Skip to content

Commit

Permalink
CIS AWS BM v3 storage controls
Browse files Browse the repository at this point in the history
  • Loading branch information
@jonrau1
jonrau1 committed Feb 10, 2024
1 parent ae700db commit c06c1ed
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 18 deletions.
6 changes: 4 additions & 2 deletions eeauditor/auditors/aws/AWS_Security_Services_Auditor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -271,7 +271,8 @@ def macie_in_use_check(cache: dict, session, awsAccountId: str, awsRegion: str,
"ISO 27001:2013 A.16.1.1",
"ISO 27001:2013 A.16.1.4",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.4",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.3"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.3",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.1.3"
]
},
"Workflow": {"Status": "RESOLVED"},
Expand Down Expand Up @@ -368,7 +369,8 @@ def macie_in_use_check(cache: dict, session, awsAccountId: str, awsRegion: str,
"ISO 27001:2013 A.16.1.1",
"ISO 27001:2013 A.16.1.4",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.4",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.3"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.3",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.1.3"
]
},
"Workflow": {"Status": "NEW"},
Expand Down
6 changes: 4 additions & 2 deletions eeauditor/auditors/aws/Amazon_EBS_Auditor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1036,7 +1036,8 @@ def ebs_account_encryption_by_default_check(cache: dict, session, awsAccountId:
"AICPA TSC CC6.1",
"ISO 27001:2013 A.8.2.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.2.1",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.2.1"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.2.1",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.2.1"
]
},
"Workflow": {"Status": "NEW"},
Expand Down Expand Up @@ -1094,7 +1095,8 @@ def ebs_account_encryption_by_default_check(cache: dict, session, awsAccountId:
"AICPA TSC CC6.1",
"ISO 27001:2013 A.8.2.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.2.1",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.2.1"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.2.1",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.2.1"
]
},
"Workflow": {"Status": "RESOLVED"},
Expand Down
6 changes: 4 additions & 2 deletions eeauditor/auditors/aws/Amazon_EFS_Auditor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,8 @@ def efs_filesys_encryption_check(cache: dict, session, awsAccountId: str, awsReg
"AICPA TSC CC6.1",
"ISO 27001:2013 A.8.2.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.4.1",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.4.1"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.4.1",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.4.1"
]
},
"Workflow": {"Status": "NEW"},
Expand Down Expand Up @@ -162,7 +163,8 @@ def efs_filesys_encryption_check(cache: dict, session, awsAccountId: str, awsReg
"AICPA TSC CC6.1",
"ISO 27001:2013 A.8.2.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.4.1",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.4.1"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.4.1",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.4.1"
]
},
"Workflow": {"Status": "RESOLVED"},
Expand Down
18 changes: 14 additions & 4 deletions eeauditor/auditors/aws/Amazon_RDS_Auditor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -485,7 +485,8 @@ def rds_instance_public_access_check(cache: dict, session, awsAccountId: str, aw
"ISO 27001:2013 A.14.1.2",
"ISO 27001:2013 A.14.1.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.3.3",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.3"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.3",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.3.2",
]
},
"Workflow": {"Status": "NEW"},
Expand Down Expand Up @@ -602,7 +603,8 @@ def rds_instance_public_access_check(cache: dict, session, awsAccountId: str, aw
"ISO 27001:2013 A.14.1.2",
"ISO 27001:2013 A.14.1.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.3.3",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.3"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.3",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.3.2",
]
},
"Workflow": {"Status": "RESOLVED"},
Expand Down Expand Up @@ -692,6 +694,7 @@ def rds_instance_storage_encryption_check(cache: dict, session, awsAccountId: st
"ISO 27001:2013 A.8.2.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.3.1",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.1",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.3.1",
"CIS AWS Database Services Benchmark V1.0 3.5",
"CIS AWS Database Services Benchmark V1.0 3.11"
]
Expand Down Expand Up @@ -764,6 +767,7 @@ def rds_instance_storage_encryption_check(cache: dict, session, awsAccountId: st
"ISO 27001:2013 A.8.2.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.3.1",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.1",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.3.1",
"CIS AWS Database Services Benchmark V1.0 3.5",
"CIS AWS Database Services Benchmark V1.0 3.11"
],
Expand Down Expand Up @@ -2205,7 +2209,8 @@ def rds_snapshot_public_share_check(cache: dict, session, awsAccountId: str, aws
"ISO 27001:2013 A.14.1.2",
"ISO 27001:2013 A.14.1.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.3.3",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.3"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.3",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.3.2",
]
},
"Workflow": {"Status": "NEW"},
Expand Down Expand Up @@ -2314,7 +2319,8 @@ def rds_snapshot_public_share_check(cache: dict, session, awsAccountId: str, aws
"ISO 27001:2013 A.14.1.2",
"ISO 27001:2013 A.14.1.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.3.3",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.3"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.3",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.3.2",
]
},
"Workflow": {"Status": "RESOLVED"},
Expand Down Expand Up @@ -2573,6 +2579,7 @@ def rds_aurora_cluster_encryption_check(cache: dict, session, awsAccountId: str,
"ISO 27001:2013 A.8.2.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.3.1",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.1",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.3.1",
"CIS AWS Database Services Benchmark V1.0 2.3"
]
},
Expand Down Expand Up @@ -2646,6 +2653,7 @@ def rds_aurora_cluster_encryption_check(cache: dict, session, awsAccountId: str,
"ISO 27001:2013 A.8.2.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.3.1",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.1",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.3.1",
"CIS AWS Database Services Benchmark V1.0 2.3",
]
},
Expand Down Expand Up @@ -4364,6 +4372,7 @@ def rds_instance_minor_version_upgrade_check(cache: dict, session, awsAccountId:
"ISO 27001:2013 A.11.2.6",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.3.2",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.2",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.3.2",
"CIS AWS Database Services Benchmark V1.0 3.8",
"CIS AWS Database Services Benchmark V1.0 3.11"
]
Expand Down Expand Up @@ -4436,6 +4445,7 @@ def rds_instance_minor_version_upgrade_check(cache: dict, session, awsAccountId:
"ISO 27001:2013 A.11.2.6",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.3.2",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.3.2",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.3.2",
"CIS AWS Database Services Benchmark V1.0 3.8",
"CIS AWS Database Services Benchmark V1.0 3.11"
]
Expand Down
28 changes: 20 additions & 8 deletions eeauditor/auditors/aws/Amazon_S3_Auditor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -648,7 +648,8 @@ def aws_s3_bucket_policy_allows_public_access_check(cache: dict, session, awsAcc
"ISO 27001:2013 A.14.1.2",
"ISO 27001:2013 A.14.1.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.5",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.4"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.4",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.1.4"
]
},
"Workflow": {"Status": "NEW"},
Expand Down Expand Up @@ -757,7 +758,8 @@ def aws_s3_bucket_policy_allows_public_access_check(cache: dict, session, awsAcc
"ISO 27001:2013 A.14.1.2",
"ISO 27001:2013 A.14.1.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.5",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.4"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.4",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.1.4"
]
},
"Workflow": {"Status": "RESOLVED"},
Expand Down Expand Up @@ -882,7 +884,9 @@ def aws_s3_bucket_policy_check(cache: dict, session, awsAccountId: str, awsRegio
"ISO 27001:2013 A.13.2.4",
"ISO 27001:2013 A.14.1.2",
"ISO 27001:2013 A.14.1.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.5"
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.5",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.4",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.1.4"
]
},
"Workflow": {"Status": "NEW"},
Expand Down Expand Up @@ -987,7 +991,9 @@ def aws_s3_bucket_policy_check(cache: dict, session, awsAccountId: str, awsRegio
"ISO 27001:2013 A.13.2.4",
"ISO 27001:2013 A.14.1.2",
"ISO 27001:2013 A.14.1.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.5"
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.5",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.4",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.1.4"
]
},
"Workflow": {"Status": "RESOLVED"},
Expand Down Expand Up @@ -1332,7 +1338,9 @@ def s3_account_level_block(cache: dict, session, awsAccountId: str, awsRegion: s
"ISO 27001:2013 A.13.2.4",
"ISO 27001:2013 A.14.1.2",
"ISO 27001:2013 A.14.1.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.5"
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.5",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.4",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.1.4"
]
},
"Workflow": {"Status": "RESOLVED"},
Expand Down Expand Up @@ -1438,7 +1446,9 @@ def s3_account_level_block(cache: dict, session, awsAccountId: str, awsRegion: s
"ISO 27001:2013 A.13.2.4",
"ISO 27001:2013 A.14.1.2",
"ISO 27001:2013 A.14.1.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.5"
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.5",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.4",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.1.4"
]
},
"Workflow": {"Status": "NEW"},
Expand Down Expand Up @@ -1529,7 +1539,8 @@ def aws_s3_bucket_deny_http_access_check(cache: dict, session, awsAccountId: str
"ISO 27001:2013 A.14.1.2",
"ISO 27001:2013 A.14.1.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.2",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.1"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.1",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.1.1"
]
},
"Workflow": {"Status": "NEW"},
Expand Down Expand Up @@ -1591,7 +1602,8 @@ def aws_s3_bucket_deny_http_access_check(cache: dict, session, awsAccountId: str
"ISO 27001:2013 A.14.1.2",
"ISO 27001:2013 A.14.1.3",
"CIS Amazon Web Services Foundations Benchmark V1.5 2.1.2",
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.1"
"CIS Amazon Web Services Foundations Benchmark V2.0 2.1.1",
"CIS Amazon Web Services Foundations Benchmark V3.0 2.1.1"
]
},
"Workflow": {"Status": "RESOLVED"},
Expand Down

0 comments on commit c06c1ed

Please sign in to comment.