aws_compliance

This control checks if ECS containers are limited to read-only access to mounted root filesystems. This control fails if the ReadonlyRootFilesystem parameter in the container definition of ECS task definitions is set to false.

ecs_task_definition_container_readonly_root_filesystem

pci_dss_v40_requirement_10_3_2

10.3.2: Audit log files are protected to prevent modifications by individuals

pci_dss_v40_requirement_10_6_3

10.6.3: Time synchronization settings and data are protected

pci_dss_v40_requirement_3_5_1_3

3.5.1.3: If disk-level or partition-level encryption is used (rather than file-, column-, or field-level database encryption) to render PAN unreadable

pci_dss_v40_requirement_7_2_1

7.2.1: An access control model is defined and includes granting access

pci_dss_v40_requirement_7_2_2

7.2.2: Access is assigned to users, including privileged users

pci_dss_v40_requirement_7_2_5

7.2.5: All application and system accounts and related access privileges are assigned and managed

pci_dss_v40_requirement_7_2_6

7.2.6: All user access to query repositories of stored cardholder data

pci_dss_v40_requirement_7_3_1

7.3.1: An access control system(s) is in place that restricts access based on a user's need to know and covers all system components

pci_dss_v40_requirement_7_3_2

7.3.2: The access control system(s) is configured to enforce permissions assigned to individuals, applications, and systems based on job classification and function

pci_dss_v40_requirement_7_3_3

7.3.3: The access control system(s) is set to “deny all” by default

pci_dss_v40_requirement_8_2_7

8.2.7: Accounts used by third parties to access, support, or maintain system components via remote access are managed

pci_dss_v40_requirement_8_2_8

8.2.8: If a user session has been idle for more than 15 minutes, the user is required to re-authenticate to re-activate the terminal or session

pci_dss_v40_requirement_8_3_4

8.3.4: Invalid authentication attempts are limited

pci_dss_v40_appendix_a1_1_2

A1.1.2: Controls are implemented such that each customer only has permission to access its own cardholder data and CDE

pci_dss_v40_appendix_a3_4_1

A3.4.1: User accounts and access privileges to inscope system components are reviewed at least once every six months to ensure user accounts and access privileges remain appropriate based on job function, and that all access is authorized

acsc_essential_eight_ml_1_8_5

ACSC-EE-ML1-8.5: Regular backups ML1

acsc_essential_eight_ml_1_8_6

ACSC-EE-ML1-8.6: Regular backups ML1

acsc_essential_eight_ml_2_5_2

ACSC-EE-ML2-5.2: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_3

ACSC-EE-ML2-5.3: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_8_5

ACSC-EE-ML2-8.5: Regular backups ML2

acsc_essential_eight_ml_2_8_6

ACSC-EE-ML2-8.6: Regular backups ML2

acsc_essential_eight_ml_2_8_7

ACSC-EE-ML2-8.7: Regular backups ML2

acsc_essential_eight_ml_2_8_8

ACSC-EE-ML2-8.8: Regular backups ML2

acsc_essential_eight_ml_3_5_2

ACSC-EE-ML3-5.2: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_3

ACSC-EE-ML3-5.3: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_4

ACSC-EE-ML3-5.4: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_8_5

ACSC-EE-ML3-8.5: Regular backups ML3

acsc_essential_eight_ml_3_8_6

ACSC-EE-ML3-8.6: Regular backups ML3

acsc_essential_eight_ml_3_8_7

ACSC-EE-ML3-8.7: Regular backups ML3

acsc_essential_eight_ml_3_8_8

ACSC-EE-ML3-8.8: Regular backups ML3

all_controls_ecs

nist_csf_pr_ac_1

PR.AC-1

nist_csf_pr_ac_4

PR.AC-4

nist_csf_v2_pr_ps_05

PR.PS-05

ECS containers should be limited to read-only access to root filesystems

foundational_security_ecs_5

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: ECS containers should be limited to read-only access to root filesystems

Description

Usage

SQL

Tags