aws_compliance

AWS Compliance

To help protect sensitive data at rest, ensure encryption is enabled for your AWS CloudWatch Log Groups.

cloudtrail_trail_logs_encrypted_with_kms_cmk

gxp_21_cfr_part_11_11_10_c

11.10(c) Protection of records to enable their accurate and ready retrieval throughout the records retention period

gxp_21_cfr_part_11_11_30

11.30 Controls for open systems

hipaa_security_rule_2003_164_308_a_1_ii_b

164.308(a)(1)(ii)(B) Risk management

hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_b

hipaa_security_rule_2003_164_308_a_1_ii_d

164.308(a)(1)(ii)(D) Information system activity review

hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_d

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_a

164.308(a)(4)(ii)(A) Isolating healthcare clearing house functions

hipaa_security_rule_2003_164_308_a_4_ii_a

hipaa_security_rule_2003_164_312_a_2_iv

164.312(a)(2)(iv) Encryption and decryption

hipaa_final_omnibus_security_rule_2013_164_312_a_2_iv

hipaa_security_rule_2003_164_312_c_1

164.312(c)(1) Integrity

hipaa_final_omnibus_security_rule_2013_164_312_c_1

hipaa_security_rule_2003_164_312_c_2

164.312(c)(2) Mechanism to authenticate electronic protected health information

hipaa_final_omnibus_security_rule_2013_164_312_c_2

hipaa_security_rule_2003_164_312_e_2_ii

164.312(e)(2)(ii) Encryption

hipaa_final_omnibus_security_rule_2013_164_312_e_2_ii

hipaa_security_rule_2003_164_314_b_1

164.314(b)(1) Requirements for group health plans

hipaa_final_omnibus_security_rule_2013_164_314_b_1

hipaa_security_rule_2003_164_314_b_2

164.314(b)(2) Implementation specifications

hipaa_final_omnibus_security_rule_2013_164_314_b_2

hipaa_final_omnibus_security_rule_2013_164_314_b_2_i

164.314(b)(2)(i)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_ii

164.314(b)(2)(ii)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_iii

164.314(b)(2)(iii)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_iv

164.314(b)(2)(iv)

nist_800_171_rev_2_3_12_1

3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application

nist_800_171_rev_2_3_12_3

3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls

nist_800_171_rev_2_3_12_4

3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems

nist_800_171_rev_2_3_13_11

3.13.11 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI

nist_800_171_rev_2_3_13_16

3.13.16 Protect the confidentiality of CUI at rest

nist_800_171_rev_2_3_3_8

3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion

pci_dss_v321_requirement_3_4

3.4 Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) by using approaches like one-way hashes based on strong cryptography, truncation etc

pci_dss_v321_requirement_3_4_1

3.4.1 If disk encryption is used (rather than file- or column-level database encryption), logical access must be managed separately and independently of native operating system authentication and access control mechanisms (for example, by not using local user account databases or general network login credentials)

pci_dss_v321_requirement_3_4_1_a

3.4.1.a If disk encryption is used, inspect the configuration and observe the authentication process to verify that logical access to encrypted file systems is implemented via a mechanism that is separate from the native operating system's authentication mechanism (for example, not using local user account databases or general network login credentials)

pci_dss_v321_requirement_3_4_1_c

3.4.1.c Examine the configurations and observe the processes to verify that cardholder data on removable media is encrypted wherever stored

pci_dss_v321_requirement_3_4_a

3.4.a Examine documentation about the system used to protect the PAN, including the vendor, type of system/process, and the encryption algorithms (if applicable) to verify that the PAN is rendered unreadable using methods like truncation,one-way hashes based on strong cryptography etc

pci_dss_v321_requirement_3_4_b

3.4.b Examine several tables or files from a sample of data repositories to verify the PAN is rendered unreadable (that is, not stored in plain-text)

pci_dss_v321_requirement_3_4_d

3.4.d Examine a sample of audit logs, including payment application logs, to confirm that PAN is rendered unreadable or is not present in the logs

cis_controls_v8_ig1_4_6

4.6 Securely Manage Enterprise Assets and Software

nydfs_23_500_02_a

500.02(a)

nydfs_23_500_15_a

500.15(a)

gxp_eu_annex_11_operational_phase_7_1

7.1 Data Storage - Damage Protection

pci_dss_v321_requirement_8_2_1_a

8.2.1.a Examine vendor documentation and system configuration settings to verify that passwords are protected with strong cryptography during transmission and storage

acsc_essential_eight_ml_3_1_7

ACSC-EE-ML3-1.7: Application control ML3

acsc_essential_eight_ml_3_5_16

ACSC-EE-ML3-5.16: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_7_9

ACSC-EE-ML3-7.9: Multi-factor authentication ML3

nist_800_53_rev_5_au_9_3

AU-9(3) Cryptographic Protection

rbi_cyber_security_annex_i_1_3

Annex I (1.3)

article_25

Article 25 Data protection by design and by default

article_30

Article 30 Records of processing activities

article_32

Article 32 Security of processing

soc_2_cc_6_1

CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives

soc_2_cc_6_2

CC6.2 Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity

nist_800_53_rev_5_cm_6_a

CM-6(a)

nist_800_53_rev_5_cm_9_b

CM-9(b)

nist_800_53_rev_5_cp_9_d

CP-9(d)

all_controls_cloudtrail

CloudTrail

nist_csf_de_cm_2

DE.CM-2

nist_csf_id_ra_1

ID.RA-1

nist_csf_id_ra_5

ID.RA-5

nist_csf_id_sc_4

ID.SC-4

nist_csf_pr_ds_1

PR.DS-1

nist_800_53_rev_4_sc_28

Protection Of Information At Rest (SC-28)

nist_800_53_rev_4_au_9

Protection of Audit Information (AU-9)

fedramp_low_rev_4_au_9

fedramp_moderate_rev_4_au_9

fedramp_moderate_rev_4_sc_28

Protection of Information at Rest (SC-28)

nist_800_53_rev_5_sc_13_a

SC-13(a)

nist_800_53_rev_5_sc_28_1

SC-28(1) Cryptographic Protection

nist_800_53_rev_5_sc_8_3

SC-8(3) Cryptographic Protection For Message Externals

nist_800_53_rev_5_sc_8_4

SC-8(4) Conceal Or Ramdomize Communications

nist_800_53_rev_5_si_19_4

SI-19(4) Removal, Masking, Encryption, Hashing, Or Replacement Of Direct Identifiers

cisa_cyber_essentials_your_data_1

Your Data-1

cisa_cyber_essentials_your_data_2

Your Data-2

cisa_cyber_essentials_your_systems_3

Your Systems-3

CloudTrail trail logs should be encrypted with KMS CMK

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: CloudTrail trail logs should be encrypted with KMS CMK

Description

Usage

SQL

Tags