| D9.AWS.CRY.49 | Ensure that AWS Secrets Manager secret rotation interval is smaller than 30 days | Low | Modification | | - Ensure that AWS Secret Manager Secret rotation interval is smaller than 30 days
| - Ensure that AWS Secrets Manager secret rotation interval is smaller than 30 days
| - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS MITRE ATT&CK Framework v11.3
- AWS PCI DSS v4
- AWS HITRUST CSF v11.0
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ISO 27001:2022
- AWS Foundational Security Best Practices (FSBP)
- AWS APRA 234
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS NIST SP 800-172
- AWS PIPEDA
- AWS SOX (Section 404)
- AWS Secure Controls Framework (SCF) v2023.1
- AWS ISO 27002:2022
- AWS NIST CSF v1.1
- AWS CloudGuard Best Practices
- AWS HITRUST CSF v9.2
- AWS ITSG-33 Canada
- AWS MITRE ATT&CK Framework v10
|
| D9.AWS.IAM.83 | Ensure that SQS policy does not allow all actions from all principals | High | Modification | | - Ensure that SQS policy won't allow all actions from all principals
| - Ensure that SQS policy does not allow all actions from all principals
| - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS MITRE ATT&CK Framework v11.3
- AWS PCI DSS v4
- AWS HITRUST CSF v11.0
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS ISO 27001:2022
- AWS ENS 2022 Spain
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS NIST SP 800-172
- AWS PIPEDA
- AWS SOX (Section 404)
- AWS Secure Controls Framework (SCF) v2023.1
- AWS ISO 27002:2022
- AWS NIST CSF v1.1
- AWS CloudGuard Best Practices
- AWS HITRUST CSF v9.2
- AWS ITSG-33 Canada
- AWS MITRE ATT&CK Framework v10
|
| D9.AWS.OPE.107 | Ensure that DAX Parameter Group does not require reboot | High | Modification | | - Ensure that DAX Parameter Group doesn't require reboot
| - Ensure that DAX Parameter Group does not require reboot
| - AWS HIPAA
- AWS NIST SP 800-53 R5
- AWS PCI DSS v4
- CloudGuard AWS All Rules Ruleset
- AWS EU GDPR
- AWS NY DFS 23 CRR 500
- AWS New Zealand ISM v3.6
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS FFIEC Cybersecurity Assessment Tool (CAT)
- AWS SOX (Section 404)
- AWS Secure Controls Framework (SCF) v2023.1
- AWS ISO 27002:2022
- AWS NIST CSF v1.1
|
| D9.AWS.IAM.58 | Ensure SNS Topics administrative actions are not publicly executable without a condition | Critical | Modification | | - Ensure SNS Topics administrative actions aren't publicly executable without a condition
| - Ensure SNS Topics administrative actions are not publicly executable without a condition
| - AWS NIST SP 800-53 R5
- AWS MITRE ATT&CK Framework v11.3
- AWS PCI DSS v4
- AWS HITRUST CSF v11.0
- CloudGuard AWS Default Ruleset
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS ISO 27001:2022
- AWS APRA 234
- AWS ENS 2022 Spain
- AWS MLPS 2.0
- AWS CMMC 2.0 v1.02
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS FFIEC Cybersecurity Assessment Tool (CAT)
- AWS SOX (Section 404)
- AWS Secure Controls Framework (SCF) v2023.1
- AWS ISO 27002:2022
- AWS NIST CSF v1.1
- AWS CloudGuard Best Practices
- AWS HITRUST CSF v9.2
- AWS ITSG-33 Canada
- AWS MITRE ATT&CK Framework v10
|
| D9.GCP.CRY.27 | Ensure that AlloyDB cluster is encrypted using CMEK | High | New | | | | - GCP NIST SP 800-53 R5
- GCP PCI DSS v4
- CloudGuard GCP All Rules Ruleset
- GCP CSA CCM v4
- GCP ENS 2022 Spain
- GCP ACSC ISM
- GCP FedRAMP R5 (moderate)
- GCP ISO 27017:2015
- GCP SWIFT Customer Security Programme CSCF
- GCP NIST SP 800-172
- GCP Secure Controls Framework (SCF) v2023.1
- GCP CMMC 2.0 v1.02
- GCP NIST SP 800-171 R2
- GCP NY DFS 23 CRR 500
- GCP NIST CSF v1.1
- GCP SOC 2 (AICPA TSC 2017 Controls)
- GCP HIPAA
- GCP EU GDPR
|
| D9.GCP.CRY.28 | Ensure that AlloyDB cluster continuous backup is encrypted using CMEK | High | New | | | | - GCP NIST SP 800-53 R5
- GCP PCI DSS v4
- CloudGuard GCP All Rules Ruleset
- GCP CSA CCM v4
- GCP ENS 2022 Spain
- GCP ACSC ISM
- GCP FedRAMP R5 (moderate)
- GCP ISO 27017:2015
- GCP SWIFT Customer Security Programme CSCF
- GCP NIST SP 800-172
- GCP Secure Controls Framework (SCF) v2023.1
- GCP CMMC 2.0 v1.02
- GCP NIST SP 800-171 R2
- GCP NY DFS 23 CRR 500
- GCP NIST CSF v1.1
- GCP SOC 2 (AICPA TSC 2017 Controls)
- GCP HIPAA
- GCP EU GDPR
|
| D9.GCP.CRY.29 | Ensure that AlloyDB backup is encrypted | High | New | | | | - GCP NIST SP 800-53 R5
- GCP PCI DSS v4
- CloudGuard GCP All Rules Ruleset
- GCP CSA CCM v4
- GCP ACSC ISM
- GCP FedRAMP R5 (moderate)
- GCP ISO 27017:2015
- GCP FFIEC Cybersecurity Assessment Tool (CAT)
- GCP NIST SP 800-172
- GCP Secure Controls Framework (SCF) v2023.1
- GCP CMMC 2.0 v1.02
- GCP NIST SP 800-171 R2
- GCP NY DFS 23 CRR 500
- GCP NIST CSF v1.1
- GCP SOC 2 (AICPA TSC 2017 Controls)
- GCP HIPAA
- GCP EU GDPR
|
| D9.GCP.DR.06 | Ensure that AlloyDB cluster has backup policy enabled | High | New | | | | - GCP NIST SP 800-53 R5
- GCP PCI DSS v4
- CloudGuard GCP All Rules Ruleset
- GCP CSA CCM v4
- GCP ENS 2022 Spain
- GCP ACSC ISM
- GCP FedRAMP R5 (moderate)
- GCP ISO 27017:2015
- GCP NIST SP 800-172
- GCP Secure Controls Framework (SCF) v2023.1
- GCP ASD Essential Eight
- GCP CMMC 2.0 v1.02
- GCP NIST SP 800-171 R2
- GCP NIST CSF v1.1
- GCP SOC 2 (AICPA TSC 2017 Controls)
- GCP HIPAA
|
| D9.GCP.MON.07 | Ensure that AlloyDB cluster is healthy | High | New | | | | - GCP NIST SP 800-53 R5
- GCP PCI DSS v4
- CloudGuard GCP All Rules Ruleset
- GCP CSA CCM v4
- GCP ENS 2022 Spain
- GCP ACSC ISM
- GCP FedRAMP R5 (moderate)
- GCP ISO 27017:2015
- GCP SWIFT Customer Security Programme CSCF
- GCP FFIEC Cybersecurity Assessment Tool (CAT)
- GCP Secure Controls Framework (SCF) v2023.1
- GCP NIST SP 800-171 R2
- GCP NY DFS 23 CRR 500
- GCP NIST CSF v1.1
- GCP SOC 2 (AICPA TSC 2017 Controls)
- GCP HIPAA
- GCP EU GDPR
|
| D9.GCP.MON.08 | Ensure that AlloyDB instance is healthy | High | New | | | | - GCP NIST SP 800-53 R5
- GCP PCI DSS v4
- CloudGuard GCP All Rules Ruleset
- GCP CSA CCM v4
- GCP ENS 2022 Spain
- GCP ACSC ISM
- GCP FedRAMP R5 (moderate)
- GCP ISO 27017:2015
- GCP SWIFT Customer Security Programme CSCF
- GCP FFIEC Cybersecurity Assessment Tool (CAT)
- GCP Secure Controls Framework (SCF) v2023.1
- GCP NIST SP 800-171 R2
- GCP NY DFS 23 CRR 500
- GCP NIST CSF v1.1
- GCP SOC 2 (AICPA TSC 2017 Controls)
- GCP HIPAA
- GCP EU GDPR
|
| D9.GCP.NET.81 | Ensure that AlloyDB instance enforces using connectors | Low | New | | | | - GCP NIST SP 800-53 R5
- GCP PCI DSS v4
- CloudGuard GCP All Rules Ruleset
- GCP CSA CCM v4
- GCP ENS 2022 Spain
- GCP ACSC ISM
- GCP FedRAMP R5 (moderate)
- GCP ISO 27017:2015
- GCP FFIEC Cybersecurity Assessment Tool (CAT)
- GCP Secure Controls Framework (SCF) v2023.1
- GCP NIST SP 800-171 R2
- GCP NIST CSF v1.1
- GCP SOC 2 (AICPA TSC 2017 Controls)
- GCP EU GDPR
|
| D9.GCP.OPE.30 | Ensure AlloyDB cluster version is latest | Informational | New | | | | - GCP NIST SP 800-53 R5
- GCP PCI DSS v4
- CloudGuard GCP All Rules Ruleset
- GCP FedRAMP R5 (moderate)
- GCP FFIEC Cybersecurity Assessment Tool (CAT)
- GCP Secure Controls Framework (SCF) v2023.1
- GCP CMMC 2.0 v1.02
- GCP NIST SP 800-171 R2
- GCP NIST CSF v1.1
|