aws_compliance

AWS Compliance

Checks if CloudWatch alarms have an action configured for the ALARM, INSUFFICIENT_DATA, or OK state. Optionally checks if any actions match a named ARN. The rule is non-compliant if there is no action specified for the alarm or optional parameter.

cloudwatch_alarm_action_enabled

gxp_eu_annex_11_operational_phase_13

13 Incident Management

hipaa_security_rule_2003_164_308_a_6_i

164.308(a)(6)(i) Security incident procedures

hipaa_final_omnibus_security_rule_2013_164_308_a_6_i

hipaa_final_omnibus_security_rule_2013_164_312_b

164.312(b) Audit controls

nist_800_171_rev_2_3_12_1

3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application

nist_800_171_rev_2_3_12_3

3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls

nist_800_171_rev_2_3_12_4

3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems

nist_800_172_3_14_2_e

3.14.2e Monitor organizational systems and system components on an ongoing basis for anomalous or suspicious behavior

nist_800_171_rev_2_3_6_1

3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities

nist_800_171_rev_2_3_6_2

3.6.2 Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization

nist_800_53_rev_4_ac_2_4

AC-2(4) Automated Audit Actions

fedramp_moderate_rev_4_ac_2_4

acsc_essential_eight_ml_3_1_8

ACSC-EE-ML3-1.8: Application control ML3

acsc_essential_eight_ml_3_4_18

ACSC-EE-ML3-4.18: User application hardening ML3

acsc_essential_eight_ml_3_5_17

ACSC-EE-ML3-5.17: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_7_10

ACSC-EE-ML3-7.10: Multi-factor authentication ML3

nist_800_53_rev_5_au_12_3

AU-12(3) Changes By Authorized Individuals

nist_800_53_rev_5_au_14_a

AU-14(a)

nist_800_53_rev_5_au_14_b

AU-14(b)

nist_800_53_rev_5_au_6_1

AU-6(1) Automated Process Integration

nist_800_53_rev_4_au_6_1

AU-6(1) Process Integration

fedramp_moderate_rev_4_au_6_1_3

AU-6(1)(3)

nist_800_53_rev_4_au_6_3

AU-6(3) Correlate Audit Repositories

nist_800_53_rev_5_au_6_5

AU-6(5) Central Review And Analysis

nist_800_53_rev_4_au_7_1

AU-7(1) Automatic Processing

fedramp_moderate_rev_4_au_7_1

fedramp_low_rev_4_ac_2

Account Management (AC-2)

nist_800_53_rev_5_ca_2_2

CA-2(2) Specialized Assessments

fedramp_moderate_rev_4_ca_7_a_b

CA-7(a)(b)

nist_800_53_rev_5_ca_7_b

CA-7(b)

soc_2_cc_7_2

CC7.2 The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity's ability to meet its objectives; anomalies are analyzed to determine whether they represent security events

soc_2_cc_7_3

CC7.3 The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures

soc_2_cc_7_4

CC7.4 The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate

all_controls_cloudwatch

CloudWatch

nist_800_53_rev_5_ca_7

Continuous Monitoring (CA-7)

fedramp_low_rev_4_ca_7

nist_800_53_rev_4_ca_7

nist_800_53_rev_5_pm_31

Continuous Monitoring Strategy (PM-31)

ffiec_d_5_dr_de_b_1

D5.DR.De.B.1

ffiec_d_5_dr_de_b_3

D5.DR.De.B.3

nist_csf_de_ae_5

DE.AE-5

nist_csf_de_cm_2

DE.CM-2

nist_csf_de_cm_5

DE.CM-5

nist_csf_de_dp_4

DE.DP-4

nist_csf_id_ra_1

ID.RA-1

nist_csf_id_ra_5

ID.RA-5

nist_csf_id_sc_4

ID.SC-4

nist_800_53_rev_4_ir_4_1

IR-4(1) Automated Incident Handling Processes

fedramp_moderate_rev_4_ir_4_1

fedramp_low_rev_4_ir_4

Incident Handling (IR-4)

nist_800_53_rev_4_si_4

Information System Monitoring (SI-4)

nist_800_53_rev_5_pm_14_a_1

PM-14(a)(1)

nist_800_53_rev_5_pm_14_b

PM-14(b)

nist_800_53_rev_5_sc_36_1_a

SC-36(1)(a)

nist_800_53_rev_5_si_2_a

SI-2(a)

nist_800_53_rev_5_si_4_12

SI-4(12) Automated Organization-Generated Alerts

fedramp_moderate_rev_4_si_4_2

SI-4(2) Automated Tools For Real-Time Analysis

nist_800_53_rev_4_si_4_2

nist_800_53_rev_4_si_4_4

SI-4(4) Inbound and Outbound Communications Traffic

fedramp_moderate_rev_4_si_4_4

nist_800_53_rev_4_si_4_5

SI-4(5) System-Generated Alerts

fedramp_moderate_rev_4_si_4_5

fedramp_moderate_rev_4_si_4_a_b_c

SI-4(a)(b)(c)

nist_800_53_rev_5_si_5_1

SI-5(1) Automated Alerts And Advisories

nist_800_53_rev_5_si_5_b

SI-5(b)

CloudWatch alarm should have an action configured

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: CloudWatch alarm should have an action configured

Description

Usage

SQL

Tags