Detections
Analytics

CIS Amazon Web Services Foundations L2 1.3.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Amazon Web Services Foundations L2 1.3.0

Updated: 7/12/2021

Authority: CIS

Plugin: amazon_aws

Revision: 1.5

Estimated Item Count: 30

Audit Items

DescriptionCategories
1.6 Ensure hardware MFA is enabled for the 'root user' account - root user account

IDENTIFICATION AND AUTHENTICATION

1.18 Ensure IAM instance roles are used for AWS resource access from instances

ACCESS CONTROL

1.22 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
2.1.1 Ensure all S3 buckets employ encryption-at-rest
2.1.2 Ensure S3 Bucket Policy allows HTTPS requests
2.2.1 Ensure EBS volume encryption is enabled
3.2 Ensure CloudTrail log file validation is enabled

AUDIT AND ACCOUNTABILITY

3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Ensure rotation for customer created CMKs is enabled

CONFIGURATION MANAGEMENT

3.9 Ensure VPC flow logging is enabled in all VPCs
3.10 Ensure that Object-level logging for write events is enabled for S3 bucket
3.11 Ensure that Object-level logging for read events is enabled for S3 bucket
4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'alarm exists'

AUDIT AND ACCOUNTABILITY

4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'metric filter exists'

AUDIT AND ACCOUNTABILITY

4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'subscription exists'

AUDIT AND ACCOUNTABILITY

4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'alarm exists'

AUDIT AND ACCOUNTABILITY

4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'metric filter exists'

AUDIT AND ACCOUNTABILITY

4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'subscription exists'

AUDIT AND ACCOUNTABILITY

4.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes - 'alarm exists'

AUDIT AND ACCOUNTABILITY

4.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes - 'metric filter exists'

AUDIT AND ACCOUNTABILITY

4.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes - 'subscription exists'

AUDIT AND ACCOUNTABILITY

4.10 Ensure a log metric filter and alarm exist for security group changes - 'alarm exists'

AUDIT AND ACCOUNTABILITY

4.10 Ensure a log metric filter and alarm exist for security group changes - 'metric filter exists'

AUDIT AND ACCOUNTABILITY

4.10 Ensure a log metric filter and alarm exist for security group changes - 'subscription exists'

AUDIT AND ACCOUNTABILITY

4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'alarm exists'

AUDIT AND ACCOUNTABILITY

4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'metric filter exists'

AUDIT AND ACCOUNTABILITY

4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'subscription exists'

AUDIT AND ACCOUNTABILITY

5.3 Ensure the default security group of every VPC restricts all traffic - 'No Inbound Rules exist

SYSTEM AND COMMUNICATIONS PROTECTION

5.3 Ensure the default security group of every VPC restricts all traffic - 'No Outbound Rules exist

SYSTEM AND COMMUNICATIONS PROTECTION

5.4 Ensure routing tables for VPC peering are 'least access' - least access

SYSTEM AND COMMUNICATIONS PROTECTION