aws_compliance

This control checks if AWS CloudFront distributions are using deprecated SSL protocols for HTTPS communication between CloudFront edge locations and your custom origins. This control fails if a CloudFront distribution has a CustomOriginConfig where OriginSslProtocols includes SSLv3.

cloudfront_distribution_no_deprecated_ssl_protocol

pci_dss_v40_requirement_1_2_5

1.2.5: All services, protocols, and ports allowed are identified, approved, and have a defined business need

gxp_21_cfr_part_11_11_30

11.30 Controls for open systems

pci_dss_v40_requirement_2_2_5

2.2.5: System components cannot be compromised by exploiting insecure services, protocols, or daemons

pci_dss_v40_requirement_2_2_7

2.2.7: All non-console administrative access is encrypted using strong cryptography

pci_dss_v321_requirement_2_3

2.3 Encrypt all non-console administrative access using strong cryptography

pci_dss_v321_requirement_4_1_a

4.1.a Identify all locations where cardholder data is transmitted or received over open, public networks

pci_dss_v321_requirement_4_1_e

4.1.e Examine system configurations to verify that the protocol is implemented to use only secure configurations and does not support insecure versions or configurations

pci_dss_v321_requirement_4_1_f

4.1.f Examine system configurations to verify that the proper encryption strength is implemented for the encryption methodology in use

pci_dss_v321_requirement_4_1_g

4.1.g For TLS implementations, examine system configurations to verify that TLS is enabled whenever cardholder data is transmitted or received

pci_dss_v40_requirement_4_2_1_1

4.2.1.1: An inventory of the entity's trusted keys and certificates used to protect PAN during transmission is maintained

pci_dss_v40_requirement_4_2_1

4.2.1: Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission

gxp_eu_annex_11_operational_phase_7_1

7.1 Data Storage - Damage Protection

pci_dss_v40_requirement_8_3_2

8.3.2: Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components

all_controls_cloudfront

CloudFront

nist_csf_pr_ds_2

PR.DS-2

CloudFront distributions should not use deprecated SSL protocols between edge locations and custom origins

foundational_security_cloudfront_10

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: CloudFront distributions should not use deprecated SSL protocols between edge locations and custom origins

Description

Usage

SQL

Tags