aws_compliance

AWS Compliance

Check if AWS Elastic Container Service (AWS ECS) task definition with host networking mode has 'privileged' or 'user' container definitions.The rule is non-compliant for task definitions with host network mode and container definitions of privileged=false or empty and user=root or empty.

ecs_task_definition_user_for_host_mode_check

gxp_21_cfr_part_11_11_10_d

11.10(d) Limiting system access to authorized individuals

gxp_21_cfr_part_11_11_10_g

11.10(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand

hipaa_final_omnibus_security_rule_2013_164_308_a_3_i

164.308(a)(3)(i) Workforce security

hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_a

164.308(a)(3)(ii)(A) Authorization and/or supervision

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_c

164.308(a)(4)(ii)(C) Access establishment and modification

hipaa_final_omnibus_security_rule_2013_164_312_a_1

164.312(a)(1) Access control

nist_800_171_rev_2_3_1_2

3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute

nist_800_171_rev_2_3_1_4

3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion

cis_controls_v8_ig1_3_3

3.3 Configure Data Access Control Lists

nydfs_23_500_07

500.07 Access Privileges and Management

fedramp_moderate_rev_4_ac_2_j

AC-2(j)

nist_800_53_rev_5_ac_5_b

AC-5(b)

fedramp_moderate_rev_4_ac_5_c

AC-5(c)

fedramp_moderate_rev_4_ac_3

Access Enforcement (AC-3)

nist_800_53_rev_5_ac_3

fedramp_low_rev_4_ac_3

fedramp_low_rev_4_ac_2

Account Management (AC-2)

nist_800_53_rev_5_cm_5_1_a

CM-5(1)(a)

ffiec_d_3_pc_am_b_1

D3.PC.Am.B.1

all_controls_ecs

nist_csf_pr_ac_1

PR.AC-1

nist_csf_pr_ac_4

PR.AC-4

nist_csf_pr_pt_3

PR.PT-3

cisa_cyber_essentials_your_systems_3

Your Systems-3

ECS task definition container definitions should be checked for host mode

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: ECS task definition container definitions should be checked for host mode

Description

Usage

SQL

Tags