CIS Amazon Web Services Foundations v4.0.1 L2

Audit Details

Name: CIS Amazon Web Services Foundations v4.0.1 L2

Updated: 3/4/2025

Authority: CIS

Plugin: amazon_aws

Revision: 1.0

Estimated Item Count: 22

File Details

Filename: CIS_Amazon_Web_Services_Foundations_v4.0.1_L2.audit

Size: 97.7 kB

MD5: ec4be79b5408c506cbb1537cbcfb2b9a
SHA256: 3261904292b8aeacb6909a7a9c499cb2f4c04511aa0a077d6460b9cdc6ef74d0

Audit Items

DescriptionCategories
1.6 Ensure hardware MFA is enabled for the 'root' user account

IDENTIFICATION AND AUTHENTICATION

1.18 Ensure IAM instance roles are used for AWS resource access from instances

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.21 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments

ACCESS CONTROL

2.1.1 Ensure S3 Bucket Policy is set to deny HTTP requests

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.2 Ensure MFA Delete is enabled on S3 buckets

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION

2.1.3 Ensure all data in Amazon S3 has been discovered, classified, and secured when necessary

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

3.2 Ensure CloudTrail log file validation is enabled

AUDIT AND ACCOUNTABILITY

3.3 Ensure AWS Config is enabled in all regions

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT

3.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs

AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Ensure rotation for customer-created symmetric CMKs is enabled

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Ensure VPC flow logging is enabled in all VPCs

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

3.8 Ensure that object-level logging for write events is enabled for S3 buckets

AUDIT AND ACCOUNTABILITY

3.9 Ensure that object-level logging for read events is enabled for S3 buckets

AUDIT AND ACCOUNTABILITY

4.1 Ensure unauthorized API calls are monitored

AUDIT AND ACCOUNTABILITY

4.6 Ensure AWS Management Console authentication failures are monitored

AUDIT AND ACCOUNTABILITY

4.7 Ensure disabling or scheduled deletion of customer created CMKs is monitored

AUDIT AND ACCOUNTABILITY

4.9 Ensure AWS Config configuration changes are monitored

AUDIT AND ACCOUNTABILITY

4.10 Ensure security group changes are monitored

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION

4.11 Ensure Network Access Control List (NACL) changes are monitored

AUDIT AND ACCOUNTABILITY

4.16 Ensure AWS Security Hub is enabled

RISK ASSESSMENT

5.5 Ensure the default security group of every VPC restricts all traffic

ACCESS CONTROL, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

5.6 Ensure routing tables for VPC peering are "least access"

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION