ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0e22458e8690459001ea83d3f418ca5b629e5f8b
prowler/docs/tutorials/compliance.md
Pedro Martín 735af02f59 feat(new_security_framework): AWS Well Architected Framework security pillar (#2382) 
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
2023-05-24 16:38:32 +02:00

2.6 KiB
Raw Blame History

Compliance

Prowler allows you to execute checks based on requirements defined in compliance frameworks.

## List Available Compliance Frameworks In order to see which compliance frameworks are cover by Prowler, you can use option --list-compliance:

prowler <provider> --list-compliance

Currently, the available frameworks are:

  • cis_1.4_aws
  • cis_1.5_aws
  • ens_rd2022_aws
  • aws_audit_manager_control_tower_guardrails_aws
  • aws_foundational_security_best_practices_aws
  • aws_well_architected_framework_security_pillar_aws
  • cisa_aws
  • fedramp_low_revision_4_aws
  • fedramp_moderate_revision_4_aws
  • ffiec_aws
  • gdpr_aws
  • gxp_eu_annex_11_aws
  • gxp_21_cfr_part_11_aws
  • hipaa_aws
  • nist_800_53_revision_4_aws
  • nist_800_53_revision_5_aws
  • nist_800_171_revision_2_aws
  • nist_csf_1.1_aws
  • pci_3.2.1_aws
  • rbi_cyber_security_framework_aws
  • soc2_aws

## List Requirements of Compliance Frameworks For each compliance framework, you can use option --list-compliance-requirements to list its requirements:

prowler <provider> --list-compliance-requirements <compliance_framework(s)>

Example for the first requirements of CIS 1.5 for AWS:

Listing CIS 1.5 AWS Compliance Requirements:

Requirement Id: 1.1
	- Description: Maintain current contact details
	- Checks:
 		account_maintain_current_contact_details

Requirement Id: 1.2
	- Description: Ensure security contact information is registered
	- Checks:
 		account_security_contact_information_is_registered

Requirement Id: 1.3
	- Description: Ensure security questions are registered in the AWS account
	- Checks:
 		account_security_questions_are_registered_in_the_aws_account

Requirement Id: 1.4
	- Description: Ensure no 'root' user account access key exists
	- Checks:
 		iam_no_root_access_key

Requirement Id: 1.5
	- Description: Ensure MFA is enabled for the 'root' user account
	- Checks:
 		iam_root_mfa_enabled

[redacted]

Execute Prowler based on Compliance Frameworks

As we mentioned, Prowler can be execute to analyse you environment based on a specific compliance framework, to do it, you can use option --compliance:

prowler <provider> --compliance <compliance_framework>

Standard results will be shown and additionally the framework information as the sample below for CIS AWS 1.5. For details a CSV file has been generated as well.

Create and contribute adding other Security Frameworks

This information is part of the Developer Guide and can be found here: https://docs.prowler.cloud/en/latest/tutorials/developer-guide/.

Reference in New Issue View Git Blame Copy Permalink