aws_compliance

This control checks whether Amazon DocumentDB cluster snapshots are public. The control fails if any existing Amazon DocumentDB cluster snapshots are public.

docdb_cluster_snapshot_restrict_public_access

pci_dss_v40_requirement_1_2_8

1.2.8: Configuration files for NSCs are secured from unauthorized access and are kept consistent with active network configurations

pci_dss_v40_requirement_1_3_1

1.3.1: Inbound traffic to the CDE is restricted as follows: To only traffic that is necessary, All other traffic is specifically denied

pci_dss_v40_requirement_1_3_2

1.3.2: Outbound traffic from the CDE is restricted as follows: To only traffic that is necessary, All other traffic is specifically denied

pci_dss_v40_requirement_1_4_2

1.4.2: Inbound traffic from untrusted networks to trusted networks is restricted

pci_dss_v40_requirement_1_5_1

1.5.1 Security controls are implemented on any computing devices, including company- and employee-owned devices, that connect to both untrusted networks

pci_dss_v40_requirement_10_3_2

10.3.2: Audit log files are protected to prevent modifications by individuals

pci_dss_v40_requirement_3_5_1_3

3.5.1.3: If disk-level or partition-level encryption is used (rather than file-, column-, or field-level database encryption) to render PAN unreadable

pci_dss_v40_appendix_a1_1_2

A1.1.2: Controls are implemented such that each customer only has permission to access its own cardholder data and CDE

pci_dss_v40_appendix_a1_1_3

A1.1.3: Controls are implemented such that each customer can only access resources allocated to them

pci_dss_v40_appendix_a3_4_1

A3.4.1: User accounts and access privileges to inscope system components are reviewed at least once every six months to ensure user accounts and access privileges remain appropriate based on job function, and that all access is authorized

acsc_essential_eight_ml_2_8_6

ACSC-EE-ML2-8.6: Regular backups ML2

acsc_essential_eight_ml_2_8_8

ACSC-EE-ML2-8.8: Regular backups ML2

acsc_essential_eight_ml_3_8_6

ACSC-EE-ML3-8.6: Regular backups ML3

acsc_essential_eight_ml_3_8_8

ACSC-EE-ML3-8.8: Regular backups ML3

all_controls_docdb

DocumentDB

Amazon DocumentDB cluster snapshots should not be public

foundational_security_docdb_3

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: Amazon DocumentDB cluster snapshots should not be public

Description

Usage

SQL

Tags