensure MFA is enabled for the 'root' account
|
||||
# 13 A.9 Access Control A.9.2 User Access Management check115 Ensure security questions are registered in the AWS account
|
||||
# 14 A.9 Access Control A.9.2 User Access Management check14 Ensure access keys are rotated every 90 days or less
|
||||
# 15 A.9 Access Control A.9.2 User Access Management check13 Ensure credentials unused for 90 days or greater are disabled
|
||||
# 16 A.9 Access Control A.9.2 User Access Management check112 Ensure no root account access key exists
|
||||
# 17 A.9 Access Control A.9.2 User Access Management check119 Ensure IAM instance roles are used for AWS resource access from instances
|
||||
# 18 A.9 Access Control A.9.2 User Access Management extra71 Ensure users of groups with AdministratorAccess policy have MFA tokens enabled
|
||||
# 19 A.9 Access Control A.9.2 User Access Management extra7100 Ensure that no custom policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *)
|
||||
# 20 A.9 Access Control A.9.2 User Access Management extra7123 Check if IAM users have two active access keys
|
||||
# 21 A.9 Access Control A.9.2 User Access Management extra7125 Check if IAM users have Hardware MFA enabled.
|
||||
# 22 A.9 Access Control A.9.2 User Access Management extra769 Check if IAM Access Analyzer is enabled and its findings
|
||||
# 23 A.9 Access Control A.9.2 User Access Management extra774 Ensure credentials unused for 30 days or greater are disabled.
|
||||
# 24 A.9 Access Control A.9.3 User Responsibilities check111 Ensure IAM password policy expires passwords within 90 days or less
|
||||
# 25 A.9 Access Control A.9.3 User Responsibilities check110 Ensure IAM password policy prevents password reuse
|
||||
# 26 A.9 Access Control A.9.3 User Responsibilities check19 Ensure IAM password policy requires minimum length of 14 or greater
|
||||
# 27 A.9 Access Control A.9.3 User Responsibilities check18 Ensure IAM password policy require at least one number
|
||||
# 28 A.9 Access Control A.9.3 User Responsibilities check17 Ensure IAM password policy require at least one symbol
|
||||
# 29 A.9 Access Control A.9.3 User Responsibilities check16 Ensure IAM password policy require at least one lowercase letter
|
||||
# 30 A.9 Access Control A.9.3 User Responsibilities check15 Ensure IAM password policy requires at least one uppercase letter
|
||||
# 31 A.9 Access Control A.9.3 User Responsibilities check12 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have console access
|
||||
# 32 A.9 Access Control A.9.3 User Responsibilities check14 Ensure access keys are rotated every 90 days or less
|
||||
# 33 A.9 Access Control A.9.3 User Responsibilities check13 Ensure credentials unused for 90 days or greater are disabled
|
||||
# 34 A.9 Access Control A.9.4 System and Application Access Control check122 Ensure IAM policies that allow full "*:*" administrative privileges are not created.
|
||||
# 35 A.9 Access Control A.9.4 System and Application Access Control check111 Ensure IAM password policy expires passwords within 90 days or less
|
||||
# 36 A.9 Access Control A.9.4 System and Application Access Control check110 Ensure IAM password policy prevents password reuse
|
||||
# 37 A.9 Access Control A.9.4 System and Application Access Control check19 Ensure IAM password policy requires minimum length of 14 or greater
|
||||
# 38 A.9 Access Control A.9.4 System and Application Access Control check18 Ensure IAM password policy require at least one number
|
||||
# 39 A.9 Access Control A.9.4 System and Application Access Control check17 Ensure IAM password policy require at least one symbol
|
||||
# 40 A.9 Access Control A.9.4 System and Application Access Control check16 Ensure IAM password policy require at least one lowercase letter
|
||||
# 41 A.9 Access Control A.9.4 System and Application Access Control check15 Ensure IAM password policy requires at least one uppercase letter
|
||||
# 42 A.9 Access Control A.9.4 System and Application Access Control check11 Avoid the use of the 'root' account
|
||||
# 43 A.9 Access Control A.9.4 System and Application Access Control check116 Ensure IAM policies are attached only to groups or roles
|
||||
# 44 A.9 Access Control A.9.4 System and Application Access Control check12 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have console access
|
||||
# 45 A.9 Access Control A.9.4 System and Application Access Control check113 Ensure MFA is enabled for the 'root' account
|
||||
# 46 A.9 Access Control A.9.4 System and Application Access Control check14 Ensure access keys are rotated every 90 days or less
|
||||
# 47 A.9 Access Control A.9.4 System and Application Access Control check13 Ensure credentials unused for 90 days or greater are disabled
|
||||
# 48 A.9 Access Control A.9.4 System and Application Access Control check112 Ensure no root account access key exists
|
||||
# 49 A.9 Access Control A.9.4 System and Application Access Control extra7113 Check if RDS instances have deletion protection enabled
|
||||
# 50 A.9 Access Control A.9.4 System and Application Access Control extra72 Ensure there are no EBS Snapshots set as Public
|
||||
# 51 A.9 Access Control A.9.4 System and Application Access Control extra723 Check if RDS Snapshots and Cluster Snapshots are public
|
||||
# 52 A.9 Access Control A.9.4 System and Application Access Control extra727 Check if SQS queues have policy set as Public
|
||||
# 53 A.9 Access Control A.9.4 System and Application Access Control extra73 Ensure there are no S3 buckets open to Everyone or Any AWS user
|
||||
# 54 A.9 Access Control A.9.4 System and Application Access Control extra731 Check if SNS topics have policy set as Public
|
||||
# 55 A.9 Access Control A.9.4 System and Application Access Control extra756 Check if Redshift cluster is Public Accessible
|
||||
# 56 A.9 Access Control A.9.4 System and Application Access Control extra76 Ensure there are no EC2 AMIs set as Public
|
||||
# 57 A.9 Access Control A.9.4 System and Application Access Control extra77 Ensure there are no ECR repositories set as Public
|
||||
# 58 A.9 Access Control A.9.4 System and Application Access Control extra771 Check if S3 buckets have policies which allow WRITE access
|
||||
# 59 A.9 Access Control A.9.4 System and Application Access Control extra795 Ensure EKS Clusters are created with Private Endpoint Enabled and Public Access Disabled
|
||||
# 60 A.9 Access Control A.9.4 System and Application Access Control extra796 Restrict Access to the EKS Control Plane Endpoint
|
||||
# 61 A.10 Cryptography A.10.1 Cryptographic Controls extra735 Setup Encryption at rest for RDS instances
|
||||
# 62 A.10 Cryptography A.10.1 Cryptographic Controls extra792 Check if Elastic Load Balancers have insecure SSL ciphers
|
||||
# 63 A.10 Cryptography A.10.1 Cryptographic Controls check37 Detect Customer Master Keys (CMKs) scheduled for deletion
|
||||
# 64 A.10 Cryptography A.10.1 Cryptographic Controls check27 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
|
||||
# 65 A.10 Cryptography A.10.1 Cryptographic Controls check28 Ensure rotation for customer created KMS CMKs is enabled
|
||||
# 66 A.10 Cryptography A.10.1 Cryptographic Controls extra7126 Check if there are CMK KMS keys not used
|
||||
# 67 A.10 Cryptography A.10.1 Cryptographic Controls extra7128 Check if DynamoDB table has encryption at rest enabled using CMK KMS
|
||||
# 68 A.10 Cryptography A.10.1 Cryptographic Controls extra7130 Ensure there are no SNS Topics unencrypted
|
||||
# 69 A.10 Cryptography A.10.1 Cryptographic Controls extra724 Check if ACM certificates have Certificate Transparency logging enabled
|
||||
# 70 A.10 Cryptography A.10.1 Cryptographic Controls extra728 Check if SQS queues have Server Side Encryption enabled
|
||||
# 71 A.10 Cryptography A.10.1 Cryptographic Controls extra729 Ensure there are no EBS Volumes unencrypted
|
||||
# 72 A.10 Cryptography A.10.1 Cryptographic Controls extra761 Check if EBS Default Encryption is activated
|
||||
# 73 A.10 Cryptography A.10.1 Cryptographic Controls extra764 Check if S3 buckets have secure transport policy
|
||||
# 74 A.10 Cryptography A.10.1 Cryptographic Controls extra767 Check if CloudFront distributions have Field Level Encryption enabled
|
||||
# 75 A.10 Cryptography A.10.1 Cryptographic Controls extra791 Check if CloudFront distributions are using deprecated SSL protocols
|
||||
# 76 A.10 Cryptography A.10.1 Cryptographic Controls extra793 Check if Elastic Load Balancers have SSL listeners
|
||||
# 77 A.12 Operations Security A.12.3 Information Backup extra739 Check if RDS instances have backup enabled
|
||||
# 78 A.12 Operations Security A.12.4 Logging and Monitoring check314 Ensure a log metric filter and alarm exist for VPC changes
|
||||
# 79 A.12 Operations Security A.12.4 Logging and Monitoring check313 Ensure a log metric filter and alarm exist for route table changes
|
||||
# 80 A.12 Operations Security A.12.4 Logging and Monitoring check312 Ensure a log metric filter and alarm exist for changes to network gateways
|
||||
# 81 A.12 Operations Security A.12.4 Logging and Monitoring check311 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)
|
||||
# 82 A.12 Operations Security A.12.4 Logging and Monitoring check310 Ensure a log metric filter and alarm exist for security group changes
|
||||
# 83 A.12 Operations Security A.12.4 Logging and Monitoring check39 Ensure a log metric filter and alarm exist for AWS Config configuration changes
|
||||
# 84 A.12 Operations Security A.12.4 Logging and Monitoring check39 Check if CloudFront distributions have logging enabled
|
||||
# 85 A.12 Operations Security A.12.4 Logging and Monitoring extra719 Check if Route53 public hosted zones are logging queries to CloudWatch Logs
|
||||
# 86 A.12 Operations Security A.12.4 Logging and Monitoring extra720 Check if Lambda functions invoke API operations are being recorded by CloudTrail
|
||||
# 87 A.12 Operations Security A.12.4 Logging and Monitoring extra722 Check if API Gateway has logging enabled
|
||||
# 88 A.12 Operations Security A.12.4 Logging and Monitoring check38 Ensure a log metric filter and alarm exist for S3 bucket policy changes
|
||||
# 89 A.12 Operations Security A.12.4 Logging and Monitoring check37 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
|
||||
# 90 A.12 Operations Security A.12.4 Logging and Monitoring check36 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
|
||||
# 91 A.12 Operations Security A.12.4 Logging and Monitoring check35 Ensure a log metric filter and alarm exist for CloudTrail configuration changes
|
||||
# 92 A.12 Operations Security A.12.4 Logging and Monitoring check34 Ensure a log metric filter and alarm exist for IAM policy changes
|
||||
# 93 A.12 Operations Security A.12.4 Logging and Monitoring check33 Ensure a log metric filter and alarm exist for usage of "root" account
|
||||
# 94 A.12 Operations Security A.12.4 Logging and Monitoring check32 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA
|
||||
# 95 A.12 Operations Security A.12.4 Logging and Monitoring check31 Ensure a log metric filter and alarm exist for unauthorized API calls
|
||||
# 96 A.12 Operations Security A.12.4 Logging and Monitoring check26 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
|
||||
# 97 A.12 Operations Security A.12.4 Logging and Monitoring check25 Ensure AWS Config is enabled in all regions
|
||||
# 98 A.12 Operations Security A.12.4 Logging and Monitoring check24 Ensure CloudTrail trails are integrated with CloudWatch Logs
|
||||
# 99 A.12 Operations Security A.12.4 Logging and Monitoring check29 Ensure VPC flow logging is enabled in all VPCs
|
||||
#100 A.12 Operations Security A.12.4 Logging and Monitoring check23 Ensure the S3 bucket CloudTrail logs to is not publicly accessible
|
||||
#101 A.12 Operations Security A.12.4 Logging and Monitoring check21 Ensure CloudTrail is enabled in all regions
|
||||
#102 A.12 Operations Security A.12.4 Logging and Monitoring check21 Ensure CloudTrail is enabled in all regions
|
||||
#103 A.12 Operations Security A.12.4 Logging and Monitoring extra725 Check if S3 buckets have Object-level logging enabled in CloudTrail
|
||||
#104 A.12 Operations Security A.12.4 Logging and Monitoring extra794 Ensure EKS Control Plane Audit Logging is enabled for all log types
|
||||
#105 A.12 Operations Security A.12.4 Logging and Monitoring extra747 Check if RDS instances is integrated with CloudWatch Logs
|
||||
#106 A.12 Operations Security A.12.4 Logging and Monitoring extra718 Check if S3 buckets have server access logging enabled
|
||||
#107 A.12 Operations Security A.12.6 Technical Vulnerability Management check43 Ensure the default security group of every VPC restricts all traffic
|
||||
#108 A.12 Operations Security A.12.6 Technical Vulnerability Management check42 Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389
|
||||
#109 A.12 Operations Security A.12.6 Technical Vulnerability Management check41 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22
|
||||
#110 A.12 Operations Security A.12.6 Technical Vulnerability Management extra76 Check for publicly shared AMIs
|
||||
#111 A.12 Operations Security A.12.6 Technical Vulnerability Management extra72 Ensure EBS snapshots are not publicly accessible
|
||||
#112 A.12 Operations Security A.12.6 Technical Vulnerability Management extra731 Ensure SNS topics do not allow global send or subscribe
|
||||
#113 A.12 Operations Security A.12.6 Technical Vulnerability Management extra711 Ensure Redshift clusters do not have a public endpoint
|
||||
#114 A.12 Operations Security A.12.6 Technical Vulnerability Management extra723 Ensure RDS snapshots are not publicly accessible
|
||||
#115 A.12 Operations Security A.12.6 Technical Vulnerability Management extra78 Ensure RDS instances are not accessible to the world.
|
||||
#116 A.12 Operations Security A.12.6 Technical Vulnerability Management check23 Ensure the S3 bucket CloudTrail logs to is not publicly accessible
|
||||
#117 A.12 Operations Security A.12.6 Technical Vulnerability Management extra713 Check if GuardDuty is enabled
|
||||
#118 A.12 Operations Security A.12.6 Technical Vulnerability Management extra726 Check Trusted Advisor for errors and warnings
|
||||
#119 A.12 Operations Security A.12.6 Technical Vulnerability Management extra776 Check if ECR image scan found vulnerabilities in the newest image version
|
||||
#120 A.13 Communications Security A.13.1 Network Security Management check43 Ensure the default security group of every VPC restricts all traffic
|
||||
#121 A.13 Communications Security A.13.1 Network Security Management check42 Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389
|
||||
#122 A.13 Communications Security A.13.1 Network Security Management check41 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22
|
||||
#123 A.13 Communications Security A.13.1 Network Security Management extra72 Ensure EBS snapshots are not publicly accessible
|
||||
#124 A.13 Communications Security A.13.1 Network Security Management extra731 Ensure SNS topics do not allow global send or subscribe
|
||||
#125 A.13 Communications Security A.13.1 Network Security Management extra711 Ensure Redshift clusters do not have a public endpoint
|
||||
#126 A.13 Communications Security A.13.1 Network Security Management extra723 Ensure RDS snapshots are not publicly accessible
|
||||
#127 A.13 Communications Security A.13.1 Network Security Management extra78 Ensure RDS instances are not accessible to the world.
|
||||
#128 A.13 Communications Security A.13.1 Network Security Management extra798 Ensure Lambda Functions are not publicly accessible
|
||||
#129 A.13 Communications Security A.13.1 Network Security Management check44 Ensure routing tables for VPC peering are \"least access\"
|
||||
#130 A.13 Communications Security A.13.1 Network Security Management extra710 Check for internet facing EC2 Instances
|
||||
#131 A.13 Communications Security A.13.1 Network Security Management extra711 Check for Publicly Accessible Redshift Clusters
|
||||
#132 A.13 Communications Security A.13.1 Network Security Management extra748 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port
|
||||
#133 A.13 Communications Security A.13.1 Network Security Management extra7129 Check if Application Load Balancer has a WAF ACL attached
|
||||
#134 A.13 Communications Security A.13.1 Network Security Management extra74 Ensure there are no Security Groups without ingress filtering being used
|
||||
#135 A.13 Communications Security A.13.1 Network Security Management extra777 Find VPC security groups with many ingress or egress rules
|
||||
#136 A.13 Communications Security A.13.1 Network Security Management extra778 Find VPC security groups with wide-open public IPv4 CIDR ranges (non-RFC1918)
|
||||
#137 A.13 Communications Security A.13.1 Network Security Management extra789 Find trust boundaries in VPC endpoint services connections
|
||||
#138 A.13 Communications Security A.13.1 Network Security Management extra79 Check for internet facing Elastic Load Balancers
|
||||
#139 A.13 Communications Security A.13.1 Network Security Management extra790 Find trust boundaries in VPC endpoint services whitelisted principles
|
||||
#140 A.13 Communications Security A.13.1 Network Security Management extra78 Ensure there are no Public Accessible RDS instances
|
||||
#141 A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support extra731 Check if SNS topics have policy set as Public
|
||||
#142 A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support extra741 Find secrets in EC2 User Data
|
||||
#143 A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support extra75 Ensure there are no Security Groups not being used
|
||||
#144 A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support extra757 Check EC2 Instances older than 6 months
|
||||
#145 A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support extra758 Check EC2 Instances older than 12 months
|
||||
#146 A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support extra759 Find secrets in Lambda functions variables
|
||||
#147 A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support extra760 Find secrets in Lambda functions code
|
||||
#148 A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support extra762 Find obsolete Lambda runtimes
|
||||
#149 A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support extra765 Check if ECR image scan on push is enabled
|
||||
#150 A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support extra768 Find secrets in ECS task definitions variables
|
||||
#151 A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support extra772 Check if elastic IPs are unused
|
||||
#152 A.18 Compliance A.18.1 Compliance with Legal and Regulatory Reqs check22 Ensure CloudTrail log file validation is enabled
|
||||
#153 A.18 Compliance A.18.1 Compliance with Legal and Regulatory Reqs extra721 Check if Redshift cluster has audit logging enabled
|
||||
#154 A.18 Compliance A.18.1 Compliance with Legal and Regulatory Reqs extra763 Check if S3 buckets have object versioning enabled
|
||||
|
||||
Reference in New Issue
Block a user