aws_compliance

This control checks whether OpenSearch domains have fine-grained access control enabled. The control fails if the fine-grained access control is not enabled. Fine-grained access control requires advanced-security-optionsin the OpenSearch parameter update-domain-config to be enabled.

opensearch_domain_fine_grained_access_enabled

pci_dss_v40_requirement_10_6_3

10.6.3: Time synchronization settings and data are protected

pci_dss_v321_requirement_7_1_2_a

7.1.2.a Interview personnel responsible for assigning access to verify that access to privileged user IDs is assigned only to roles that specifically require such privileged access and restricted to least privileges necessary to perform job responsibilities

pci_dss_v40_requirement_7_2_1

7.2.1: An access control model is defined and includes granting access

pci_dss_v40_requirement_7_2_2

7.2.2: Access is assigned to users, including privileged users

pci_dss_v40_requirement_7_2_5

7.2.5: All application and system accounts and related access privileges are assigned and managed

pci_dss_v40_requirement_7_2_6

7.2.6: All user access to query repositories of stored cardholder data

pci_dss_v40_requirement_7_3_1

7.3.1: An access control system(s) is in place that restricts access based on a user's need to know and covers all system components

pci_dss_v40_requirement_7_3_2

7.3.2: The access control system(s) is configured to enforce permissions assigned to individuals, applications, and systems based on job classification and function

pci_dss_v40_requirement_7_3_3

7.3.3: The access control system(s) is set to “deny all” by default

pci_dss_v40_requirement_8_2_7

8.2.7: Accounts used by third parties to access, support, or maintain system components via remote access are managed

pci_dss_v40_requirement_8_2_8

8.2.8: If a user session has been idle for more than 15 minutes, the user is required to re-authenticate to re-activate the terminal or session

pci_dss_v40_requirement_8_3_4

8.3.4: Invalid authentication attempts are limited

acsc_essential_eight_ml_1_8_5

ACSC-EE-ML1-8.5: Regular backups ML1

acsc_essential_eight_ml_1_8_6

ACSC-EE-ML1-8.6: Regular backups ML1

acsc_essential_eight_ml_2_5_2

ACSC-EE-ML2-5.2: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_5_3

ACSC-EE-ML2-5.3: Restrict administrative privileges ML2

acsc_essential_eight_ml_2_8_5

ACSC-EE-ML2-8.5: Regular backups ML2

acsc_essential_eight_ml_2_8_7

ACSC-EE-ML2-8.7: Regular backups ML2

acsc_essential_eight_ml_3_5_2

ACSC-EE-ML3-5.2: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_3

ACSC-EE-ML3-5.3: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_5_4

ACSC-EE-ML3-5.4: Restrict administrative privileges ML3

acsc_essential_eight_ml_3_8_5

ACSC-EE-ML3-8.5: Regular backups ML3

acsc_essential_eight_ml_3_8_7

ACSC-EE-ML3-8.7: Regular backups ML3

all_controls_opensearch

OpenSearch

nist_csf_pr_ac_1

PR.AC-1

nist_csf_pr_ac_4

PR.AC-4

nist_csf_pr_pt_3

PR.PT-3

OpenSearch domains should have fine-grained access control enabled

foundational_security_opensearch_7

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: OpenSearch domains should have fine-grained access control enabled

Description

Usage

SQL

Tags