aws_compliance

AWS Compliance

This control checks if default ports for SSH/RDP ingress traffic for network access control lists (NACLs) is unrestricted. The rule fails if a NACL inbound entry allows a source CIDR block of '0.0.0.0/0' or '::/0' for ports 22 or 3389.

vpc_network_acl_remote_administration

pci_dss_v321_requirement_1_2_1_a

1.2.1.a Examine firewall and router configuration standards to verify that they identify inbound and outbound traffic necessary for the cardholder data environment

pci_dss_v321_requirement_1_2_1_b

1.2.1.b Examine firewall and router configurations to verify that inbound and outbound traffic is limited to that which is necessary for the cardholder data environment

pci_dss_v321_requirement_1_2_1_c

1.2.1.c Examine firewall and router configurations to verify that all other inbound and outbound traffic is specifically denied, for example by using an explicit “deny all” or an implicit deny after allow statement

pci_dss_v321_requirement_1_2_3_b

1.2.3.b Verify that the firewalls deny or, if traffic is necessary for business purposes, permit only authorized traffic between the wireless environment and the cardholder data environment

pci_dss_v321_requirement_1_3_2

1.3.2 Limit inbound Internet traffic to IP addresses within the DMZ

nist_800_172_3_1_3_e

3.1.3e Employ [Assignment: organization-defined secure information transfer solutions] to control information flows between security domains on connected systems

nist_800_172_3_13_4_e

3.13.4e Employ [Selection: (one or more): [Assignment: organization-defined physical isolation techniques]; [Assignment: organization-defined logical isolation techniques]] in organizational systems and system components

nist_csf_de_ae_1

DE.AE-1

nist_csf_pr_ac_3

PR.AC-3

nist_csf_pr_ac_5

PR.AC-5

nist_csf_pr_pt_4

PR.PT-4

all_controls_vpc

Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389

Description

Usage

SQL

Tags