aws_compliance

AWS Compliance

AWS GuardDuty can help to monitor and detect potential cybersecurity events by using threat intelligence feeds.

guardduty_enabled

cis_controls_v8_ig1_1_2

1.2 Address Unauthorized Assets

cis_controls_v8_ig1_10_1

10.1 Deploy and Maintain Anti-Malware Software

cis_controls_v8_ig1_10_2

10.2 Configure Automatic Anti-Malware Signature Updates

gxp_21_cfr_part_11_11_300_d

11.300(d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management

pci_dss_v321_requirement_11_4

11.4 Use intrusion-detection and/or intrusion-prevention techniques to detect and/or prevent intrusions into the network

pci_dss_v321_requirement_11_4_a

11.4.a Examine system configurations and network diagrams to verify that techniques (such as intrusion-detection systems and/or intrusion-prevention systems) are in place to monitor all traffic at the perimeter of the cardholder data environment and at critical points in the cardholder data environment

pci_dss_v321_requirement_11_4_b

11.4.b Examine system configurations and interview responsible personnel to confirm intrusion-detection and/or intrusion-prevention techniques alert personnel of suspected compromises

pci_dss_v321_requirement_11_4_c

11.4.c Examine IDS/IPS configurations and vendor documentation to verify intrusion-detection and/or intrusion- prevention techniques are configured, maintained, and updated per vendor instructions to ensure optimal protection

gxp_eu_annex_11_operational_phase_13

13 Incident Management

hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_a

164.308(a)(1)(ii)(A) Risk analysis

hipaa_security_rule_2003_164_308_a_1_ii_a

hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_d

164.308(a)(1)(ii)(D) Information system activity review

hipaa_security_rule_2003_164_308_a_1_ii_d

hipaa_security_rule_2003_164_308_a_3_ii_a

164.308(a)(3)(ii)(A) Authorization and/or supervision

hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_a

hipaa_security_rule_2003_164_308_a_5_ii_c

164.308(a)(5)(ii)(C) Log-in monitoring

hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_c

hipaa_security_rule_2003_164_308_a_6_i

164.308(a)(6)(i) Security incident procedures

hipaa_final_omnibus_security_rule_2013_164_308_a_6_i

hipaa_security_rule_2003_164_308_a_6_ii

164.308(a)(6)(ii) Response and Reporting

hipaa_final_omnibus_security_rule_2013_164_308_a_6_ii

164.308(a)(6)(ii) Response and reporting

hipaa_security_rule_2003_164_308_a_8

164.308(a)(8) Evaluation

hipaa_final_omnibus_security_rule_2013_164_308_a_8

hipaa_security_rule_2003_164_312_b

164.312(b) Audit controls

hipaa_final_omnibus_security_rule_2013_164_312_b

hipaa_final_omnibus_security_rule_2013_164_312_e_2_i

164.312(e)(2)(i) Integrity controls

hipaa_security_rule_2003_164_312_e_2_i

nist_800_171_rev_2_3_1_12

3.1.12 Monitor and control remote access sessions

rbi_itf_nbfc_3_1_g

3.1.g Incident Management

nist_800_172_3_11_1_e

3.11.1e Employ [Assignment: organization-defined sources of threat intelligence] as part of a risk assessment to guide and inform the development of organizational systems, security architectures, selection of security solutions, monitoring, threat hunting, and response and recovery activities 

nist_800_171_rev_2_3_11_2

3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified

nist_800_172_3_11_2_e

3.11.2e Conduct cyber threat hunting activities [Selection (one or more): [Assignment: organizationdefined frequency]; [Assignment: organization-defined event]] to search for indicators of compromise in [Assignment: organization-defined systems] and detect, track, and disrupt threats that evade existing controls

nist_800_171_rev_2_3_11_3

3.11.3 Remediate vulnerabilities in accordance with risk assessments

nist_800_171_rev_2_3_12_1

3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application

nist_800_171_rev_2_3_12_3

3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls

nist_800_171_rev_2_3_12_4

3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems

nist_800_171_rev_2_3_13_1

3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems

nist_800_171_rev_2_3_14_1

3.14.1 Identify, report, and correct system flaws in a timely manner

nist_800_171_rev_2_3_14_2

3.14.2 Provide protection from malicious code at designated locations within organizational systems

nist_800_172_3_14_2_e

3.14.2e Monitor organizational systems and system components on an ongoing basis for anomalous or suspicious behavior

nist_800_171_rev_2_3_14_3

3.14.3 Monitor system security alerts and advisories and take action in response

nist_800_171_rev_2_3_14_4

3.14.4 Update malicious code protection mechanisms when new releases are available

nist_800_171_rev_2_3_14_6

3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks

nist_800_172_3_14_6_e

3.14.6e Use threat indicator information and effective mitigations obtained from [Assignment: organization-defined external organizations] to guide and inform intrusion detection and threat hunting

nist_800_171_rev_2_3_14_7

3.14.7 Identify unauthorized use of organizational systems

nist_800_171_rev_2_3_3_1

3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity

nist_800_171_rev_2_3_3_2

3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions

nist_800_171_rev_2_3_3_4

3.3.4 Alert in the event of an audit logging process failure

nist_800_171_rev_2_3_3_5

3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity

rbi_itf_nbfc_3_5

3.5 Cyber Crisis Management Plan

nist_800_171_rev_2_3_6_1

3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities

nist_800_171_rev_2_3_6_2

3.6.2 Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization

rbi_itf_nbfc_4_4_g

4.4.g Fraud analysis

rbi_itf_nbfc_4_4_h

4.4.h Capacity and performance analysis

rbi_itf_nbfc_4_4_i

4.4.i Incident reporting

nydfs_23_500_02_b_3

500.02(b)(3)

nydfs_23_500_14_a

500.14(a)

cis_controls_v8_ig1_7_1

7.1 Establish and Maintain a Vulnerability Management Process

rbi_itf_nbfc_8_1

8.1 IT Systems

nist_800_53_rev_4_ac_17_1

AC-17(1) Automated Monitoring/Control

fedramp_moderate_rev_4_ac_17_1

fedramp_moderate_rev_4_ac_2_1

AC-2(1) Automated System Account Management

nist_800_53_rev_4_ac_2_1

nist_800_53_rev_4_ac_2_12

AC-2(12) Account Monitoring

nist_800_53_rev_5_ac_2_12_a

AC-2(12)(a)

fedramp_moderate_rev_4_ac_2_12_a

nist_800_53_rev_4_ac_2_4

AC-2(4) Automated Audit Actions

fedramp_moderate_rev_4_ac_2_4

fedramp_moderate_rev_4_ac_2_g

AC-2(g)

nist_800_53_rev_5_ac_3_12_b

AC-3(12)(b)

nist_800_53_rev_5_au_12_3

AU-12(3) Changes By Authorized Individuals

nist_800_53_rev_5_au_14_a

AU-14(a)

nist_800_53_rev_5_au_14_b

AU-14(b)

nist_800_53_rev_5_au_3_1

AU-3(1) Additional Audit Information

nist_800_53_rev_5_au_6_1

AU-6(1) Automated Process Integration

nist_800_53_rev_4_au_6_1

AU-6(1) Process Integration

fedramp_moderate_rev_4_au_6_1_3

AU-6(1)(3)

nist_800_53_rev_4_au_6_3

AU-6(3) Correlate Audit Repositories

nist_800_53_rev_5_au_6_5

AU-6(5) Central Review And Analysis

fedramp_low_rev_4_ac_2

Account Management (AC-2)

nist_800_53_rev_4_ac_2

nist_800_53_rev_5_ca_2_d

CA-2(d)

fedramp_moderate_rev_4_ca_7_a_b

CA-7(a)(b)

nist_800_53_rev_5_ca_7_b

CA-7(b)

soc_2_cc_3_1

CC3.1 COSO Principle 6: The entity specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives

soc_2_cc_3_2

CC3.2 COSO Principle 7: The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed

soc_2_cc_4_2

CC4.2 COSO Principle 17: The entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate

soc_2_cc_6_6

CC6.6 The entity implements logical access security measures to protect against threats from sources outside its system boundaries

soc_2_cc_6_8

CC6.8 The entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity’s objectives

soc_2_cc_7_1

CC7.1 To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities

soc_2_cc_7_2

CC7.2 The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity's ability to meet its objectives; anomalies are analyzed to determine whether they represent security events

soc_2_cc_7_3

CC7.3 The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures

soc_2_cc_7_4

CC7.4 The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate

fedramp_moderate_rev_4_cm_8_3_a

CM-8(3)(a)

nist_800_53_rev_5_cm_8_3_a

nist_800_53_rev_5_ca_7

Continuous Monitoring (CA-7)

fedramp_low_rev_4_ca_7

nist_800_53_rev_4_ca_7

nist_800_53_rev_5_pm_31

Continuous Monitoring Strategy (PM-31)

ffiec_d_1_rm_ra_b_2

D1.RM.RA.B.2

GuardDuty should be enabled

foundational_security_guardduty_1

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: GuardDuty should be enabled

Description

Usage

SQL

Tags