aws_compliance

AWS Compliance

Ensure network integrity is protected by ensuring X509 certificates are issued by AWS ACM.

acm_certificate_expires_30_days

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_a

164.308(a)(4)(ii)(A) Isolating healthcare clearing house functions

hipaa_security_rule_2003_164_308_a_4_ii_a

hipaa_security_rule_2003_164_312_e_1

164.312(e)(1) Transmission security

hipaa_final_omnibus_security_rule_2013_164_312_e_1

pci_dss_v321_requirement_2_3

2.3 Encrypt all non-console administrative access using strong cryptography

rbi_itf_nbfc_3_1_i

3.1.i Public Key Infrastructure (PKI)

nist_800_171_rev_2_3_13_1

3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems

nist_800_171_rev_2_3_13_10

3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems

nist_800_171_rev_2_3_13_2

3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems

nist_800_171_rev_2_3_13_8

3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards

pci_dss_v321_requirement_4_1

4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks

pci_dss_v321_requirement_4_1_a

4.1.a Identify all locations where cardholder data is transmitted or received over open, public networks

pci_dss_v321_requirement_4_1_d

4.1.d Examine keys and certificates to verify that only trusted keys and/or certificates are accepted

pci_dss_v321_requirement_4_1_g

4.1.g For TLS implementations, examine system configurations to verify that TLS is enabled whenever cardholder data is transmitted or received

nydfs_23_500_02_a

500.02(a)

nydfs_23_500_15_a

500.15(a)

fedramp_moderate_rev_4_ac_17_2

AC-17(2) Protection Of Confidentiality/Integrity Using Encryption

nist_800_53_rev_4_ac_17_2

all_controls_acm

rbi_cyber_security_annex_i_1_3

Annex I (1.3)

article_32

Article 32 Security of processing

soc_2_cc_6_1

CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives

soc_2_cc_6_2

CC6.2 Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity

soc_2_cc_6_7

CC6.7 The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity’s objectives

fedramp_moderate_rev_4_sc_12

Cryptographic Key Establishment And Management (SC-12)

fedramp_low_rev_4_sc_12

nist_800_53_rev_4_sc_12

ffiec_d_3_pc_im_b_1

D3.PC.Im.B.1

nist_800_53_rev_4_ac_4

Information Flow Enforcement (AC-4)

fedramp_moderate_rev_4_ac_4

nist_csf_pr_ac_5

PR.AC-5

nist_csf_pr_ds_2

PR.DS-2

nist_csf_pr_pt_4

PR.PT-4

fedramp_low_rev_4_ac_17

Remote Access (AC-17)

nist_800_53_rev_5_sc_7_12

SC-7(12) Host-Based Protection

nist_800_53_rev_5_sc_7_16

SC-7(16) Prevent Discovery Of System Components

cisa_cyber_essentials_your_data_2

Your Data-2

ACM certificates should not expire within 30 days

foundational_security_acm_1

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: ACM certificates should not expire within 30 days

Description

Usage

SQL

Tags