aws_compliance

This control checks if AWS CloudFront distributions are configured to capture information from AWS Simple Storage Service (AWS S3) server access logs. This rule is non-compliant if a CloudFront distribution does not have logging configured.

cloudfront_distribution_logging_enabled

pci_dss_v40_requirement_10_2_1_1

10.2.1.1: Audit logs capture all individual user access to cardholder data

pci_dss_v40_requirement_10_2_1_2

10.2.1.2: Audit logs capture all actions taken by any individual with administrative access, including any interactive use of application or system accounts

pci_dss_v40_requirement_10_2_1_3

10.2.1.3: Audit logs capture all access to audit logs

pci_dss_v40_requirement_10_2_1_4

10.2.1.4: Audit logs capture all invalid logical access attempts

pci_dss_v40_requirement_10_2_1_5

10.2.1.5: Audit logs capture all changes to identification and authentication credentials including, but not limited

pci_dss_v40_requirement_10_2_1_6

10.2.1.6: Records of all changes to audit log activity status are captured

pci_dss_v40_requirement_10_2_1_7

10.2.1.7: Audit logs capture all creation and deletion of system-level objects

pci_dss_v40_requirement_10_2_2

10.2.2: Sufficient data to be able to identify successful and failed attempts and who, what, when, where, and how for each event listed in requirement 10.2.2 are captured

pci_dss_v40_requirement_10_3_1

10.3.1: Read access to audit logs files is limited to those with a job-related need

pci_dss_v40_requirement_10_6_3

10.6.3: Time synchronization settings and data are protected

hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_d

164.308(a)(1)(ii)(D) Information system activity review

hipaa_security_rule_2003_164_308_a_1_ii_d

cis_controls_v8_ig1_8_2

8.2 Collect Audit Logs

pci_dss_v40_appendix_a1_2_1

A1.2.1: Audit log capability is enabled for each customer's environment that is consistent

acsc_essential_eight_ml_2_1_3

ACSC-EE-ML2-1.3: Application control ML2

acsc_essential_eight_ml_2_5_11

ACSC-EE-ML2-5.11: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_12

ACSC-EE-ML2-5.12: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_7_7

ACSC-EE-ML2-7.7: Multi-factor authentication ML2

all_controls_cloudfront

CloudFront

nist_csf_de_ae_1

DE.AE-1

nist_csf_de_ae_3

DE.AE-3

nist_csf_v2_pr_ps_04

PR.PS-04

nist_csf_pr_pt_1

PR.PT-1

CloudFront distributions access logs should be enabled

foundational_security_cloudfront_5

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: CloudFront distributions access logs should be enabled

Description

Usage

SQL

Tags