aws_compliance

Ensure authentication credentials AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY do not exist within AWS CodeBuild project environments. Do not store these variables in clear text. Storing these variables in clear text leads to unintended data exposure and unauthorized access.

codebuild_project_plaintext_env_variables_no_sensitive_aws_values

hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_b

164.308(a)(1)(ii)(B) Risk management

hipaa_security_rule_2003_164_308_a_1_ii_b

hipaa_final_omnibus_security_rule_2013_164_308_a_3_i

164.308(a)(3)(i) Workforce security

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_c

164.308(a)(4)(ii)(C) Access establishment and modification

hipaa_final_omnibus_security_rule_2013_164_312_a_1

164.312(a)(1) Access control

nydfs_23_500_08_a

500.08(a)

pci_dss_v321_requirement_6_3_1

6.3.1 Examine written software-development procedures and interview responsible personnel to verify that pre-production and/or custom application accounts, user IDs and/or passwords are removed before an application goes into production or is released to customers

pci_dss_v321_requirement_6_3_a

6.3.a Examine written software-development processes to verify that the processes are based on industry standards and/or best practices

pci_dss_v321_requirement_6_3_b

6.3.b Examine written software-development processes to verify that information security is included throughout the life cycle

pci_dss_v321_requirement_6_3_c

6.3.c Examine written software-development processes to verify that software applications are developed in accordance with PCI DSS

pci_dss_v321_requirement_8_2_1

8.2.1 Using strong cryptography, render all authentication credentials (such as passwords/phrases) unreadable during transmission and storage on all system components

pci_dss_v40_requirement_8_2_2

8.2.2: Group, shared, or generic IDs, or other shared authentication credentials are only used when necessary on an exception basis, and are managed

pci_dss_v40_requirement_8_3_2

8.3.2: Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components

soc_2_cc_7_2

CC7.2 The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity's ability to meet its objectives; anomalies are analyzed to determine whether they represent security events

soc_2_cc_8_1

CC8.1 The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives

all_controls_codebuild

CodeBuild

ffiec_d_3_pc_se_b_1

D3.PC.Se.B.1

nist_800_53_rev_4_ia_5_7

IA-5(7) No Embedded Unencrypted Static Authenticators

fedramp_moderate_rev_4_ia_5_7

fedramp_moderate_rev_4_ac_6

Least Privilege (AC-6)

nist_800_53_rev_4_ac_6

nist_csf_pr_ds_5

PR.DS-5

nist_csf_pr_ip_2

PR.IP-2

fedramp_moderate_rev_4_sa_3_a

SA-3(a)

fedramp_low_rev_4_sa_3

System Development Life Cycle (SA-3)

nist_800_53_rev_4_sa_3

cisa_cyber_essentials_your_systems_3

Your Systems-3

CodeBuild project plaintext environment variables should not contain sensitive AWS values

foundational_security_codebuild_2

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: CodeBuild project plaintext environment variables should not contain sensitive AWS values

Description

Usage

SQL

Tags