aws_compliance

Checks if Service Endpoint for the service provided in rule parameter is created for each AWS Virtual Private Cloud (AWS VPC). The rule is non-compliant if an AWS VPC doesn't have an AWS VPC endpoint created for the service.

vpc_configured_to_use_vpc_endpoints

pci_dss_v40_requirement_1_2_8

1.2.8: Configuration files for NSCs are secured from unauthorized access and are kept consistent with active network configurations

pci_dss_v321_requirement_1_3

1.3 Examine firewall and router configurations—including but not limited to the choke router at the Internet, the DMZ router and firewall, the DMZ cardholder segment, the perimeter router, and the internal cardholder network segment—and perform the following to determine that there is no direct access between the Internet and system components in the internal cardholder network segment

pci_dss_v40_requirement_1_3_1

1.3.1: Inbound traffic to the CDE is restricted as follows: To only traffic that is necessary, All other traffic is specifically denied

pci_dss_v40_requirement_1_3_2

1.3.2: Outbound traffic from the CDE is restricted as follows: To only traffic that is necessary, All other traffic is specifically denied

pci_dss_v40_requirement_1_4_2

1.4.2: Inbound traffic from untrusted networks to trusted networks is restricted

pci_dss_v40_requirement_1_5_1

1.5.1 Security controls are implemented on any computing devices, including company- and employee-owned devices, that connect to both untrusted networks

hipaa_final_omnibus_security_rule_2013_164_314_b_1

164.314(b)(1) Requirements for group health plans

hipaa_security_rule_2003_164_314_b_1

hipaa_security_rule_2003_164_314_b_2

164.314(b)(2) Implementation specifications

hipaa_final_omnibus_security_rule_2013_164_314_b_2

hipaa_final_omnibus_security_rule_2013_164_314_b_2_i

164.314(b)(2)(i)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_ii

164.314(b)(2)(ii)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_iii

164.314(b)(2)(iii)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_iv

164.314(b)(2)(iv)

pci_dss_v321_requirement_2_2_2

2.2.2 Enable only necessary services, protocols, daemons, etc., as required for the function of the system

pci_dss_v40_appendix_a1_1_3

A1.1.3: Controls are implemented such that each customer can only access resources allocated to them

nist_csf_pr_ac_3

PR.AC-3

nist_csf_pr_ac_4

PR.AC-4

nist_csf_pr_ac_5

PR.AC-5

nist_csf_pr_ds_5

PR.DS-5

nist_csf_v2_pr_ir_01

PR.IR-01

nist_csf_pr_pt_3

PR.PT-3

nist_csf_pr_pt_4

PR.PT-4

all_controls_vpc

VPC should be configured to use VPC endpoints

foundational_security_ec2_10

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: VPC should be configured to use VPC endpoints

Description

Usage

SQL

Tags