CIS Amazon Web Services Foundations L2 1.4.0

Audit Details

Name: CIS Amazon Web Services Foundations L2 1.4.0

Updated: 4/25/2022

Authority: CIS

Plugin: amazon_aws

Revision: 1.4

Estimated Item Count: 34

File Details

Filename: CIS_Amazon_Web_Services_Foundations_v1.4.0_L2.audit

Size: 131 kB

MD5: 7acc6735c2fb3c6878425de0b42ce272
SHA256: b97144669cdf24577ca5f3a1137ef944a9da03ef18ed6fa13c9e04ada7c85081

Audit Items

DescriptionCategories
1.6 Ensure hardware MFA is enabled for the 'root' user account

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.18 Ensure IAM instance roles are used for AWS resource access from instances

ACCESS CONTROL

1.21 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments

ACCESS CONTROL

2.1.1 Ensure all S3 buckets employ encryption-at-rest

IDENTIFICATION AND AUTHENTICATION

2.1.2 Ensure S3 Bucket Policy is set to deny HTTP requests

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.4 Ensure all data in Amazon S3 has been discovered, classified and secured when required.

CONFIGURATION MANAGEMENT

3.2 Ensure CloudTrail log file validation is enabled

AUDIT AND ACCOUNTABILITY

3.5 Ensure AWS Config is enabled in all regions - 'Include global resources'

CONFIGURATION MANAGEMENT

3.5 Ensure AWS Config is enabled in all regions - 'Record all resources supported in this region'

CONFIGURATION MANAGEMENT

3.5 Ensure AWS Config is enabled in all regions - 'Review defined S3 Bucket'

CONFIGURATION MANAGEMENT

3.5 Ensure AWS Config is enabled in all regions - 'Review defined SNS Topic'

CONFIGURATION MANAGEMENT

3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs

IDENTIFICATION AND AUTHENTICATION

3.8 Ensure rotation for customer created CMKs is enabled

IDENTIFICATION AND AUTHENTICATION

3.9 Ensure VPC flow logging is enabled in all VPCs

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

3.10 Ensure that Object-level logging for write events is enabled for S3 bucket

AUDIT AND ACCOUNTABILITY

3.11 Ensure that Object-level logging for read events is enabled for S3 bucket

AUDIT AND ACCOUNTABILITY

4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'alarm exists'

AUDIT AND ACCOUNTABILITY

4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'metric filter exists'

AUDIT AND ACCOUNTABILITY

4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'subscription exists'

AUDIT AND ACCOUNTABILITY

4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'alarm exists'

AUDIT AND ACCOUNTABILITY

4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'metric filter exists'

AUDIT AND ACCOUNTABILITY

4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'subscription exists'

AUDIT AND ACCOUNTABILITY

4.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes - 'alarm exists'

AUDIT AND ACCOUNTABILITY

4.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes - 'metric filter exists'

AUDIT AND ACCOUNTABILITY

4.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes - 'subscription exists'

AUDIT AND ACCOUNTABILITY

4.10 Ensure a log metric filter and alarm exist for security group changes - 'alarm exists'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION

4.10 Ensure a log metric filter and alarm exist for security group changes - 'metric filter exists'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION

4.10 Ensure a log metric filter and alarm exist for security group changes - 'subscription exists'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION

4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'alarm exists'

AUDIT AND ACCOUNTABILITY

4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'metric filter exists'

AUDIT AND ACCOUNTABILITY

4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'subscription exists'

AUDIT AND ACCOUNTABILITY

5.3 Ensure the default security group of every VPC restricts all traffic - 'No Inbound Rules exist

ACCESS CONTROL, MEDIA PROTECTION

5.3 Ensure the default security group of every VPC restricts all traffic - 'No Outbound Rules exist

ACCESS CONTROL, MEDIA PROTECTION

5.4 Ensure routing tables for VPC peering are 'least access' - least access

ACCESS CONTROL, MEDIA PROTECTION