D9.AWS.AS.44 | Ensure Resource Access Manager customer managed permissions should have tags | Informational | New | | | | - AWS Health Insurance Portability and Accountability Act (U.S. HIPAA)
- AWS Payment Card Industry Data Security Standard (PCI DSS) v4.0
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS NY Department of Financial Services (DFS) 23 CRR 500
- AWS New Zealand Information Security Manual (NZ ISM) v3.6
- AWS Australian Cyber Security Centre (ACSC) Information Security Manual
- AWS US FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS U.S. Sarbanes-Oxley Act (Section 404)
- AWS Secure Controls Framework (SCF)
- AWS ISO 27002:2022
- AWS NIST Cybersecurity Framework (CSF) v1.1
|
D9.AWS.DR.17 | Ensure AWS Elastic Block Store (EBS) volumes have recent snapshots available for point-in-time recovery | High | Modification | | - EbsSnapshot should not have createTime before(-7, 'days')
| - Volume should have getResources('EbsSnapshot') contain [$.createTime after(-7, 'days') and $.volumeId = ~.volumeId]
| - AWS NIST Special Publication 800-53 (Rev. 5)
- CloudGuard AWS All Rules Ruleset
- AWS APRA 234
- AWS US FedRAMP R5 (moderate)
- AWS U. S. FFIEC Cybersecurity Assessment Tool (CAT)
- AWS U.S. Sarbanes-Oxley Act (Section 404)
- AWS Secure Controls Framework (SCF)
- AWS NIST Cybersecurity Framework (CSF) v1.1
|
D9.AWS.DR.19 | Ensure that Lightsail Relational Database has a recent snapshot | High | Modification | | - LightsailRelationalDatabase should have latestRestorableTime before(7, 'days')
| - LightsailRelationalDatabase should have latestRestorableTime after(-7, 'days')
| - AWS NIST Special Publication 800-53 (Rev. 5)
- CloudGuard AWS All Rules Ruleset
- AWS US FedRAMP R5 (moderate)
- AWS U. S. FFIEC Cybersecurity Assessment Tool (CAT)
- AWS U.S. Sarbanes-Oxley Act (Section 404)
- AWS Secure Controls Framework (SCF)
- AWS NIST Cybersecurity Framework (CSF) v1.1
|
D9.AWS.LOG.58 | Ensure that Access Logging should be enabled for AWS Elemental MediaStore Container | Medium | New | | | | - CloudGuard AWS All Rules Ruleset
|
D9.AWS.OPE.152 | Ensure that AWS Elemental MediaStore Container should be ACTIVE | Low | New | | | | - CloudGuard AWS All Rules Ruleset
|
D9.GCP.OPE.29 | Ensure that only usable Instance are available in Filestore | Low | New | | | | - CloudGuard GCP All Rules Ruleset
|
D9.ALI.CRY.08 | Ensure Apsara File Storage NAS are encrypted | High | New | | | | - CloudGuard Alibaba All Rules Ruleset
|
D9.ALI.CRY.09 | Ensure Apsara File Storage NAS should have Encryption Type selected | High | New | | | | - CloudGuard Alibaba All Rules Ruleset
|
D9.ALI.CRY.10 | Ensure that Automatic Rotation is enabled for KMS | High | New | | | | - CloudGuard Alibaba All Rules Ruleset
|
D9.ALI.CRY.11 | Ensure that Deletion Protection is Enabled for KMS | High | New | | | | - CloudGuard Alibaba All Rules Ruleset
|
D9.ALI.CRY.12 | Ensure only usable Keys are in the KMS | Low | New | | | | - CloudGuard Alibaba All Rules Ruleset
|
D9.ALI.OPE.03 | Ensure that Apsara File Storage NAS should have tags | Low | New | | | | - CloudGuard Alibaba All Rules Ruleset
|
D9.OCI.AS.08 | Ensure that a newly created region subscription's status is ready | Informational | New | | | | - CloudGuard OCI All Rules Ruleset
|
D9.K8S.IA.UN.5 | Container Image – ScanSummary | Critical | New | | | | - Workload Vulnerability 2.0 with ScanSummary rule
|
D9.AWS.OPE.131 | Ensure Resource Access Manager customer managed permissions should have tags | Informational | Removal | | | | - AWS Health Insurance Portability and Accountability Act (U.S. HIPAA)
- AWS Payment Card Industry Data Security Standard (PCI DSS) v4.0
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS NY Department of Financial Services (DFS) 23 CRR 500
- AWS New Zealand Information Security Manual (NZ ISM) v3.6
- AWS Australian Cyber Security Centre (ACSC) Information Security Manual
- AWS US FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS U.S. Sarbanes-Oxley Act (Section 404)
- AWS Secure Controls Framework (SCF)
- AWS ISO 27002:2022
- AWS NIST Cybersecurity Framework (CSF) v1.1
|