| D9.AWS.AS.33 | Ensure that Media Package Channel should have tags | Low | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.45 | Ensure that MediaLive Channel should have Log level | Medium | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.46 | Ensure that Username is set for AWS MediaLive Channel Output Destination Settings | High | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.47 | Ensure that Password parameter is set for AWS MediaLive Channel Output Destination Settings | High | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.48 | Ensure that MediaLive Input should have tags | Low | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.49 | Ensure that MediaLive Reservation should have tags | Low | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.50 | Ensure that MediaLive Input SecurityGroup should have tags | Low | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.51 | Ensure that MediaLive Input Security Groups do not implicitly whitelist all public IP addresses. | High | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.52 | Ensure that MediaPackage Channel should have tags | Low | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.53 | Ensure that ingress access logs is enabled for MediaPackage Channel | High | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.54 | Ensure that egress access logs is enabled for MediaPackage Channel | High | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.55 | Ensure that only successful MediaPackage Harvest jobs are available | Low | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.56 | Ensure that MediaPackage Origin Endpoint should have tags | Low | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.57 | Ensure that authorization is set for MediaPackage Origin Endpoint | High | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.58 | Ensure that Amazon Elastic Transcoder Pipelines are encrypted | High | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.AS.59 | Ensure that a notification is configured for Amazon Elastic Transcoder Pipelines | Medium | New | | | | - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NY DFS 23 CRR 500
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS NIST SP 800-172
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.GCP.VLN.04 | Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is not set to 'on' | Medium | Modification | | - Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
| - Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is not set to 'on'
| - GCP CIS Foundations Benchmark v1.3.0
- GCP CIS Foundations Benchmark v2.0.0
- GCP MITRE ATT&CK Framework v12.1
- CloudGuard GCP All Rules Ruleset
- GCP CIS Critical Security Controls v8
- GCP ENS 2022 Spain
- GCP RMiT Malaysia
- GCP SOX (Section 404)
- GCP Secure Controls Framework (SCF) v2023.1
- GCP ISO 27002:2022
- GCP CIS Foundations Benchmark v3.0.0
- GCP SOC 2 (AICPA TSC 2017 Controls)
- GCP HIPAA
- GCP CIS Foundations Benchmark v1.1.0
- GCP CIS Foundations Benchmark v1.2.0
- GCP CloudGuard Best Practices
|
| D9.GCP.VLN.08 | Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on' | Medium | Modification | | - Ensure '3625 (trace flag)' database flag for Cloud SQL SQL Server instance is set to 'on'
| - Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on'
| - GCP CIS Foundations Benchmark v1.3.0
- GCP NIST SP 800-53 R5
- GCP CIS Foundations Benchmark v2.0.0
- GCP MITRE ATT&CK Framework v12.1
- CloudGuard GCP All Rules Ruleset
- GCP CIS Critical Security Controls v8
- GCP ISO 27001:2022
- GCP ENS 2022 Spain
- GCP RMiT Malaysia
- GCP FedRAMP R5 (moderate)
- GCP ISO 27017:2015
- GCP HITRUST CSF v11.2
- GCP SOX (Section 404)
- GCP Secure Controls Framework (SCF) v2023.1
- GCP ISO 27002:2022
- GCP CRI Profile v1.2
- GCP CIS Foundations Benchmark v3.0.0
- GCP NIST CSF v1.1
- GCP SOC 2 (AICPA TSC 2017 Controls)
- GCP HIPAA
- GCP CIS Foundations Benchmark v1.2.0
- GCP CloudGuard Best Practices
|
| D9.AZU.IAM.46 | Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users | High | Modification | | - User where assignedRoles with [displayName like '%admin%' or displayName like '%contributor%' or displayName like '%creator%' or displayName like '%manage%' or displayName like '%owner%'] should have userCredentialRegistrationDetails.isRegisterWithMfa=true
| - User where assignmentRoles with [ roleName like '%owner%' or roleName like '%admin%' or roleName like '%contributor%' or roleName like '%creat%' or roleName like '%manage%' ] should have userCredentialRegistrationDetails.isRegisterWithMfa=true
| - Azure Security Risk Management
- Azure CIS Foundations Benchmark v1.5.0
- Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- Azure CIS Foundations Benchmark v2.0.0
- CloudGuard Azure All Rules Ruleset
- Azure CSA CCM v4
- CloudGuard Azure Default Ruleset
- Azure ISO 27001:2022
- Azure MLPS 2.0
- Azure ENS 2022 Spain
- Azure ASD Essential Eight
- Azure CMMC 2.0 v1.02
- Azure CRI Profile v1.2
- Azure NIST SP 800-171 R2
- Azure NY DFS 23 CRR 500
- Azure RMiT Malaysia
- Azure ACSC ISM
- Azure CIS Critical Security Controls v8
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure SOX (Section 404)
- Azure Secure Controls Framework (SCF) v2023.1
- Azure New Zealand ISM v3.6
- Azure CIS Foundations Benchmark v2.1.0
- Azure NIST CSF v1.1
- Azure HIPAA
- Azure Dashboard System Ruleset
- Azure CloudGuard Best Practices
- Azure Microsoft Cloud Security Benchmark (MCSB) v1
|
| D9.AZU.IAM.47 | Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users | High | Modification | | - User where assignedRoles isEmpty() or assignedRoles with [ displayName unlike '%admin%' and displayName unlike '%contributor%' and displayName unlike '%creator%' and displayName unlike '%manage%' and displayName unlike '%owner%' ] should have userCredentialRegistrationDetails.isRegisterWithMfa=true
| - User where assignmentRoles isEmpty() or assignmentRoles with [ roleName unlike '%owner%' and roleName unlike '%admin%' and roleName unlike '%contributor%' and roleName unlike '%creat%' and roleName unlike '%manage%' ] should have userCredentialRegistrationDetails.isRegisterWithMfa=true
| - Azure Security Risk Management
- Azure CIS Foundations Benchmark v1.5.0
- Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- Azure CIS Foundations Benchmark v2.0.0
- CloudGuard Azure All Rules Ruleset
- Azure CSA CCM v4
- CloudGuard Azure Default Ruleset
- Azure ASD Essential Eight
- Azure CMMC 2.0 v1.02
- Azure CRI Profile v1.2
- Azure NIST SP 800-171 R2
- Azure NY DFS 23 CRR 500
- Azure RMiT Malaysia
- Azure ACSC ISM
- Azure CIS Critical Security Controls v8
- Azure SWIFT Customer Security Programme CSCF
- Azure SOX (Section 404)
- Azure Secure Controls Framework (SCF) v2023.1
- Azure New Zealand ISM v3.6
- Azure CIS Foundations Benchmark v2.1.0
- Azure NIST CSF v1.1
- Azure HIPAA
- Azure Dashboard System Ruleset
- Azure CloudGuard Best Practices
- Azure Microsoft Cloud Security Benchmark (MCSB) v1
|
| D9.AWS.IAM.59 | Ensure that VPC Endpoint policy does not provide excessive permissions | High | Modification | | - VpcEndpoint should not have policy.Statement contain [Effect='Allow' and (Action = '*' or Action contain ['%s3:*%'] or Action contain ['%dynamodb:*%'] )]
| - VpcEndpoint should have policy.Statement contain-none [ ( (not Principal) or Principal='*') and Effect='Allow' ] and policy.Statement contain-none [ Effect='Allow' and (Action = '*' or Action contain ['%s3:*%'] or Action contain ['%dynamodb:*%'] ) ]
| - AWS NIST SP 800-53 R5
- AWS MITRE ATT&CK Framework v11.3
- AWS PCI DSS v4
- AWS HITRUST CSF v11.0
- AWS CIS Critical Security Controls v8
- CloudGuard AWS All Rules Ruleset
- AWS ISO 27001:2022
- AWS APRA 234
- AWS ENS 2022 Spain
- AWS MLPS 2.0
- AWS CMMC 2.0 v1.02
- AWS CRI Profile v1.2
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS RMiT Malaysia
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS FFIEC Cybersecurity Assessment Tool (CAT)
- AWS SOX (Section 404)
- AWS Secure Controls Framework (SCF) v2023.1
- AWS ISO 27002:2022
- AWS NIST CSF v1.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
- AWS CloudGuard Best Practices
- AWS HITRUST CSF v9.2
- AWS ITSG-33 Canada
- AWS MITRE ATT&CK Framework v10
|
| D9.AWS.NET.1029 | Ensure no security group allows unrestricted inbound access to TCP etcd port (2379) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1030 | Ensure no security group allows unrestricted inbound access to TCP CouchDB port (5984) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1031 | Ensure no security group allows unrestricted inbound access to TCP Kibana port (5601) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1032 | Ensure no security group allows unrestricted inbound access to TCP LDAP port (389) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1033 | Ensure no security group allows unrestricted inbound access to TCP MaxDB port (7210) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1034 | Ensure no security group allows unrestricted inbound access to TCP MSSQL port (1434) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1035 | Ensure no security group allows unrestricted inbound access to TCP NFS port (2049) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1036 | Ensure no security group allows unrestricted inbound access to TCP SQL Analysis Services port (2383) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1037 | Ensure no security group allows unrestricted inbound access to TCP VNC port (5500) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1038 | Ensure no security group allows unrestricted inbound access to TCP/UDP ArangoDB port (8529) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1039 | Ensure no security group allows unrestricted inbound access to TCP/UDP Mini SQL port (4333) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1040 | Ensure no security group allows unrestricted inbound access to TCP/UDP POP3 ports (110,995) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1041 | Ensure no security group allows unrestricted inbound access to TCP Cassandra ports (7000, 7001, 7199, 9042, 9142, 9160) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1042 | Ensure no security group allows unrestricted inbound access to TCP ElasticSearch ports (9200, 9300) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1043 | Ensure no security group allows unrestricted inbound access to TCP MongoDB ports (27017-27020) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1044 | Ensure no security group allows unrestricted inbound access to TCP Oracle DB ports (1521, 1830, 2483, 8098) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1045 | Ensure no security group allows unrestricted inbound access to TCP Riak ports (8087, 8098) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1046 | Ensure no security group allows unrestricted inbound access to TCP Solr ports (7574, 8983) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
|
| D9.AWS.NET.1047 | Ensure no security group allows unrestricted inbound access to TCP VNC ports (5800, 5900) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1048 | Ensure no security group allows unrestricted inbound access to TCP RethinkDB ports (8080, 28015, 29015) or UDP ports (28015, 29015) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.AWS.NET.1049 | Ensure no security group allows unrestricted inbound access to TCP Neo4J ports (7473, 7474), or UDP port (7473) | High | New | | | | - AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS Secure Controls Framework (SCF) v2023.1
- AWS SOC 2 (AICPA TSC 2017 Controls)
|
| D9.GCP.LOG.31 | Ensure Logging is enabled for HTTP(S) Load Balancer | Low | Modification | | - Ensure that logging is enabled for Google Cloud load balancing backend services
| - Ensure Logging is enabled for HTTP(S) Load Balancer
| - GCP NIST SP 800-53 R5
- GCP PCI DSS v4
- CloudGuard GCP All Rules Ruleset
- GCP CIS Critical Security Controls v8
- GCP ISO 27001:2022
- GCP APRA 234
- GCP CSA CCM v4
- GCP ACSC ISM
- GCP SOX (Section 404)
- GCP Secure Controls Framework (SCF) v2023.1
- GCP CRI Profile v1.2
- GCP New Zealand ISM v3.6
- GCP CIS Foundations Benchmark v3.0.0
- GCP HIPAA
|
| D9.GCP.MON.06 | Ensure that only usable Instances are available in BigTable | Low | New | | | | - GCP NIST SP 800-53 R5
- GCP PCI DSS v4
- CloudGuard GCP All Rules Ruleset
- GCP CSA CCM v4
- GCP ENS 2022 Spain
- GCP ACSC ISM
- GCP ISO 27017:2015
- GCP SWIFT Customer Security Programme CSCF
- GCP Secure Controls Framework (SCF) v2023.1
- GCP ASD Essential Eight
|
| D9.AWS.VLN.08 | Ensure Lambda Functions are Not Using Deprecated Runtime | High | Modification | | - Ensure Lambda functions are not using deprecated runtimes
| - Ensure Lambda Functions are Not Using Deprecated Runtime
| - CloudGuard AWS All Rules Ruleset
- AWS Foundational Security Best Practices (FSBP)
- AWS APRA 234
- AWS ACSC ISM
- AWS SOX (Section 404)
- AWS Secure Controls Framework (SCF) v2023.1
- AWS CloudGuard Best Practices
|
| D9.GCP.AS.18 | Ensure that only operational Firebase Realtime Databases are available. | Low | New | | | | - CloudGuard GCP All Rules Ruleset
|
| D9.GCP.MON.04 | Ensure that Split Health Check is enabled for App Engine services | Medium | New | | | | - CloudGuard GCP All Rules Ruleset
|
| D9.GCP.MON.05 | Enable Identity-Aware Proxy (IAP) for App Engine Services | High | New | | | | - CloudGuard GCP All Rules Ruleset
|