CIS Amazon Web Services Foundations L1 1.3.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Amazon Web Services Foundations L1 1.3.0

Updated: 7/12/2021

Authority: CIS

Plugin: amazon_aws

Revision: 1.6

Estimated Item Count: 64

Audit Items

Description	Categories
1.1 Maintain current contact details	INCIDENT RESPONSE
1.2 Ensure security contact information is registered	INCIDENT RESPONSE
1.3 Ensure security questions are registered in the AWS account	ACCESS CONTROL
1.4 Ensure no root user account access key exists - 'Access Key 1'	ACCESS CONTROL
1.4 Ensure no root user account access key exists - 'Access Key 2'	ACCESS CONTROL
1.5 Ensure MFA is enabled for the 'root user' account - root user account	IDENTIFICATION AND AUTHENTICATION
1.7 Eliminate use of the root user for administrative and daily tasks	SECURITY ASSESSMENT AND AUTHORIZATION
1.8 Ensure IAM password policy requires minimum length of 14 or greater	IDENTIFICATION AND AUTHENTICATION
1.9 Ensure IAM password policy prevents password reuse	IDENTIFICATION AND AUTHENTICATION
1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password	IDENTIFICATION AND AUTHENTICATION
1.11 Do not setup access keys during initial user setup for all IAM users that have a console password	IDENTIFICATION AND AUTHENTICATION
1.12 Ensure credentials unused for 90 days or greater are disabled	ACCESS CONTROL
1.13 Ensure there is only one active access key available for any single IAM user	IDENTIFICATION AND AUTHENTICATION
1.14 Ensure access keys are rotated every 90 days or less	IDENTIFICATION AND AUTHENTICATION
1.15 Ensure IAM Users Receive Permissions Only Through Groups	ACCESS CONTROL
1.16 Ensure IAM policies that allow full ':' administrative privileges are not attached - : administrative privileges are not attached	ACCESS CONTROL
1.17 Ensure a support role has been created to manage incidents with AWS Support	ACCESS CONTROL
1.19 Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed	CONFIGURATION MANAGEMENT
1.20 Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'	ACCESS CONTROL
1.21 Ensure that IAM Access analyzer is enabled	AUDIT AND ACCOUNTABILITY
3.1 Ensure CloudTrail is enabled in all regions - IncludeManagementEvents	AUDIT AND ACCOUNTABILITY
3.1 Ensure CloudTrail is enabled in all regions - IsLogging	AUDIT AND ACCOUNTABILITY
3.1 Ensure CloudTrail is enabled in all regions - IsMultiRegionTrail	AUDIT AND ACCOUNTABILITY
3.1 Ensure CloudTrail is enabled in all regions - ReadWriteType	AUDIT AND ACCOUNTABILITY
3.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible	AUDIT AND ACCOUNTABILITY
3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs - 'log group is configured'	AUDIT AND ACCOUNTABILITY
3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs - 'LogWatch Log Delivery'	AUDIT AND ACCOUNTABILITY
3.5 Ensure AWS Config is enabled in all regions - 'Include global resources'	AUDIT AND ACCOUNTABILITY
3.5 Ensure AWS Config is enabled in all regions - 'Record all resources supported in this region'	AUDIT AND ACCOUNTABILITY
3.5 Ensure AWS Config is enabled in all regions - 'Review defined S3 Bucket'	AUDIT AND ACCOUNTABILITY
3.5 Ensure AWS Config is enabled in all regions - 'Review defined SNS Topic'	AUDIT AND ACCOUNTABILITY
3.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket	AUDIT AND ACCOUNTABILITY
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'alarm exists'	AUDIT AND ACCOUNTABILITY
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'metric filter exists'	AUDIT AND ACCOUNTABILITY
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'subscription exists'	AUDIT AND ACCOUNTABILITY
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'alarm exists'	AUDIT AND ACCOUNTABILITY
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'metric filter exists'	AUDIT AND ACCOUNTABILITY
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'subscription exists'	AUDIT AND ACCOUNTABILITY
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'alarm exists'	AUDIT AND ACCOUNTABILITY
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'metric filter exists'	AUDIT AND ACCOUNTABILITY
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'subscription exists'	AUDIT AND ACCOUNTABILITY
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'alarm exists'	AUDIT AND ACCOUNTABILITY
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'metric filter exists'	AUDIT AND ACCOUNTABILITY
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'subscription exists'	AUDIT AND ACCOUNTABILITY
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'alarm exists'	AUDIT AND ACCOUNTABILITY
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'metric filter exists'	AUDIT AND ACCOUNTABILITY
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'subscription exists'	AUDIT AND ACCOUNTABILITY
4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes - 'alarm exists'	AUDIT AND ACCOUNTABILITY
4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes - 'metric filter exists'	AUDIT AND ACCOUNTABILITY
4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes - 'subscription exists'	AUDIT AND ACCOUNTABILITY

Detections

Analytics

CIS Amazon Web Services Foundations L1 1.3.0

Warning! Audit Deprecated

Audit Details

Audit Items