aws_compliance

AWS Compliance

Manage access to resources in the AWS Cloud by only allowing authorized users, processes, and devices access to AWS Simple Storage Service (AWS S3) buckets.

s3_bucket_restrict_public_read_access

pci_dss_v321_requirement_1_2_1_a

1.2.1.a Examine firewall and router configuration standards to verify that they identify inbound and outbound traffic necessary for the cardholder data environment

pci_dss_v321_requirement_1_2_1_b

1.2.1.b Examine firewall and router configurations to verify that inbound and outbound traffic is limited to that which is necessary for the cardholder data environment

pci_dss_v321_requirement_1_2_1_c

1.2.1.c Examine firewall and router configurations to verify that all other inbound and outbound traffic is specifically denied, for example by using an explicit “deny all” or an implicit deny after allow statement

pci_dss_v321_requirement_1_3

1.3 Examine firewall and router configurations—including but not limited to the choke router at the Internet, the DMZ router and firewall, the DMZ cardholder segment, the perimeter router, and the internal cardholder network segment—and perform the following to determine that there is no direct access between the Internet and system components in the internal cardholder network segment

pci_dss_v321_requirement_1_3_1

1.3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports

pci_dss_v321_requirement_1_3_2

1.3.2 Limit inbound Internet traffic to IP addresses within the DMZ

pci_dss_v321_requirement_1_3_4

1.3.4 Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet

pci_dss_v321_requirement_1_3_6

1.3.6 Examine firewall and router configurations to verify that system components that store cardholder data are on an internal network zone, segregated from the DMZ and other untrusted networks

gxp_21_cfr_part_11_11_10_c

11.10(c) Protection of records to enable their accurate and ready retrieval throughout the records retention period

gxp_21_cfr_part_11_11_10_d

11.10(d) Limiting system access to authorized individuals

gxp_21_cfr_part_11_11_10_g

11.10(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand

gxp_21_cfr_part_11_11_10_k

11.10(k) Use of appropriate controls over systems documentation that includes adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance

hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_b

164.308(a)(1)(ii)(B) Risk management

hipaa_security_rule_2003_164_308_a_1_ii_b

hipaa_security_rule_2003_164_308_a_3_i

164.308(a)(3)(i) Workforce security

hipaa_final_omnibus_security_rule_2013_164_308_a_3_i

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_c

164.308(a)(4)(ii)(C) Access establishment and modification

hipaa_final_omnibus_security_rule_2013_164_312_a_1

164.312(a)(1) Access control

hipaa_security_rule_2003_164_312_a_1

hipaa_final_omnibus_security_rule_2013_164_312_a_2_i

164.312(a)(2)(i) Unique user identification

hipaa_security_rule_2003_164_312_a_2_i

hipaa_final_omnibus_security_rule_2013_164_312_e_1

164.312(e)(1) Transmission security

hipaa_final_omnibus_security_rule_2013_164_314_b_1

164.314(b)(1) Requirements for group health plans

hipaa_security_rule_2003_164_314_b_1

hipaa_final_omnibus_security_rule_2013_164_314_b_2

164.314(b)(2) Implementation specifications

hipaa_security_rule_2003_164_314_b_2

hipaa_final_omnibus_security_rule_2013_164_314_b_2_i

164.314(b)(2)(i)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_ii

164.314(b)(2)(ii)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_iii

164.314(b)(2)(iii)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_iv

164.314(b)(2)(iv)

pci_dss_v321_requirement_2_2_2

2.2.2 Enable only necessary services, protocols, daemons, etc., as required for the function of the system

nist_800_171_rev_2_3_1_1

3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems)

nist_800_171_rev_2_3_1_2

3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute

nist_800_171_rev_2_3_1_3

3.1.3 Control the flow of CUI in accordance with approved authorizations

nist_800_172_3_1_3_e

3.1.3e Employ [Assignment: organization-defined secure information transfer solutions] to control information flows between security domains on connected systems

nist_800_171_rev_2_3_13_2

3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems

nist_800_172_3_13_4_e

3.13.4e Employ [Selection: (one or more): [Assignment: organization-defined physical isolation techniques]; [Assignment: organization-defined logical isolation techniques]] in organizational systems and system components

nist_800_171_rev_2_3_13_5

3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks

cis_controls_v8_ig1_3_3

3.3 Configure Data Access Control Lists

nist_800_171_rev_2_3_3_8

3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion

nist_800_171_rev_2_3_4_6

3.4.6 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities

audit_manager_control_tower_disallow_public_access_4_1_1

4.1.1 - Disallow public read access to S3 buckets

cis_controls_v8_ig1_4_6

4.6 Securely Manage Enterprise Assets and Software

nydfs_23_500_02_b_2

500.02(b)(2)

nydfs_23_500_07

500.07 Access Privileges and Management

pci_dss_v321_requirement_7_2_1

7.2.1 Confirm that access control systems are in place on all system components

rbi_itf_nbfc_8_I

8.I Basic Security Aspects

fedramp_moderate_rev_4_ac_17_1

AC-17(1) Automated Monitoring/Control

nist_800_53_rev_5_ac_17_1

AC-17(1) Monitoring And Control

nist_800_53_rev_5_ac_17_10

AC-17(10) Authenticate Remote Commands

nist_800_53_rev_5_ac_17_4_a

AC-17(4)(a)

nist_800_53_rev_5_ac_17_9

AC-17(9) Disconnect Or Disable Access

nist_800_53_rev_5_ac_17_b

AC-17(b)

nist_800_53_rev_5_ac_2_6

AC-2(6) Dynamic Privilege Management

fedramp_moderate_rev_4_ac_21_b

AC-21(b)

nist_800_53_rev_5_ac_3_7

AC-3(7) Role-Based Access Control

nist_800_53_rev_5_ac_4_21

AC-4(21) Physical Or Logical Separation Of Infomation Flows

acsc_essential_eight_ml_2_8_6

ACSC-EE-ML2-8.6: Regular backups ML2

acsc_essential_eight_ml_2_8_8

ACSC-EE-ML2-8.8: Regular backups ML2

acsc_essential_eight_ml_3_8_6

ACSC-EE-ML3-8.6: Regular backups ML3

acsc_essential_eight_ml_3_8_8

ACSC-EE-ML3-8.8: Regular backups ML3

fedramp_low_rev_4_ac_3

Access Enforcement (AC-3)

nist_800_53_rev_4_ac_3

nist_800_53_rev_5_ac_3

fedramp_moderate_rev_4_ac_3

rbi_cyber_security_annex_i_1_3

Annex I (1.3)

fedramp_moderate_rev_4_cm_2

Baseline Configuration (CM-2)

fedramp_low_rev_4_cm_2

fedramp_low_rev_4_sc_7

Boundary Protection (SC-7)

nist_800_53_rev_4_sc_7

fedramp_moderate_rev_4_sc_7

soc_2_cc_6_1

CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives

soc_2_cc_6_2

CC6.2 Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity

soc_2_cc_6_6

CC6.6 The entity implements logical access security measures to protect against threats from sources outside its system boundaries

nist_800_53_rev_5_cm_6_a

CM-6(a)

nist_800_53_rev_5_cm_9_b

CM-9(b)

ffiec_d_3_pc_im_b_1

D3.PC.Im.B.1

nist_800_53_rev_4_ac_4

Information Flow Enforcement (AC-4)

fedramp_moderate_rev_4_ac_4

fedramp_moderate_rev_4_sc_4

Information In Shared Resources (SC-4)

nist_800_53_rev_4_ac_21

Information Sharing (AC-21)

nist_800_53_rev_4_ac_6

Least Privilege (AC-6)

nist_800_53_rev_5_ac_6

fedramp_moderate_rev_4_ac_6

nist_800_53_rev_5_mp_2

Media Access (MP-2)

nist_csf_pr_ac_3

PR.AC-3

nist_csf_pr_ac_4

PR.AC-4

nist_csf_pr_ac_5

PR.AC-5

nist_csf_pr_ds_5

PR.DS-5

nist_csf_pr_ip_8

PR.IP-8

nist_csf_pr_pt_3

PR.PT-3

nist_csf_pr_pt_4

PR.PT-4

fedramp_low_rev_4_ac_17

Remote Access (AC-17)

all_controls_s3

nist_800_53_rev_5_sc_7_11

SC-7(11) Restrict Incoming communications Traffic

nist_800_53_rev_5_sc_7_12

SC-7(12) Host-Based Protection

nist_800_53_rev_5_sc_7_16

SC-7(16) Prevent Discovery Of System Components

nist_800_53_rev_5_sc_7_2

SC-7(2) Public Access

nist_800_53_rev_5_sc_7_20

SC-7(20) Prevent Discovery Of System Components

nist_800_53_rev_5_sc_7_21

SC-7(21) Isolation Of System Components

S3 buckets should prohibit public read access

foundational_security_s3_2

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: S3 buckets should prohibit public read access

Description

Usage

SQL

Tags