aws_compliance

Ensure the GitHub or Bitbucket source repository URL does not contain personal access tokens, user name and password within AWS Codebuild project environments.

codebuild_project_source_repo_oauth_configured

pci_dss_v40_requirement_1_2_8

1.2.8: Configuration files for NSCs are secured from unauthorized access and are kept consistent with active network configurations

pci_dss_v40_requirement_1_3_1

1.3.1: Inbound traffic to the CDE is restricted as follows: To only traffic that is necessary, All other traffic is specifically denied

pci_dss_v40_requirement_1_3_2

1.3.2: Outbound traffic from the CDE is restricted as follows: To only traffic that is necessary, All other traffic is specifically denied

pci_dss_v40_requirement_1_4_2

1.4.2: Inbound traffic from untrusted networks to trusted networks is restricted

pci_dss_v40_requirement_1_5_1

1.5.1 Security controls are implemented on any computing devices, including company- and employee-owned devices, that connect to both untrusted networks

hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_b

164.308(a)(1)(ii)(B) Risk management

hipaa_security_rule_2003_164_308_a_1_ii_b

hipaa_final_omnibus_security_rule_2013_164_308_a_3_i

164.308(a)(3)(i) Workforce security

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_c

164.308(a)(4)(ii)(C) Access establishment and modification

hipaa_final_omnibus_security_rule_2013_164_312_a_1

164.312(a)(1) Access control

nydfs_23_500_08_a

500.08(a)

pci_dss_v321_requirement_6_3_1

6.3.1 Examine written software-development procedures and interview responsible personnel to verify that pre-production and/or custom application accounts, user IDs and/or passwords are removed before an application goes into production or is released to customers

pci_dss_v321_requirement_6_3_a

6.3.a Examine written software-development processes to verify that the processes are based on industry standards and/or best practices

pci_dss_v321_requirement_6_3_b

6.3.b Examine written software-development processes to verify that information security is included throughout the life cycle

pci_dss_v321_requirement_6_3_c

6.3.c Examine written software-development processes to verify that software applications are developed in accordance with PCI DSS

pci_dss_v321_requirement_8_2_1

8.2.1 Using strong cryptography, render all authentication credentials (such as passwords/phrases) unreadable during transmission and storage on all system components

pci_dss_v40_appendix_a1_1_3

A1.1.3: Controls are implemented such that each customer can only access resources allocated to them

acsc_essential_eight_ml_1_5_3

ACSC-EE-ML1-5.3: Restrict administrative privileges ML1

acsc_essential_eight_ml_1_5_4

ACSC-EE-ML1-5.4: Restrict administrative privileges ML1

acsc_essential_eight_ml_1_5_5

ACSC-EE-ML1-5.5: Restrict administrative privileges ML1

acsc_essential_eight_ml_1_8_5

ACSC-EE-ML1-8.5: Regular backups ML1

acsc_essential_eight_ml_1_8_6

ACSC-EE-ML1-8.6: Regular backups ML1

acsc_essential_eight_ml_2_5_5

ACSC-EE-ML2-5.5: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_6

ACSC-EE-ML2-5.6: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_7

ACSC-EE-ML2-5.7: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_8

ACSC-EE-ML2-5.8: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_9

ACSC-EE-ML2-5.9: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_8_5

ACSC-EE-ML2-8.5: Regular backups ML2

acsc_essential_eight_ml_2_8_7

ACSC-EE-ML2-8.7: Regular backups ML2

acsc_essential_eight_ml_3_5_11

ACSC-EE-ML3-5.11: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_6

ACSC-EE-ML3-5.6: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_7

ACSC-EE-ML3-5.7: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_8

ACSC-EE-ML3-5.8: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_9

ACSC-EE-ML3-5.9: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_8_5

ACSC-EE-ML3-8.5: Regular backups ML3

acsc_essential_eight_ml_3_8_7

ACSC-EE-ML3-8.7: Regular backups ML3

soc_2_cc_7_2

CC7.2 The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity's ability to meet its objectives; anomalies are analyzed to determine whether they represent security events

soc_2_cc_8_1

CC8.1 The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives

all_controls_codebuild

CodeBuild

ffiec_d_3_pc_se_b_1

D3.PC.Se.B.1

nist_csf_de_ae_5

DE.AE-5

nist_csf_pr_ds_5

PR.DS-5

nist_csf_pr_ip_2

PR.IP-2

fedramp_moderate_rev_4_sa_3_a

SA-3(a)

fedramp_low_rev_4_sa_3

System Development Life Cycle (SA-3)

nist_800_53_rev_4_sa_3

cisa_cyber_essentials_your_systems_3

Your Systems-3

CodeBuild GitHub or Bitbucket source repository URLs should use OAuth

foundational_security_codebuild_1

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: CodeBuild GitHub or Bitbucket source repository URLs should use OAuth

Description

Usage

SQL

Tags