aws_compliance

AWS Compliance

Ensure node-to-node encryption for AWS Elasticsearch Service is enabled. Node-to-node encryption enables TLS 1.2 encryption for all communications within the AWS Virtual Private Cloud (AWS VPC).

es_domain_node_to_node_encryption_enabled

gxp_21_cfr_part_11_11_10_d

11.10(d) Limiting system access to authorized individuals

gxp_21_cfr_part_11_11_10_g

11.10(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand

gxp_21_cfr_part_11_11_30

11.30 Controls for open systems

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_a

164.308(a)(4)(ii)(A) Isolating healthcare clearing house functions

hipaa_security_rule_2003_164_308_a_4_ii_a

hipaa_final_omnibus_security_rule_2013_164_312_a_2_iv

164.312(a)(2)(iv) Encryption and decryption

hipaa_security_rule_2003_164_312_c_1

164.312(c)(1) Integrity

hipaa_final_omnibus_security_rule_2013_164_312_c_1

hipaa_security_rule_2003_164_312_e_1

164.312(e)(1) Transmission security

hipaa_final_omnibus_security_rule_2013_164_312_e_1

hipaa_final_omnibus_security_rule_2013_164_312_e_2_ii

164.312(e)(2)(ii) Encryption

hipaa_security_rule_2003_164_314_b_1

164.314(b)(1) Requirements for group health plans

hipaa_final_omnibus_security_rule_2013_164_314_b_1

hipaa_security_rule_2003_164_314_b_2

164.314(b)(2) Implementation specifications

hipaa_final_omnibus_security_rule_2013_164_314_b_2

hipaa_final_omnibus_security_rule_2013_164_314_b_2_i

164.314(b)(2)(i)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_ii

164.314(b)(2)(ii)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_iii

164.314(b)(2)(iii)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_iv

164.314(b)(2)(iv)

nist_800_172_3_1_3_e

3.1.3e Employ [Assignment: organization-defined secure information transfer solutions] to control information flows between security domains on connected systems

nist_800_171_rev_2_3_13_5

3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks

nist_800_171_rev_2_3_13_8

3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards

pci_dss_v321_requirement_4_1

4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks

pci_dss_v321_requirement_4_1_a

4.1.a Identify all locations where cardholder data is transmitted or received over open, public networks

pci_dss_v321_requirement_4_1_g

4.1.g For TLS implementations, examine system configurations to verify that TLS is enabled whenever cardholder data is transmitted or received

nydfs_23_500_02_a

500.02(a)

nydfs_23_500_15_a

500.15(a)

pci_dss_v321_requirement_8_2_1

8.2.1 Using strong cryptography, render all authentication credentials (such as passwords/phrases) unreadable during transmission and storage on all system components

pci_dss_v321_requirement_8_2_1_a

8.2.1.a Examine vendor documentation and system configuration settings to verify that passwords are protected with strong cryptography during transmission and storage

nist_800_53_rev_5_ac_24_1

AC-24(1)

nist_800_53_rev_5_ac_4_22

AC-4(22) Access Only

nist_800_53_rev_5_au_9_3

AU-9(3) Cryptographic Protection

rbi_cyber_security_annex_i_1_3

Annex I (1.3)

article_32

Article 32 Security of processing

nist_800_53_rev_4_sc_7

Boundary Protection (SC-7)

fedramp_low_rev_4_sc_7

fedramp_moderate_rev_4_sc_7

nist_800_53_rev_5_ca_9_b

CA-9(b)

soc_2_cc_6_1

CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives

soc_2_cc_6_2

CC6.2 Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity

soc_2_cc_6_7

CC6.7 The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity’s objectives

ffiec_d_3_pc_am_b_12

D3.PC.Am.B.12

all_controls_es

Elasticsearch

nist_800_53_rev_5_ac_4

Information Flow Enforcement (AC-4)

nist_800_53_rev_5_pm_17_b

PM-17(b)

nist_csf_pr_ds_2

PR.DS-2

nist_800_53_rev_5_sc_13_a

SC-13(a)

nist_800_53_rev_5_sc_7_4_b

SC-7(4)(b)

nist_800_53_rev_5_sc_7_4_g

SC-7(4)(g)

nist_800_53_rev_4_sc_8_1

SC-8(1) Cryptographic Or Alternate Physical Protection

fedramp_moderate_rev_4_sc_8_1

nist_800_53_rev_5_sc_8_1

SC-8(1) Cryptographic Protection

nist_800_53_rev_5_sc_8_2

SC-8(2) Pre- And Post-Transmission Handling

nist_800_53_rev_5_sc_8_3

SC-8(3) Cryptographic Protection For Message Externals

nist_800_53_rev_5_sc_8_4

SC-8(4) Conceal Or Ramdomize Communications

nist_800_53_rev_5_sc_8_5

SC-8(5) Protected Distribution System

nist_800_53_rev_5_si_1_a_2

SI-1(a)(2)

nist_800_53_rev_5_si_1_c_2

SI-1(c)(2)

nist_800_53_rev_5_sc_23

Session Authenticity (SC-23)

fedramp_moderate_rev_4_sc_23

nist_800_53_rev_5_sc_8

Transmission Confidentiality And Integrity (SC-8)

nist_800_53_rev_4_sc_8

fedramp_moderate_rev_4_sc_8

Transmission Integrity (SC-8)

cisa_cyber_essentials_your_data_2

Your Data-2

cisa_cyber_essentials_your_systems_3

Your Systems-3

Elasticsearch domain node-to-node encryption should be enabled

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: Elasticsearch domain node-to-node encryption should be enabled

Description

Usage

SQL

Tags