aws_compliance

Ensure that there are public routes in the route table to an Internet Gateway (IGW). The rule is non-compliant if a route to an IGW has a destination CIDR block of '0.0.0.0/0' or '::/0'.

vpc_route_table_restrict_public_access_to_igw

pci_dss_v321_requirement_1_2_1_a

1.2.1.a Examine firewall and router configuration standards to verify that they identify inbound and outbound traffic necessary for the cardholder data environment

pci_dss_v321_requirement_1_2_1_b

1.2.1.b Examine firewall and router configurations to verify that inbound and outbound traffic is limited to that which is necessary for the cardholder data environment

pci_dss_v321_requirement_1_2_1_c

1.2.1.c Examine firewall and router configurations to verify that all other inbound and outbound traffic is specifically denied, for example by using an explicit “deny all” or an implicit deny after allow statement

pci_dss_v321_requirement_1_2_3_b

1.2.3.b Verify that the firewalls deny or, if traffic is necessary for business purposes, permit only authorized traffic between the wireless environment and the cardholder data environment

pci_dss_v40_requirement_1_2_8

1.2.8: Configuration files for NSCs are secured from unauthorized access and are kept consistent with active network configurations

pci_dss_v40_requirement_1_3_1

1.3.1: Inbound traffic to the CDE is restricted as follows: To only traffic that is necessary, All other traffic is specifically denied

pci_dss_v321_requirement_1_3_2

1.3.2 Limit inbound Internet traffic to IP addresses within the DMZ

pci_dss_v40_requirement_1_3_2

1.3.2: Outbound traffic from the CDE is restricted as follows: To only traffic that is necessary, All other traffic is specifically denied

pci_dss_v40_requirement_1_4_1

1.4.1: NSCs are implemented between trusted and untrusted networks

pci_dss_v40_requirement_1_4_2

1.4.2: Inbound traffic from untrusted networks to trusted networks is restricted

pci_dss_v40_requirement_1_4_4

1.4.4: System components that store cardholder data are not directly accessible from untrusted networks

pci_dss_v40_requirement_1_5_1

1.5.1 Security controls are implemented on any computing devices, including company- and employee-owned devices, that connect to both untrusted networks

gxp_21_cfr_part_11_11_10_d

11.10(d) Limiting system access to authorized individuals

gxp_21_cfr_part_11_11_10_g

11.10(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand

hipaa_final_omnibus_security_rule_2013_164_312_e_1

164.312(e)(1) Transmission security

nist_800_171_rev_2_3_1_2

3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute

nist_800_171_rev_2_3_1_3

3.1.3 Control the flow of CUI in accordance with approved authorizations

nist_800_172_3_1_3_e

3.1.3e Employ [Assignment: organization-defined secure information transfer solutions] to control information flows between security domains on connected systems

nist_800_171_rev_2_3_13_1

3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems

nist_800_172_3_13_4_e

3.13.4e Employ [Selection: (one or more): [Assignment: organization-defined physical isolation techniques]; [Assignment: organization-defined logical isolation techniques]] in organizational systems and system components

nydfs_23_500_02_b_2

500.02(b)(2)

nydfs_23_500_07

500.07 Access Privileges and Management

pci_dss_v40_appendix_a1_1_3

A1.1.3: Controls are implemented such that each customer can only access resources allocated to them

fedramp_moderate_rev_4_ac_21_b

AC-21(b)

nist_800_53_rev_5_ac_4_21

AC-4(21) Physical Or Logical Separation Of Infomation Flows

rbi_cyber_security_annex_i_1_3

Annex I (1.3)

fedramp_moderate_rev_4_cm_2

Baseline Configuration (CM-2)

fedramp_low_rev_4_cm_2

nist_800_53_rev_5_cm_7_b

CM-7(b)

ffiec_d_3_pc_im_b_1

D3.PC.Im.B.1

nist_csf_de_ae_1

DE.AE-1

fedramp_moderate_rev_4_sc_4

Information In Shared Resources (SC-4)

nist_csf_pr_ac_3

PR.AC-3

nist_csf_pr_ac_5

PR.AC-5

nist_csf_pr_pt_4

PR.PT-4

all_controls_vpc

cisa_cyber_essentials_your_systems_3

Your Systems-3

VPC route table should restrict public access to IGW

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: VPC route table should restrict public access to IGW

Description

Usage

SQL

Tags