aws_compliance

Ensure that AWS Simple Storage Service (AWS S3) buckets are publicly accessible. This rule is non-compliant if an AWS S3 bucket is not listed in the excludedPublicBuckets parameter and bucket level settings are public.

s3_public_access_block_bucket

pci_dss_v40_requirement_1_2_8

1.2.8: Configuration files for NSCs are secured from unauthorized access and are kept consistent with active network configurations

pci_dss_v40_requirement_1_3_1

1.3.1: Inbound traffic to the CDE is restricted as follows: To only traffic that is necessary, All other traffic is specifically denied

pci_dss_v40_requirement_1_3_2

1.3.2: Outbound traffic from the CDE is restricted as follows: To only traffic that is necessary, All other traffic is specifically denied

pci_dss_v40_requirement_1_4_2

1.4.2: Inbound traffic from untrusted networks to trusted networks is restricted

pci_dss_v40_requirement_1_5_1

1.5.1 Security controls are implemented on any computing devices, including company- and employee-owned devices, that connect to both untrusted networks

pci_dss_v40_requirement_10_3_2

10.3.2: Audit log files are protected to prevent modifications by individuals

pci_dss_v40_requirement_10_3_3

10.3.3: Audit log files, including those for externalfacing technologies, are promptly backed up to a secure, central, internal log server(s) or other media that is difficult to modify

pci_dss_v40_requirement_10_3_4

10.3.4: File integrity monitoring or change-detection mechanisms is used on audit logs to ensure that existing log data cannot be changed without generating alerts

gxp_21_cfr_part_11_11_10_d

11.10(d) Limiting system access to authorized individuals

gxp_21_cfr_part_11_11_10_g

11.10(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand

hipaa_final_omnibus_security_rule_2013_164_308_a_3_i

164.308(a)(3)(i) Workforce security

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_c

164.308(a)(4)(ii)(C) Access establishment and modification

hipaa_final_omnibus_security_rule_2013_164_312_a_1

164.312(a)(1) Access control

hipaa_final_omnibus_security_rule_2013_164_312_e_1

164.312(e)(1) Transmission security

nist_800_171_rev_2_3_1_2

3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute

nist_800_171_rev_2_3_1_3

3.1.3 Control the flow of CUI in accordance with approved authorizations

nist_800_172_3_1_3_e

3.1.3e Employ [Assignment: organization-defined secure information transfer solutions] to control information flows between security domains on connected systems

nist_800_171_rev_2_3_13_1

3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems

nist_800_172_3_13_4_e

3.13.4e Employ [Selection: (one or more): [Assignment: organization-defined physical isolation techniques]; [Assignment: organization-defined logical isolation techniques]] in organizational systems and system components

cis_controls_v8_ig1_3_3

3.3 Configure Data Access Control Lists

pci_dss_v40_requirement_3_5_1_3

3.5.1.3: If disk-level or partition-level encryption is used (rather than file-, column-, or field-level database encryption) to render PAN unreadable

rbi_itf_nbfc_8_I

8.I Basic Security Aspects

pci_dss_v40_appendix_a1_1_2

A1.1.2: Controls are implemented such that each customer only has permission to access its own cardholder data and CDE

pci_dss_v40_appendix_a1_1_3

A1.1.3: Controls are implemented such that each customer can only access resources allocated to them

pci_dss_v40_appendix_a1_2_1

A1.2.1: Audit log capability is enabled for each customer's environment that is consistent

pci_dss_v40_appendix_a3_4_1

A3.4.1: User accounts and access privileges to inscope system components are reviewed at least once every six months to ensure user accounts and access privileges remain appropriate based on job function, and that all access is authorized

fedramp_moderate_rev_4_ac_17_1

AC-17(1) Automated Monitoring/Control

nist_800_53_rev_5_ac_17_1

AC-17(1) Monitoring And Control

nist_800_53_rev_5_ac_17_10

AC-17(10) Authenticate Remote Commands

nist_800_53_rev_5_ac_17_4_a

AC-17(4)(a)

nist_800_53_rev_5_ac_17_9

AC-17(9) Disconnect Or Disable Access

nist_800_53_rev_5_ac_17_b

AC-17(b)

nist_800_53_rev_5_ac_2_6

AC-2(6) Dynamic Privilege Management

fedramp_moderate_rev_4_ac_21_b

AC-21(b)

nist_800_53_rev_5_ac_3_7

AC-3(7) Role-Based Access Control

nist_800_53_rev_5_ac_4_21

AC-4(21) Physical Or Logical Separation Of Infomation Flows

acsc_essential_eight_ml_2_8_6

ACSC-EE-ML2-8.6: Regular backups ML2

acsc_essential_eight_ml_2_8_8

ACSC-EE-ML2-8.8: Regular backups ML2

acsc_essential_eight_ml_3_1_7

ACSC-EE-ML3-1.7: Application control ML3

acsc_essential_eight_ml_3_5_16

ACSC-EE-ML3-5.16: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_7_9

ACSC-EE-ML3-7.9: Multi-factor authentication ML3

acsc_essential_eight_ml_3_8_6

ACSC-EE-ML3-8.6: Regular backups ML3

acsc_essential_eight_ml_3_8_8

ACSC-EE-ML3-8.8: Regular backups ML3

nist_800_53_rev_5_ac_3

Access Enforcement (AC-3)

fedramp_moderate_rev_4_ac_3

fedramp_low_rev_4_ac_3

fedramp_low_rev_4_cm_2

Baseline Configuration (CM-2)

fedramp_low_rev_4_sc_7

Boundary Protection (SC-7)

fedramp_moderate_rev_4_sc_7

fedramp_moderate_rev_4_ac_6

Least Privilege (AC-6)

nist_800_53_rev_5_ac_6

nist_800_53_rev_5_mp_2

Media Access (MP-2)

nist_csf_pr_ac_3

PR.AC-3

nist_csf_pr_ac_4

PR.AC-4

nist_csf_pr_ip_8

PR.IP-8

nist_csf_pr_pt_3

PR.PT-3

fedramp_low_rev_4_ac_17

Remote Access (AC-17)

all_controls_s3

nist_800_53_rev_5_sc_7_11

SC-7(11) Restrict Incoming communications Traffic

nist_800_53_rev_5_sc_7_2

SC-7(2) Public Access

nist_800_53_rev_5_sc_7_20

SC-7(20) Prevent Discovery Of System Components

nist_800_53_rev_5_sc_7_21

SC-7(21) Isolation Of System Components

nist_800_53_rev_5_sc_7_24_b

SC-7(24)(b)

nist_800_53_rev_5_sc_7_25

SC-7(25) Unclassified National Security System Connections

nist_800_53_rev_5_sc_7_26

SC-7(26) Classified National Security System Connections

nist_800_53_rev_5_sc_7_27

SC-7(27) Unclassified Non-National Security System Connections

nist_800_53_rev_5_sc_7_28

SC-7(28) Connections To Public Networks

fedramp_moderate_rev_4_sc_7_3

SC-7(3) Access Points

nist_800_53_rev_5_sc_7_3

nist_800_53_rev_5_sc_7_7

SC-7(7) Split Tunneling For Remote Devices

nist_800_53_rev_5_sc_7_9_a

SC-7(9)(a)

nist_800_53_rev_5_sc_7_a

SC-7(a)

nist_800_53_rev_5_sc_7_b

SC-7(b)

nist_800_53_rev_5_sc_7_c

SC-7(c)

nist_800_53_rev_5_sc_25

Thin Nodes (SC-25)

cisa_cyber_essentials_your_data_2

Your Data-2

cisa_cyber_essentials_your_systems_3

Your Systems-3

S3 public access should be blocked at bucket levels

foundational_security_s3_8

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: S3 public access should be blocked at bucket levels

Description

Usage

SQL

Tags