Detections
Analytics

CIS Amazon Web Services Foundations L1 1.4.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Amazon Web Services Foundations L1 1.4.0

Updated: 12/19/2022

Authority: Cloud Services

Plugin: amazon_aws

Revision: 1.4

Estimated Item Count: 64

Audit Items

DescriptionCategories
1.1 Maintain current contact details
1.2 Ensure security contact information is registered
1.3 Ensure security questions are registered in the AWS account
1.4 Ensure no 'root' user account access key exists - 'Access Key 1'
1.4 Ensure no 'root' user account access key exists - 'Access Key 2'
1.5 Ensure MFA is enabled for the 'root' user account
1.7 Eliminate use of the 'root' user for administrative and daily tasks
1.8 Ensure IAM password policy requires minimum length of 14 or greater
1.9 Ensure IAM password policy prevents password reuse
1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
1.11 Do not setup access keys during initial user setup for all IAM users that have a console password
1.12 Ensure credentials unused for 45 days or greater are disabled
1.13 Ensure there is only one active access key available for any single IAM user
1.14 Ensure access keys are rotated every 90 days or less
1.15 Ensure IAM Users Receive Permissions Only Through Groups
1.16 Ensure IAM policies that allow full '*:*' administrative privileges are not attached - *:* administrative privileges are not attached
1.17 Ensure a support role has been created to manage incidents with AWS Support
1.19 Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
1.20 Ensure that IAM Access analyzer is enabled for all regions
2.1.3 Ensure MFA Delete is enable on S3 buckets - MfaDelete
2.1.3 Ensure MFA Delete is enable on S3 buckets - versioning status
2.1.5 Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
2.2.1 Ensure EBS volume encryption is enabled
2.3.1 Ensure that encryption is enabled for RDS Instances
3.1 Ensure CloudTrail is enabled in all regions - IncludeManagementEvents
3.1 Ensure CloudTrail is enabled in all regions - IsLogging
3.1 Ensure CloudTrail is enabled in all regions - IsMultiRegionTrail
3.1 Ensure CloudTrail is enabled in all regions - ReadWriteType
3.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs - 'log group is configured'
3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs - 'LogWatch Log Delivery'
3.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'alarm exists'
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'metric filter exists'
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'subscription exists'
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'alarm exists'
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'metric filter exists'
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'subscription exists'
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'alarm exists'
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'metric filter exists'
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'subscription exists'
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'alarm exists'
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'metric filter exists'
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'subscription exists'
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'alarm exists'
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'metric filter exists'
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'subscription exists'
4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes - 'alarm exists'
4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes - 'metric filter exists'
4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes - 'subscription exists'