aws_compliance

AWS Compliance

CloudTrail logs a record of every API call made in your account. These log files are stored in an S3 bucket. Security Hub recommends that the S3 bucket policy, or access control list (ACL), be applied to the S3 bucket that CloudTrail logs to prevent public access to the CloudTrail logs.

cloudtrail_bucket_not_public

nist_800_171_rev_2_3_12_1

3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application

nist_800_171_rev_2_3_12_3

3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls

nist_800_171_rev_2_3_12_4

3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems

acsc_essential_eight_ml_2_8_6

ACSC-EE-ML2-8.6: Regular backups ML2

acsc_essential_eight_ml_2_8_8

ACSC-EE-ML2-8.8: Regular backups ML2

acsc_essential_eight_ml_3_1_7

ACSC-EE-ML3-1.7: Application control ML3

acsc_essential_eight_ml_3_5_16

ACSC-EE-ML3-5.16: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_7_9

ACSC-EE-ML3-7.9: Multi-factor authentication ML3

acsc_essential_eight_ml_3_8_6

ACSC-EE-ML3-8.6: Regular backups ML3

acsc_essential_eight_ml_3_8_8

ACSC-EE-ML3-8.8: Regular backups ML3

article_25

Article 25 Data protection by design and by default

all_controls_cloudtrail

CloudTrail

nist_csf_de_cm_2

DE.CM-2

nist_csf_id_ra_1

ID.RA-1

nist_csf_id_ra_5

ID.RA-5

nist_csf_id_sc_4

ID.SC-4

Ensure the S3 bucket CloudTrail logs to is not publicly accessible

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: Ensure the S3 bucket CloudTrail logs to is not publicly accessible

Description

Usage

SQL

Tags