1.1 Ensure a customer created Customer Master Key (CMK) is created for the Web-tier | ACCESS CONTROL |
1.2 Ensure a customer created Customer Master Key (CMK) is created for the App-tier | ACCESS CONTROL |
1.3 Ensure a customer created Customer Master Key (CMK) is created for the Database-Tier | ACCESS CONTROL |
1.11 Ensure Web Tier ELB is using HTTPS listener | IDENTIFICATION AND AUTHENTICATION |
1.12 Ensure App Tier ELB have SSL\TLS Certificate attached | SYSTEM AND COMMUNICATIONS PROTECTION |
1.13 Ensure App Tier ELB have the latest SSL Security Policies configured | SYSTEM AND COMMUNICATIONS PROTECTION |
1.14 Ensure App Tier ELB is using HTTPS listener | IDENTIFICATION AND AUTHENTICATION |
1.15 Ensure all Public Web Tier SSL\TLS certificates are >30 days from Expiration | SYSTEM AND INFORMATION INTEGRITY |
1.17 Ensure CloudFront to Origin connection is configured using TLS1.1+ as the SSL\TLS protocol | SYSTEM AND COMMUNICATIONS PROTECTION |
3.12 Configure HTTP to HTTPS Redirects with a CloudFront Viewer Protocol Policy | SYSTEM AND COMMUNICATIONS PROTECTION |
3.13 Ensure all CloudFront Distributions require HTTPS between CloudFront and your Web-Tier ELB origin | SYSTEM AND COMMUNICATIONS PROTECTION |
6.1 Ensure Root Domain Alias Record Points to ELB | SYSTEM AND COMMUNICATIONS PROTECTION |
6.2 Ensure a DNS alias record for the root domain | SYSTEM AND COMMUNICATIONS PROTECTION |
6.4 Ensure Geo-Restriction is enabled within Cloudfront Distribution | SYSTEM AND COMMUNICATIONS PROTECTION |
6.30 Ensure RDS Database is not publically accessible | SYSTEM AND COMMUNICATIONS PROTECTION |
6.31 Don't use the default VPC | |