本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
整合對 ASFF 欄位和值的影響
AWS Security Hub Cloud Security Posture Management (CSPM) 為控制項提供兩種類型的整合:
-
合併控制項檢視 – 使用這種類型的合併,每個控制項在所有標準中都有一個識別符。此外,在 Security Hub CSPM 主控台上,控制項頁面會顯示所有標準的所有控制項。
-
合併控制問題清單 – 透過這種類型的整合,Security Hub CSPM 會為控制項產生單一問題清單,即使控制項適用於多個啟用的標準。這可以減少問題清單雜訊。
您無法啟用或停用合併控制項檢視。如果您在 2023 年 2 月 23 日或之後啟用 Security Hub CSPM,則預設會啟用合併控制調查結果。否則,預設為停用。不過,對於組織,只有在管理員帳戶啟用合併控制問題清單時,才會為 Security Hub CSPM 成員帳戶啟用合併控制問題清單。若要進一步了解合併控制問題清單,請參閱 產生和更新控制問題清單。
這兩種類型的合併都會影響 中控制項調查結果的欄位和值AWS 安全調查結果格式 (ASFF)。
合併控制項檢視 – ASFF 變更
合併控制項檢視功能對 ASFF 中控制項調查結果的欄位和值進行了下列變更。如果您的工作流程不依賴這些 ASFF 欄位的值,則不需要採取任何動作。如果您有依賴這些欄位特定值的工作流程,請更新您的工作流程以使用目前的值。
| ASFF 欄位 | 合併控制項檢視之前的範本值 | 合併控制項檢視後的範例值,以及變更的說明 |
|---|---|---|
|
Compliance.SecurityControlId |
不適用 (新欄位) |
EC2.2 跨標準引進單一控制項 ID。 |
|
Compliance.AssociatedStandards |
不適用 (新欄位) |
【{"StandardsId": "standards/aws-foundational-security-best-practices/v/1.0.0"}】 顯示要在哪些標準中啟用控制項。 |
|
ProductFields.ArchivalReasons:0/Description |
不適用 (新欄位) |
「調查結果處於封存狀態,因為已開啟或關閉合併控制調查結果。這會導致在產生新問題清單時封存先前狀態的問題清單。」 說明 Security Hub CSPM 封存現有問題清單的原因。 |
|
ProductFields.ArchivalReasons:0/ReasonCode |
不適用 (新欄位) |
「CONSOLIDATED_CONTROL_FINDINGS_UPDATE」 提供 Security Hub CSPM 已封存現有問題清單的原因。 |
|
ProductFields.RecommendationUrl |
https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation |
https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此欄位不再參考標準。 |
|
Remediation.Recommendation.Text |
「如需如何修正此問題的指示,請參閱 AWS Security Hub Cloud Security Posture Management (CSPM) PCI DSS 文件。」 |
「如需如何修正此問題的指示,請參閱 AWS Security Hub Cloud Security Posture Management (CSPM) 控制文件。」 此欄位不再參考標準。 |
|
Remediation.Recommendation.Url |
https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation |
https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此欄位不再參考標準。 |
合併控制調查結果 – ASFF 變更
如果您啟用合併控制調查結果,則 ASFF 中控制調查結果的欄位和值可能會受到下列變更的影響。這些變更是合併控制項檢視功能引進的變更之外的變更。如果您的工作流程不依賴這些 ASFF 欄位的值,則不需要採取任何動作。如果您有依賴這些欄位特定值的工作流程,請更新您的工作流程以使用目前的值。
提示
如果您在 AWS v2.0.0 解決方案上使用自動安全回應
| ASFF 欄位 | 啟用合併控制問題清單之前的範例值 | 啟用合併控制調查結果後的範例值,以及變更的說明 |
|---|---|---|
| GeneratorId | aws-foundational-security-best-practices/v/1.0.0/Config.1 |
security-control/Config.1 此欄位不再參考標準。 |
| Title | AWS Config 應啟用 PCI.Config.1 |
AWS Config 應啟用 此欄位不再參考標準特定資訊。 |
| Id |
arn:aws:securityhub:eu-central-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.IAM.5/finding/ab6d6a26-a156-48f0-9403-115983e5a956 |
arn:aws:securityhub:eu-central-1:123456789012:security-control/iam.9/finding/ab6d6a26-a156-48f0-9403-115983e5a956 此欄位不再參考標準。 |
| ProductFields.ControlId | PCI.EC2.2 |
已移除。請 此欄位會移除,以便使用單一、標準無關的控制 ID。 |
| ProductFields.RuleId | 1.3 |
已移除。請 此欄位會移除,以便使用單一、標準無關的控制 ID。 |
| 描述 | 此 PCI DSS 控制項會檢查目前帳戶和區域中是否 AWS Config 已啟用 。 |
此 AWS 控制項 AWS Config 會檢查目前帳戶和區域中是否已啟用 。 此欄位不再參考標準。 |
| 嚴重性 |
「嚴重性」:{ 「產品」:90、 "標籤": "CRITICAL", 「標準化」:90、 "Original": "CRITICAL" } |
「嚴重性」:{ "標籤": "CRITICAL", 「標準化」:90、 "Original": "CRITICAL" } Security Hub CSPM 不再使用產品欄位來描述調查結果的嚴重性。 |
| 類型 | 【「軟體和組態檢查/產業和法規標準/PCI-DSS」】 | 【「軟體和組態檢查/產業和法規標準」】 此欄位不再參考標準。 |
| Compliance.RelatedRequirements |
【「PCI DSS 10.5.2」, 「PCI DSS 11.5」, 「CIS AWS Foundations 2.5」】 |
【「PCI DSS v3.2.1/10.5.2」, 「PCI DSS v3.2.1/11.5」, 「CIS AWS Foundations Benchmark v1.2.0/2.5」】 此欄位顯示所有啟用標準中的相關需求。 |
| CreatedAt | 2022-05-05T08:18:13.138Z |
2022-09-25T08:18:13.138Z 格式保持不變,但值會在您啟用合併控制調查結果時重設。 |
| FirstObservedAt |
2022-05-07T08:18:13.138Z |
2022-09-28T08:18:13.138Z 格式保持不變,但值會在您啟用合併控制調查結果時重設。 |
| ProductFields.RecommendationUrl | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation |
已移除。請 |
| ProductFields.StandardsArn |
arn:aws:securityhub::standards/aws-foundational-security-best-practices/v/1.0.0 |
已移除。請 |
| ProductFields.StandardsControlArn |
arn:aws:securityhub:us-east-1:123456789012:control/aws-foundational-security-best-practices/v/1.0.0/Config.1 |
已移除。Security Hub CSPM 會針對跨標準的安全性檢查產生一個問題清單。 |
| ProductFields.StandardsGuideArn | arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0 |
已移除。請 |
| ProductFields.StandardsGuideSubscriptionArn | arn:aws:securityhub:us-east-2:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0 |
已移除。Security Hub CSPM 會針對跨標準的安全性檢查產生一個問題清單。 |
| ProductFields.StandardsSubscriptionArn | arn:aws:securityhub:us-east-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0 |
已移除。Security Hub CSPM 會針對跨標準的安全性檢查產生一個問題清單。 |
| ProductFields.aws/securityhub/FindingId | arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0/Config.1/finding/751c2173-7372-4e12-8656-a5210dfb1d67 |
arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:security-control/Config.1/finding/751c2173-7372-4e12-8656-a5210dfb1d67 此欄位不再參考標準。 |
開啟合併控制問題清單後,客戶提供 ASFF 欄位的值
如果您啟用合併控制問題清單,Security Hub CSPM 會跨標準產生一個問題清單,並封存原始問題清單 (每個標準都有不同的問題清單)。
您使用 Security Hub CSPM 主控台或 BatchUpdateFindings操作對原始調查結果所做的更新將不會保留在新的調查結果中。如有必要,您可以參考封存的問題清單來復原此資料。若要檢閱封存的問題清單,您可以使用 Security Hub CSPM 主控台上的問題清單頁面,並將記錄狀態篩選條件設定為封存。或者,您可以使用 Security Hub CSPM API GetFindings的操作。
| 客戶提供的 ASFF 欄位 | 啟用合併控制問題清單之後的變更描述 |
|---|---|
| 可信度 | 重設為空白狀態。 |
| 重要性 | 重設為空白狀態。 |
| 注意 | 重設為空白狀態。 |
| RelatedFindings | 重設為空白狀態。 |
| 嚴重性 | 問題清單的預設嚴重性 (符合控制項的嚴重性)。 |
| 類型 | 重設為標準無關值。 |
| UserDefinedFields | 重設為空白狀態。 |
| VerificationState | 重設為空白狀態。 |
| 工作流程 | 新的失敗問題清單預設值為 NEW。新傳遞的問題清單的預設值為 RESOLVED。 |
啟用合併控制問題清單前後IDs
下表列出啟用合併控制問題清單時,控制項的產生器 ID 值變更。這些變更適用於自 2023 年 2 月 15 日起 Security Hub CSPM 支援的控制項。
| 啟用合併控制問題清單之前的 GeneratorID | 啟用合併控制問題清單後的 GeneratorID |
|---|---|
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.1 |
security-control/CloudWatch.1 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.10 |
security-control/IAM.16 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.11 |
security-control/IAM.17 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.12 |
security-control/IAM.4 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.13 |
security-control/IAM.9 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.14 |
security-control/IAM.6 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.16 |
security-control/IAM.2 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.2 |
security-control/IAM.5 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.20 |
security-control/IAM.18 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.22 |
security-control/IAM.1 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.3 |
security-control/IAM.8 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.4 |
security-control/IAM.3 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.5 |
security-control/IAM.11 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.6 |
security-control/IAM.12 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.7 |
security-control/IAM.13 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.8 |
security-control/IAM.14 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.9 |
security-control/IAM.15 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.1 |
security-control/CloudTrail.1 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.2 |
security-control/CloudTrail.4 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.3 |
security-control/CloudTrail.6 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.4 |
security-control/CloudTrail.5 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.5 |
security-control/Config.1 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.6 |
security-control/CloudTrail.7 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.7 |
security-control/CloudTrail.2 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.8 |
security-control/KMS.4 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.9 |
security-control/EC2.6 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.1 |
security-control/CloudWatch.2 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.2 |
security-control/CloudWatch.3 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.3 |
security-control/CloudWatch.1 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.4 |
security-control/CloudWatch.4 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.5 |
security-control/CloudWatch.5 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.6 |
security-control/CloudWatch.6 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.7 |
security-control/CloudWatch.7 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.8 |
security-control/CloudWatch.8 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.9 |
security-control/CloudWatch.9 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.10 |
security-control/CloudWatch.10 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.11 |
security-control/CloudWatch.11 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.12 |
security-control/CloudWatch.12 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.13 |
security-control/CloudWatch.13 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.14 |
security-control/CloudWatch.14 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.1 |
security-control/EC2.13 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.2 |
security-control/EC2.14 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.3 |
security-control/EC2.2 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.10 |
security-control/IAM.5 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.14 |
security-control/IAM.3 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.16 |
security-control/IAM.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.17 |
security-control/IAM.18 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.4 |
security-control/IAM.4 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.5 |
security-control/IAM.9 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.6 |
security-control/IAM.6 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.7 |
security-control/CloudWatch.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.8 |
security-control/IAM.15 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.9 |
security-control/IAM.16 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.1.2 |
security-control/S3.5 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.1.5.1 |
security-control/S3.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.1.5.2 |
security-control/S3.8 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.2.1 |
security-control/EC2.7 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.3.1 |
security-control/RDS.3 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.1 |
security-control/CloudTrail.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.2 |
security-control/CloudTrail.4 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.4 |
security-control/CloudTrail.5 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.5 |
security-control/Config.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.6 |
security-control/S3.9 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.7 |
security-control/CloudTrail.2 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.8 |
security-control/KMS.4 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.9 |
security-control/EC2.6 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.3 |
security-control/CloudWatch.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.4 |
security-control/CloudWatch.4 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.5 |
security-control/CloudWatch.5 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.6 |
security-control/CloudWatch.6 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.7 |
security-control/CloudWatch.7 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.8 |
security-control/CloudWatch.8 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.9 |
security-control/CloudWatch.9 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.10 |
security-control/CloudWatch.10 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.11 |
security-control/CloudWatch.11 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.12 |
security-control/CloudWatch.12 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.13 |
security-control/CloudWatch.13 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.14 |
security-control/CloudWatch.14 |
|
cis-aws-foundations-benchmark/v/1.4.0/5.1 |
security-control/EC2.21 |
|
cis-aws-foundations-benchmark/v/1.4.0/5.3 |
security-control/EC2.2 |
|
aws-foundational-security-best-practices/v/1.0.0/Account.1 |
security-control/Account.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ACM.1 |
security-control/ACM.1 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.1 |
security-control/APIGateway.1 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.2 |
security-control/APIGateway.2 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.3 |
security-control/APIGateway.3 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.4 |
security-control/APIGateway.4 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.5 |
security-control/APIGateway.5 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.8 |
security-control/APIGateway.8 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.9 |
security-control/APIGateway.9 |
|
aws-foundational-security-best-practices/v/1.0.0/AutoScaling.1 |
security-control/AutoScaling.1 |
|
aws-foundational-security-best-practices/v/1.0.0/AutoScaling.2 |
security-control/AutoScaling.2 |
|
aws-foundational-security-best-practices/v/1.0.0/AutoScaling.3 |
security-control/AutoScaling.3 |
|
aws-foundational-security-best-practices/v/1.0.0/Autoscaling.5 |
security-control/Autoscaling.5 |
|
aws-foundational-security-best-practices/v/1.0.0/AutoScaling.6 |
security-control/AutoScaling.6 |
|
aws-foundational-security-best-practices/v/1.0.0/AutoScaling.9 |
security-control/AutoScaling.9 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.1 |
security-control/CloudFront.1 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.3 |
security-control/CloudFront.3 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.4 |
security-control/CloudFront.4 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.5 |
security-control/CloudFront.5 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.6 |
security-control/CloudFront.6 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.7 |
security-control/CloudFront.7 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.8 |
security-control/CloudFront.8 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.9 |
security-control/CloudFront.9 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.10 |
security-control/CloudFront.10 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.12 |
security-control/CloudFront.12 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudTrail.1 |
security-control/CloudTrail.1 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2 |
security-control/CloudTrail.2 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudTrail.4 |
security-control/CloudTrail.4 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudTrail.5 |
security-control/CloudTrail.5 |
|
aws-foundational-security-best-practices/v/1.0.0/CodeBuild.1 |
security-control/CodeBuild.1 |
|
aws-foundational-security-best-practices/v/1.0.0/CodeBuild.2 |
security-control/CodeBuild.2 |
|
aws-foundational-security-best-practices/v/1.0.0/CodeBuild.3 |
security-control/CodeBuild.3 |
|
aws-foundational-security-best-practices/v/1.0.0/CodeBuild.4 |
security-control/CodeBuild.4 |
|
aws-foundational-security-best-practices/v/1.0.0/Config.1 |
security-control/Config.1 |
|
aws-foundational-security-best-practices/v/1.0.0/DMS.1 |
security-control/DMS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/DynamoDB.1 |
security-control/DynamoDB.1 |
|
aws-foundational-security-best-practices/v/1.0.0/DynamoDB.2 |
security-control/DynamoDB.2 |
|
aws-foundational-security-best-practices/v/1.0.0/DynamoDB.3 |
security-control/DynamoDB.3 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.1 |
security-control/EC2.1 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.3 |
security-control/EC2.3 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.4 |
security-control/EC2.4 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.6 |
security-control/EC2.6 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.7 |
security-control/EC2.7 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.8 |
security-control/EC2.8 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.9 |
security-control/EC2.9 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.10 |
security-control/EC2.10 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.15 |
security-control/EC2.15 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.16 |
security-control/EC2.16 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.17 |
security-control/EC2.17 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.18 |
security-control/EC2.18 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.19 |
security-control/EC2.19 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.2 |
security-control/EC2.2 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.20 |
security-control/EC2.20 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.21 |
security-control/EC2.21 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.23 |
security-control/EC2.23 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.24 |
security-control/EC2.24 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.25 |
security-control/EC2.25 |
|
aws-foundational-security-best-practices/v/1.0.0/ECR.1 |
security-control/ECR.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ECR.2 |
security-control/ECR.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ECR.3 |
security-control/ECR.3 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.1 |
security-control/ECS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.10 |
security-control/ECS.10 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.12 |
security-control/ECS.12 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.2 |
security-control/ECS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.3 |
security-control/ECS.3 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.4 |
security-control/ECS.4 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.5 |
security-control/ECS.5 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.8 |
security-control/ECS.8 |
|
aws-foundational-security-best-practices/v/1.0.0/EFS.1 |
security-control/EFS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/EFS.2 |
security-control/EFS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/EFS.3 |
security-control/EFS.3 |
|
aws-foundational-security-best-practices/v/1.0.0/EFS.4 |
security-control/EFS.4 |
|
aws-foundational-security-best-practices/v/1.0.0/EKS.2 |
security-control/EKS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ElasticBeanstalk.1 |
security-control/ElasticBeanstalk.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ElasticBeanstalk.2 |
security-control/ElasticBeanstalk.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ELBv2.1 |
security-control/ELB.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.2 |
security-control/ELB.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.3 |
security-control/ELB.3 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.4 |
security-control/ELB.4 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.5 |
security-control/ELB.5 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.6 |
security-control/ELB.6 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.7 |
security-control/ELB.7 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.8 |
security-control/ELB.8 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.9 |
security-control/ELB.9 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.10 |
security-control/ELB.10 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.11 |
security-control/ELB.11 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.12 |
security-control/ELB.12 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.13 |
security-control/ELB.13 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.14 |
security-control/ELB.14 |
|
aws-foundational-security-best-practices/v/1.0.0/EMR.1 |
security-control/EMR.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.1 |
security-control/ES.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.2 |
security-control/ES.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.3 |
security-control/ES.3 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.4 |
security-control/ES.4 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.5 |
security-control/ES.5 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.6 |
security-control/ES.6 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.7 |
security-control/ES.7 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.8 |
security-control/ES.8 |
|
aws-foundational-security-best-practices/v/1.0.0/GuardDuty.1 |
security-control/GuardDuty.1 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.1 |
security-control/IAM.1 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.2 |
security-control/IAM.2 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.21 |
security-control/IAM.21 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.3 |
security-control/IAM.3 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.4 |
security-control/IAM.4 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.5 |
security-control/IAM.5 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.6 |
security-control/IAM.6 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.7 |
security-control/IAM.7 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.8 |
security-control/IAM.8 |
|
aws-foundational-security-best-practices/v/1.0.0/Kinesis.1 |
security-control/Kinesis.1 |
|
aws-foundational-security-best-practices/v/1.0.0/KMS.1 |
security-control/KMS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/KMS.2 |
security-control/KMS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/KMS.3 |
security-control/KMS.3 |
|
aws-foundational-security-best-practices/v/1.0.0/Lambda.1 |
security-control/Lambda.1 |
|
aws-foundational-security-best-practices/v/1.0.0/Lambda.2 |
security-control/Lambda.2 |
|
aws-foundational-security-best-practices/v/1.0.0/Lambda.5 |
security-control/Lambda.5 |
|
aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.3 |
security-control/NetworkFirewall.3 |
|
aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.4 |
security-control/NetworkFirewall.4 |
|
aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.5 |
security-control/NetworkFirewall.5 |
|
aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.6 |
security-control/NetworkFirewall.6 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.1 |
security-control/Opensearch.1 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.2 |
security-control/Opensearch.2 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.3 |
security-control/Opensearch.3 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.4 |
security-control/Opensearch.4 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.5 |
security-control/Opensearch.5 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.6 |
security-control/Opensearch.6 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.7 |
security-control/Opensearch.7 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.8 |
security-control/Opensearch.8 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.1 |
security-control/RDS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.10 |
security-control/RDS.10 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.11 |
security-control/RDS.11 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.12 |
security-control/RDS.12 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.13 |
security-control/RDS.13 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.14 |
security-control/RDS.14 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.15 |
security-control/RDS.15 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.16 |
security-control/RDS.16 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.17 |
security-control/RDS.17 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.19 |
security-control/RDS.19 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.2 |
security-control/RDS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.20 |
security-control/RDS.20 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.21 |
security-control/RDS.21 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.22 |
security-control/RDS.22 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.23 |
security-control/RDS.23 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.24 |
security-control/RDS.24 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.25 |
security-control/RDS.25 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.3 |
security-control/RDS.3 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.4 |
security-control/RDS.4 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.5 |
security-control/RDS.5 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.6 |
security-control/RDS.6 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.7 |
security-control/RDS.7 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.8 |
security-control/RDS.8 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.9 |
security-control/RDS.9 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.1 |
security-control/Redshift.1 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.2 |
security-control/Redshift.2 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.3 |
security-control/Redshift.3 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.4 |
security-control/Redshift.4 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.6 |
security-control/Redshift.6 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.7 |
security-control/Redshift。7 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.8 |
security-control/Redshift.8 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.9 |
security-control/Redshift.9 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.1 |
security-control/S3.1 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.12 |
security-control/S3.12 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.13 |
security-control/S3.13 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.2 |
security-control/S3.2 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.3 |
security-control/S3.3 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.5 |
security-control/S3.5 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.6 |
security-control/S3.6 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.8 |
security-control/S3.8 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.9 |
security-control/S3.9 |
|
aws-foundational-security-best-practices/v/1.0.0/SageMaker.1 |
security-control/SageMaker.1 |
|
aws-foundational-security-best-practices/v/1.0.0/SageMaker.2 |
security-control/SageMaker.2 |
|
aws-foundational-security-best-practices/v/1.0.0/SageMaker.3 |
security-control/SageMaker.3 |
|
aws-foundational-security-best-practices/v/1.0.0/SecretsManager.1 |
security-control/SecretsManager.1 |
|
aws-foundational-security-best-practices/v/1.0.0/SecretsManager.2 |
security-control/SecretsManager.2 |
|
aws-foundational-security-best-practices/v/1.0.0/SecretsManager.3 |
security-control/SecretsManager.3 |
|
aws-foundational-security-best-practices/v/1.0.0/SecretsManager.4 |
security-control/SecretsManager.4 |
|
aws-foundational-security-best-practices/v/1.0.0/SQS.1 |
security-control/SQS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/SSM.1 |
security-control/SSM.1 |
|
aws-foundational-security-best-practices/v/1.0.0/SSM.2 |
security-control/SSM.2 |
|
aws-foundational-security-best-practices/v/1.0.0/SSM.3 |
security-control/SSM.3 |
|
aws-foundational-security-best-practices/v/1.0.0/SSM.4 |
security-control/SSM.4 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.1 |
security-control/WAF.1 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.2 |
security-control/WAF.2 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.3 |
security-control/WAF.3 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.4 |
security-control/WAF.4 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.6 |
security-control/WAF.6 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.7 |
security-control/WAF.7 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.8 |
security-control/WAF.8 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.10 |
security-control/WAF.10 |
|
pci-dss/v/3.2.1/PCI.AutoScaling.1 |
security-control/AutoScaling.1 |
|
pci-dss/v/3.2.1/PCI.CloudTrail.1 |
security-control/CloudTrail.2 |
|
pci-dss/v/3.2.1/PCI.CloudTrail.2 |
security-control/CloudTrail.3 |
|
pci-dss/v/3.2.1/PCI.CloudTrail.3 |
security-control/CloudTrail.4 |
|
pci-dss/v/3.2.1/PCI.CloudTrail.4 |
security-control/CloudTrail.5 |
|
pci-dss/v/3.2.1/PCI.CodeBuild.1 |
security-control/CodeBuild.1 |
|
pci-dss/v/3.2.1/PCI.CodeBuild.2 |
security-control/CodeBuild.2 |
|
pci-dss/v/3.2.1/PCI.Config.1 |
security-control/Config.1 |
|
pci-dss/v/3.2.1/PCI.CW.1 |
security-control/CloudWatch.1 |
|
pci-dss/v/3.2.1/PCI.DMS.1 |
security-control/DMS.1 |
|
pci-dss/v/3.2.1/PCI.EC2.1 |
security-control/EC2.1 |
|
pci-dss/v/3.2.1/PCI.EC2.2 |
security-control/EC2.2 |
|
pci-dss/v/3.2.1/PCI.EC2.4 |
security-control/EC2.12 |
|
pci-dss/v/3.2.1/PCI.EC2.5 |
security-control/EC2.13 |
|
pci-dss/v/3.2.1/PCI.EC2.6 |
security-control/EC2.6 |
|
pci-dss/v/3.2.1/PCI.ELBv2.1 |
security-control/ELB.1 |
|
pci-dss/v/3.2.1/PCI.ES.1 |
security-control/ES.2 |
|
pci-dss/v/3.2.1/PCI.ES.2 |
security-control/ES.1 |
|
pci-dss/v/3.2.1/PCI.GuardDuty.1 |
security-control/GuardDuty.1 |
|
pci-dss/v/3.2.1/PCI.IAM.1 |
security-control/IAM.4 |
|
pci-dss/v/3.2.1/PCI.IAM.2 |
security-control/IAM.2 |
|
pci-dss/v/3.2.1/PCI.IAM.3 |
security-control/IAM.1 |
|
pci-dss/v/3.2.1/PCI.IAM.4 |
security-control/IAM.6 |
|
pci-dss/v/3.2.1/PCI.IAM.5 |
security-control/IAM.9 |
|
pci-dss/v/3.2.1/PCI.IAM.6 |
security-control/IAM.19 |
|
pci-dss/v/3.2.1/PCI.IAM.7 |
security-control/IAM.8 |
|
pci-dss/v/3.2.1/PCI.IAM.8 |
security-control/IAM.10 |
|
pci-dss/v/3.2.1/PCI.KMS.1 |
security-control/KMS.4 |
|
pci-dss/v/3.2.1/PCI.Lambda.1 |
security-control/Lambda.1 |
|
pci-dss/v/3.2.1/PCI.Lambda.2 |
security-control/Lambda.3 |
|
pci-dss/v/3.2.1/PCI.Opensearch.1 |
security-control/Opensearch.2 |
|
pci-dss/v/3.2.1/PCI.Opensearch.2 |
security-control/Opensearch.1 |
|
pci-dss/v/3.2.1/PCI.RDS.1 |
security-control/RDS.1 |
|
pci-dss/v/3.2.1/PCI.RDS.2 |
security-control/RDS.2 |
|
pci-dss/v/3.2.1/PCI.Redshift.1 |
security-control/Redshift.1 |
|
pci-dss/v/3.2.1/PCI.S3.1 |
security-control/S3.3 |
|
pci-dss/v/3.2.1/PCI.S3.2 |
security-control/S3.2 |
|
pci-dss/v/3.2.1/PCI.S3.3 |
security-control/S3.7 |
|
pci-dss/v/3.2.1/PCI.S3.5 |
security-control/S3.5 |
|
pci-dss/v/3.2.1/PCI.S3.6 |
security-control/S3.1 |
|
pci-dss/v/3.2.1/PCI.SageMaker.1 |
security-control/SageMaker.1 |
|
pci-dss/v/3.2.1/PCI.SSM.1 |
security-control/SSM.2 |
|
pci-dss/v/3.2.1/PCI.SSM.2 |
security-control/SSM.3 |
|
pci-dss/v/3.2.1/PCI.SSM.3 |
security-control/SSM.1 |
|
service-managed-aws-control-tower/v/1.0.0/ACM.1 |
security-control/ACM.1 |
|
service-managed-aws-control-tower/v/1.0.0/APIGateway.1 |
security-control/APIGateway.1 |
|
service-managed-aws-control-tower/v/1.0.0/APIGateway.2 |
security-control/APIGateway.2 |
|
service-managed-aws-control-tower/v/1.0.0/APIGateway.3 |
security-control/APIGateway.3 |
|
service-managed-aws-control-tower/v/1.0.0/APIGateway.4 |
security-control/APIGateway.4 |
|
service-managed-aws-control-tower/v/1.0.0/APIGateway.5 |
security-control/APIGateway.5 |
|
service-managed-aws-control-tower/v/1.0.0/AutoScaling.1 |
security-control/AutoScaling.1 |
|
service-managed-aws-control-tower/v/1.0.0/AutoScaling.2 |
security-control/AutoScaling.2 |
|
service-managed-aws-control-tower/v/1.0.0/AutoScaling.3 |
security-control/AutoScaling.3 |
|
service-managed-aws-control-tower/v/1.0.0/AutoScaling.4 |
security-control/AutoScaling.4 |
|
service-managed-aws-control-tower/v/1.0.0/Autoscaling.5 |
security-control/Autoscaling.5 |
|
service-managed-aws-control-tower/v/1.0.0/AutoScaling.6 |
security-control/AutoScaling.6 |
|
service-managed-aws-control-tower/v/1.0.0/AutoScaling.9 |
security-control/AutoScaling.9 |
|
service-managed-aws-control-tower/v/1.0.0/CloudTrail.1 |
security-control/CloudTrail.1 |
|
service-managed-aws-control-tower/v/1.0.0/CloudTrail.2 |
security-control/CloudTrail.2 |
|
service-managed-aws-control-tower/v/1.0.0/CloudTrail.4 |
security-control/CloudTrail.4 |
|
service-managed-aws-control-tower/v/1.0.0/CloudTrail.5 |
security-control/CloudTrail.5 |
|
service-managed-aws-control-tower/v/1.0.0/CodeBuild.1 |
security-control/CodeBuild.1 |
|
service-managed-aws-control-tower/v/1.0.0/CodeBuild.2 |
security-control/CodeBuild.2 |
|
service-managed-aws-control-tower/v/1.0.0/CodeBuild.4 |
security-control/CodeBuild.4 |
|
service-managed-aws-control-tower/v/1.0.0/CodeBuild.5 |
security-control/CodeBuild.5 |
|
service-managed-aws-control-tower/v/1.0.0/DMS.1 |
security-control/DMS.1 |
|
service-managed-aws-control-tower/v/1.0.0/DynamoDB.1 |
security-control/DynamoDB.1 |
|
service-managed-aws-control-tower/v/1.0.0/DynamoDB.2 |
security-control/DynamoDB.2 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.1 |
security-control/EC2.1 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.2 |
security-control/EC2.2 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.3 |
security-control/EC2.3 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.4 |
security-control/EC2.4 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.6 |
security-control/EC2.6 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.7 |
security-control/EC2.7 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.8 |
security-control/EC2.8 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.9 |
security-control/EC2.9 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.10 |
security-control/EC2.10 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.15 |
security-control/EC2.15 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.16 |
security-control/EC2.16 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.17 |
security-control/EC2.17 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.18 |
security-control/EC2.18 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.19 |
security-control/EC2.19 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.20 |
security-control/EC2.20 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.21 |
security-control/EC2.21 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.22 |
security-control/EC2.22 |
|
service-managed-aws-control-tower/v/1.0.0/ECR.1 |
security-control/ECR.1 |
|
service-managed-aws-control-tower/v/1.0.0/ECR.2 |
security-control/ECR.2 |
|
service-managed-aws-control-tower/v/1.0.0/ECR.3 |
security-control/ECR.3 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.1 |
security-control/ECS.1 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.2 |
security-control/ECS.2 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.3 |
security-control/ECS.3 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.4 |
security-control/ECS.4 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.5 |
security-control/ECS.5 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.8 |
security-control/ECS.8 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.10 |
security-control/ECS.10 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.12 |
security-control/ECS.12 |
|
service-managed-aws-control-tower/v/1.0.0/EFS.1 |
security-control/EFS.1 |
|
service-managed-aws-control-tower/v/1.0.0/EFS.2 |
security-control/EFS.2 |
|
service-managed-aws-control-tower/v/1.0.0/EFS.3 |
security-control/EFS.3 |
|
service-managed-aws-control-tower/v/1.0.0/EFS.4 |
security-control/EFS.4 |
|
service-managed-aws-control-tower/v/1.0.0/EKS.2 |
security-control/EKS.2 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.2 |
security-control/ELB.2 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.3 |
security-control/ELB.3 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.4 |
security-control/ELB.4 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.5 |
security-control/ELB.5 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.6 |
security-control/ELB.6 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.7 |
security-control/ELB.7 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.8 |
security-control/ELB.8 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.9 |
security-control/ELB.9 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.10 |
security-control/ELB.10 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.12 |
security-control/ELB.12 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.13 |
security-control/ELB.13 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.14 |
security-control/ELB.14 |
|
service-managed-aws-control-tower/v/1.0.0/ELBv2.1 |
security-control/ELBv2.1 |
|
service-managed-aws-control-tower/v/1.0.0/EMR.1 |
security-control/EMR.1 |
|
service-managed-aws-control-tower/v/1.0.0/ES.1 |
security-control/ES.1 |
|
service-managed-aws-control-tower/v/1.0.0/ES.2 |
security-control/ES.2 |
|
service-managed-aws-control-tower/v/1.0.0/ES.3 |
security-control/ES.3 |
|
service-managed-aws-control-tower/v/1.0.0/ES.4 |
security-control/ES.4 |
|
service-managed-aws-control-tower/v/1.0.0/ES.5 |
security-control/ES.5 |
|
service-managed-aws-control-tower/v/1.0.0/ES.6 |
security-control/ES.6 |
|
service-managed-aws-control-tower/v/1.0.0/ES.7 |
security-control/ES.7 |
|
service-managed-aws-control-tower/v/1.0.0/ES.8 |
security-control/ES.8 |
|
service-managed-aws-control-tower/v/1.0.0/ElasticBeanstalk.1 |
security-control/ElasticBeanstalk.1 |
|
service-managed-aws-control-tower/v/1.0.0/ElasticBeanstalk.2 |
security-control/ElasticBeanstalk.2 |
|
service-managed-aws-control-tower/v/1.0.0/GuardDuty.1 |
security-control/GuardDuty.1 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.1 |
security-control/IAM.1 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.2 |
security-control/IAM.2 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.3 |
security-control/IAM.3 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.4 |
security-control/IAM.4 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.5 |
security-control/IAM.5 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.6 |
security-control/IAM.6 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.7 |
security-control/IAM.7 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.8 |
security-control/IAM.8 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.21 |
security-control/IAM.21 |
|
service-managed-aws-control-tower/v/1.0.0/Kinesis.1 |
security-control/Kinesis.1 |
|
service-managed-aws-control-tower/v/1.0.0/KMS.1 |
security-control/KMS.1 |
|
service-managed-aws-control-tower/v/1.0.0/KMS.2 |
security-control/KMS.2 |
|
service-managed-aws-control-tower/v/1.0.0/KMS.3 |
security-control/KMS.3 |
|
service-managed-aws-control-tower/v/1.0.0/Lambda.1 |
security-control/Lambda.1 |
|
service-managed-aws-control-tower/v/1.0.0/Lambda.2 |
security-control/Lambda.2 |
|
service-managed-aws-control-tower/v/1.0.0/Lambda.5 |
security-control/Lambda.5 |
|
service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.3 |
security-control/NetworkFirewall.3 |
|
service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.4 |
security-control/NetworkFirewall.4 |
|
service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.5 |
security-control/NetworkFirewall.5 |
|
service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.6 |
security-control/NetworkFirewall.6 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.1 |
security-control/Opensearch.1 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.2 |
security-control/Opensearch.2 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.3 |
security-control/Opensearch.3 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.4 |
security-control/Opensearch.4 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.5 |
security-control/Opensearch.5 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.6 |
security-control/Opensearch.6 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.7 |
security-control/Opensearch.7 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.8 |
security-control/Opensearch.8 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.1 |
security-control/RDS.1 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.2 |
security-control/RDS.2 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.3 |
security-control/RDS.3 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.4 |
security-control/RDS.4 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.5 |
security-control/RDS.5 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.6 |
security-control/RDS.6 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.8 |
security-control/RDS.8 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.9 |
security-control/RDS.9 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.10 |
security-control/RDS.10 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.11 |
security-control/RDS.11 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.13 |
security-control/RDS.13 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.17 |
security-control/RDS.17 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.18 |
security-control/RDS.18 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.19 |
security-control/RDS.19 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.20 |
security-control/RDS.20 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.21 |
security-control/RDS.21 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.22 |
security-control/RDS.22 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.23 |
security-control/RDS.23 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.25 |
security-control/RDS.25 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.1 |
security-control/Redshift.1 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.2 |
security-control/Redshift.2 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.4 |
security-control/Redshift.4 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.6 |
security-control/Redshift.6 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.7 |
security-control/Redshift。7 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.8 |
security-control/Redshift.8 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.9 |
security-control/Redshift.9 |
|
service-managed-aws-control-tower/v/1.0.0/S3.1 |
security-control/S3.1 |
|
service-managed-aws-control-tower/v/1.0.0/S3.2 |
security-control/S3.2 |
|
service-managed-aws-control-tower/v/1.0.0/S3.3 |
security-control/S3.3 |
|
service-managed-aws-control-tower/v/1.0.0/S3.5 |
security-control/S3.5 |
|
service-managed-aws-control-tower/v/1.0.0/S3.6 |
security-control/S3.6 |
|
service-managed-aws-control-tower/v/1.0.0/S3.8 |
security-control/S3.8 |
|
service-managed-aws-control-tower/v/1.0.0/S3.9 |
security-control/S3.9 |
|
service-managed-aws-control-tower/v/1.0.0/S3.12 |
security-control/S3.12 |
|
service-managed-aws-control-tower/v/1.0.0/S3.13 |
security-control/S3.13 |
|
service-managed-aws-control-tower/v/1.0.0/SageMaker.1 |
security-control/SageMaker.1 |
|
service-managed-aws-control-tower/v/1.0.0/SecretsManager.1 |
security-control/SecretsManager.1 |
|
service-managed-aws-control-tower/v/1.0.0/SecretsManager.2 |
security-control/SecretsManager.2 |
|
service-managed-aws-control-tower/v/1.0.0/SecretsManager.3 |
security-control/SecretsManager.3 |
|
service-managed-aws-control-tower/v/1.0.0/SecretsManager.4 |
security-control/SecretsManager.4 |
|
service-managed-aws-control-tower/v/1.0.0/SQS.1 |
security-control/SQS.1 |
|
service-managed-aws-control-tower/v/1.0.0/SSM.1 |
security-control/SSM.1 |
|
service-managed-aws-control-tower/v/1.0.0/SSM.2 |
security-control/SSM.2 |
|
service-managed-aws-control-tower/v/1.0.0/SSM.3 |
security-control/SSM.3 |
|
service-managed-aws-control-tower/v/1.0.0/SSM.4 |
security-control/SSM.4 |
|
service-managed-aws-control-tower/v/1.0.0/WAF.2 |
security-control/WAF.2 |
|
service-managed-aws-control-tower/v/1.0.0/WAF.3 |
security-control/WAF.3 |
|
service-managed-aws-control-tower/v/1.0.0/WAF.4 |
security-control/WAF.4 |
合併如何影響控制 IDs和標題
合併控制項檢視和合併的控制項調查結果會將控制 IDs和標題跨標準標準化。安全控制 ID 和安全控制標題一詞是指這些標準無關的值。
Security Hub CSPM 主控台會顯示標準無關的安全控制 IDs和安全控制標題,無論您的帳戶是否啟用或停用合併控制調查結果。不過,如果您的帳戶停用合併控制調查結果,Security Hub CSPM 調查結果會包含 PCI DSS 和 CIS v1.2.0 的標準特定控制標題。此外,Security Hub CSPM 調查結果包含標準特定的控制 ID 和安全控制 ID。如需整合如何影響控制調查結果的範例,請參閱 控制問題清單範例。
對於屬於AWS Control Tower 服務受管標準的控制項,啟用合併控制項問題清單時,會從問題清單中的控制項 ID 和標題CT.中移除字首。
若要在 Security Hub CSPM 中停用安全控制,您必須停用對應至安全控制的所有標準控制。下表顯示安全控制 IDs和標題與標準特定控制 IDs和標題的映射。屬於 AWS 基礎安全最佳實務 (FSBP) 標準的控制項 IDs 和標題已經是標準無關的。如需符合網際網路安全中心 (CIS) v3.0.0 要求的控制項映射,請參閱 將控制項映射至每個版本中的 CIS 需求。若要在此資料表上執行您自己的指令碼,您可以將其下載為 .csv 檔案。
| 標準 | 標準控制項 ID 和標題 | 安全控制 ID 和標題 |
|---|---|---|
|
CIS v1.2.0 |
1.1 避免使用根使用者 |
|
|
CIS v1.2.0 |
1.10 確保 IAM 密碼政策防止密碼重複使用 |
|
|
CIS v1.2.0 |
1.11 確保 IAM 密碼政策在 90 天內過期密碼 |
|
|
CIS v1.2.0 |
1.12 確保不存在根使用者存取金鑰 |
|
|
CIS v1.2.0 |
1.13 確定根使用者已啟用 MFA |
|
|
CIS v1.2.0 |
1.14 確定已啟用根使用者的硬體 MFA |
|
|
CIS v1.2.0 |
1.16 確保 IAM 政策僅連接到群組或角色 |
|
|
CIS v1.2.0 |
1.2 確保所有具有主控台密碼的 IAM 使用者都已啟用多重驗證 (MFA) |
|
|
CIS v1.2.0 |
1.20 確保已建立支援角色以使用 管理事件 支援 |
|
|
CIS v1.2.0 |
1.22 確保未建立允許完整 "*:*" 管理權限的 IAM 政策 |
|
|
CIS v1.2.0 |
1.3 確定停用 90 天 (含) 以上未使用的登入資料 |
|
|
CIS v1.2.0 |
1.4 確保每 90 天或更短期限輪換存取金鑰 |
|
|
CIS v1.2.0 |
1.5 確保 IAM 密碼政策至少需要一個大寫字母 |
|
|
CIS v1.2.0 |
1.6 確保 IAM 密碼政策至少需要一個小寫字母 |
|
|
CIS v1.2.0 |
1.7 確保 IAM 密碼政策至少需要一個符號 |
|
|
CIS v1.2.0 |
1.8 確保 IAM 密碼政策至少需要一個數字 |
|
|
CIS v1.2.0 |
1.9 確保 IAM 密碼政策要求密碼長度下限為 14 或更高 |
|
|
CIS v1.2.0 |
2.1 確保所有區域都已啟用 CloudTrail |
|
|
CIS v1.2.0 |
2.2 確保已啟用 CloudTrail 日誌檔案驗證 |
|
|
CIS v1.2.0 |
2.3 確保用於存放 CloudTrail 日誌的 S3 儲存貯體不可公開存取 |
|
|
CIS v1.2.0 |
2.4 確保 CloudTrail 追蹤與 CloudWatch Logs 整合 |
|
|
CIS v1.2.0 |
2.5 確保 AWS Config 已啟用 |
|
|
CIS v1.2.0 |
2.6 確保 CloudTrail S3 儲存貯體上已啟用 S3 儲存貯體存取記錄 |
|
|
CIS v1.2.0 |
2.7 確保使用 KMS CMKs對 CloudTrail 日誌進行靜態加密 |
|
|
CIS v1.2.0 |
2.8 確定輪換客戶建立的 CMK |
|
|
CIS v1.2.0 |
2.9 確定所有 VPC 中皆已啟用 VPC 流程記錄 |
|
|
CIS v1.2.0 |
3.1 確定未經授權的 API 呼叫中存在日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
3.10 確定安全群組變更存在日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
3.11 確定網路存取控制清單 (NACL) 變更存在日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
3.12 確定網路閘道變更存在日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
3.13 確定路由表變更存在日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
3.14 確定 VPC 變更存在日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
3.2 確保沒有 MFA 的管理主控台登入存在日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
3.3 確保根使用者的用量存在日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
3.4 確保 IAM 政策變更存在日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
3.5 確保 CloudTrail 組態變更存在日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
3.6 確保 AWS Management Console 存在驗證失敗的日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
3.7 確定停用或排定刪除客戶建立的 CMK,存在日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
3.8 確定 S3 儲存貯體政策變更存在日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
3.9 確保 AWS Config 組態變更存在日誌指標篩選條件和警示 |
|
|
CIS v1.2.0 |
4.1 確保無安全群組允許從 0.0.0.0/0 輸入連接埠 22 |
|
|
CIS v1.2.0 |
4.2 確保無安全群組允許從 0.0.0.0/0 輸入連接埠 3389 |
|
|
CIS v1.2.0 |
4.3 確保每個 VPC 的預設安全群組都會限制所有流量 |
|
|
CIS 1.4.0 版 |
1.10 確保所有具有主控台密碼的 IAM 使用者都已啟用多重要素驗證 (MFA) |
|
|
CIS 1.4.0 版 |
1.14 確保每 90 天或更短時間輪換存取金鑰 |
|
|
CIS 1.4.0 版 |
1.16 確保未連接允許完整 "*:*" 管理權限的 IAM 政策 |
|
|
CIS 1.4.0 版 |
1.17 確定已建立支援角色來使用 管理事件 支援 |
|
|
CIS 1.4.0 版 |
1.4 確保根使用者帳戶存取金鑰不存在 |
|
|
CIS 1.4.0 版 |
1.5 確定根使用者帳戶已啟用 MFA |
|
|
CIS 1.4.0 版 |
1.6 確定已啟用根使用者帳戶的硬體 MFA |
|
|
CIS 1.4.0 版 |
1.7 避免將根使用者用於管理和日常任務 |
|
|
CIS 1.4.0 版 |
1.8 確保 IAM 密碼政策的長度下限為 14 或更高 |
|
|
CIS 1.4.0 版 |
1.9 確保 IAM 密碼政策防止密碼重複使用 |
|
|
CIS 1.4.0 版 |
2.1.2 確保 S3 儲存貯體政策設定為拒絕 HTTP 請求 |
|
|
CIS 1.4.0 版 |
應啟用 2.1.5.1 S3 封鎖公開存取設定 |
|
|
CIS 1.4.0 版 |
2.1.5.2 S3 封鎖公開存取設定應在儲存貯體層級啟用 |
|
|
CIS 1.4.0 版 |
2.2.1 確保已啟用 EBS 磁碟區加密 |
|
|
CIS 1.4.0 版 |
2.3.1 確定已啟用 RDS 執行個體的加密 |
|
|
CIS 1.4.0 版 |
3.1 確保所有區域都已啟用 CloudTrail |
|
|
CIS 1.4.0 版 |
3.2 確保已啟用 CloudTrail 日誌檔案驗證 |
|
|
CIS 1.4.0 版 |
3.4 確保 CloudTrail 追蹤與 CloudWatch Logs 整合 |
|
|
CIS 1.4.0 版 |
3.5 確保所有區域 AWS Config 都已啟用 |
|
|
CIS 1.4.0 版 |
3.6 確保 CloudTrail S3 儲存貯體上已啟用 S3 儲存貯體存取記錄 |
|
|
CIS 1.4.0 版 |
3.7 確保使用 KMS CMKs對 CloudTrail 日誌進行靜態加密 |
|
|
CIS 1.4.0 版 |
3.8 確保已啟用客戶建立CMKs 輪換 |
|
|
CIS 1.4.0 版 |
3.9 確保所有 VPC 中都已啟用 VPCs流程記錄 |
|
|
CIS 1.4.0 版 |
4.4 確保 IAM 政策變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.5 確保 CloudTrail 組態變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.6 確保 AWS Management Console 驗證失敗時存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.7 確保日誌指標篩選條件和警示存在,以停用或排程刪除客戶建立的 CMKs |
|
|
CIS 1.4.0 版 |
4.8 確保 S3 儲存貯體政策變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.9 確保 AWS Config 組態變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.10 確保安全群組變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.11 確保網路存取控制清單 (NACL) 的變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.12 確保網路閘道變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.13 確保路由表變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.14 確保 VPC 變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
5.1 確保網路 ACLs 不允許從 0.0.0.0/0 傳入遠端伺服器管理連接埠 |
|
|
CIS 1.4.0 版 |
5.3 確保每個 VPC 的預設安全群組限制所有流量 |
|
|
PCI DSS v3.2.1 |
與負載平衡器相關聯的 PCI.AutoScaling.1 Auto Scaling 群組應使用負載平衡器運作狀態檢查 |
|
|
PCI DSS v3.2.1 |
PCI.CloudTrail.1 CloudTrail 日誌應使用 AWS KMS CMKs 進行靜態加密 |
|
|
PCI DSS v3.2.1 |
應啟用 PCI.CloudTrail.2 CloudTrail |
|
|
PCI DSS v3.2.1 |
應啟用 PCI.CloudTrail.3 CloudTrail 日誌檔案驗證 |
|
|
PCI DSS v3.2.1 |
PCI.CloudTrail.4 CloudTrail 追蹤應與 Amazon CloudWatch Logs 整合 |
|
|
PCI DSS v3.2.1 |
PCI.CodeBuild.1 CodeBuild GitHub 或 Bitbucket 來源儲存庫 URLs應使用 OAuth |
|
|
PCI DSS v3.2.1 |
PCI.CodeBuild.2 CodeBuild 專案環境變數不應包含純文字登入資料 |
|
|
PCI DSS v3.2.1 |
AWS Config 應啟用 PCI.Config.1 |
|
|
PCI DSS v3.2.1 |
PCI.CW.1 應使用「根」使用者的日誌指標篩選條件和警示 |
|
|
PCI DSS v3.2.1 |
PCI.DMS.1 Database Migration Service 複寫執行個體不應為公有 |
|
|
PCI DSS v3.2.1 |
PCI.EC2.1 EBS 快照不應可公開還原 |
|
|
PCI DSS v3.2.1 |
PCI.EC2.2 VPC 預設安全群組應禁止傳入和傳出流量 |
|
|
PCI DSS v3.2.1 |
應移除 PCI.EC2.4 未使用的 EC2 EIPs |
|
|
PCI DSS v3.2.1 |
PCI.EC2.5 安全群組不應允許從 0.0.0.0/0 傳入連接埠 22 |
|
|
PCI DSS v3.2.1 |
應在所有 VPC 中啟用 PCI.EC2.6 VPCs 流程記錄 |
|
|
PCI DSS v3.2.1 |
PCI.ELBv2.1 Application Load Balancer 應設定為將所有 HTTP 請求重新導向至 HTTPS |
【ELB.1】 Application Load Balancer 應設定為將所有 HTTP 請求重新導向至 HTTPS |
|
PCI DSS v3.2.1 |
PCI.ES.1 Elasticsearch 網域應該位於 VPC 中 |
|
|
PCI DSS v3.2.1 |
PCI.ES.2 Elasticsearch 網域應該啟用靜態加密 |
|
|
PCI DSS v3.2.1 |
應啟用 PCI.GuardDuty.1 GuardDuty |
|
|
PCI DSS v3.2.1 |
PCI.IAM.1 IAM 根使用者存取金鑰不應存在 |
|
|
PCI DSS v3.2.1 |
PCI.IAM.2 IAM 使用者不應連接 IAM 政策 |
|
|
PCI DSS v3.2.1 |
PCI.IAM.3 IAM 政策不應允許完整的「*」管理權限 |
|
|
PCI DSS v3.2.1 |
應為根使用者啟用 PCI.IAM.4 硬體 MFA |
|
|
PCI DSS v3.2.1 |
應為根使用者啟用 PCI.IAM.5 Virtual MFA |
|
|
PCI DSS v3.2.1 |
應為所有 IAM 使用者啟用 PCI.IAM.6 MFA |
|
|
PCI DSS v3.2.1 |
如果未在預先定義的天數內使用 PCI.IAM.7 IAM 使用者憑證,則應停用 |
|
|
PCI DSS v3.2.1 |
IAM 使用者適用的 PCI.IAM.8 密碼政策應具有強大的組態 |
|
|
PCI DSS v3.2.1 |
應啟用 PCI.KMS.1 客戶主金鑰 (CMK) 輪換 |
|
|
PCI DSS v3.2.1 |
PCI.Lambda.1 Lambda 函數應禁止公開存取 |
|
|
PCI DSS v3.2.1 |
PCI.Lambda.2 Lambda 函數應該位於 VPC 中 |
|
|
PCI DSS v3.2.1 |
PCI.Opensearch.1 OpenSearch 網域應該位於 VPC 中 |
|
|
PCI DSS v3.2.1 |
PCI.Opensearch.2 EBS 快照不應可公開還原 |
|
|
PCI DSS v3.2.1 |
PCI.RDS.1 RDS 快照應為私有 |
|
|
PCI DSS v3.2.1 |
PCI.RDS.2 RDS 資料庫執行個體應禁止公開存取 |
|
|
PCI DSS v3.2.1 |
PCI.Redshift.1 Amazon Redshift 叢集應禁止公開存取 |
|
|
PCI DSS v3.2.1 |
PCI.S3.1 S3 儲存貯體應禁止公有寫入存取 |
|
|
PCI DSS v3.2.1 |
PCI.S3.2 S3 儲存貯體應禁止公開讀取存取 |
|
|
PCI DSS v3.2.1 |
PCI.S3.3 S3 儲存貯體應啟用跨區域複寫 |
|
|
PCI DSS v3.2.1 |
PCI.S3.5 S3 儲存貯體應要求請求使用 Secure Socket Layer |
|
|
PCI DSS v3.2.1 |
應啟用 PCI.S3.6 S3 封鎖公開存取設定 |
|
|
PCI DSS v3.2.1 |
PCI.SageMaker.1 Amazon SageMaker 筆記本執行個體不應具有直接網際網路存取 |
|
|
PCI DSS v3.2.1 |
Systems Manager 管理的 PCI.SSM.1 EC2 執行個體在修補程式安裝後應具有 COMPLIANT 的修補程式合規狀態 |
【SSM.2】 Systems Manager 管理的 Amazon EC2 執行個體在修補程式安裝後應具有 COMPLIANT 的修補程式合規狀態 |
|
PCI DSS v3.2.1 |
Systems Manager 管理的 PCI.SSM.2 EC2 執行個體應具有 COMPLIANT 的關聯合規狀態 |
【SSM.3】 Systems Manager 管理的 Amazon EC2 執行個體應具有 COMPLIANT 的關聯合規狀態 |
|
PCI DSS v3.2.1 |
PCI.SSM.3 EC2 執行個體應該由 管理 AWS Systems Manager |
更新整合的工作流程
如果您的工作流程不依賴控制調查結果中任何欄位的特定格式,則不需要任何動作。
如果您的工作流程依賴控制調查結果中一或多個欄位的特定格式,如上表所述,您應該更新工作流程。例如,如果您建立的 Amazon EventBridge 規則觸發特定控制項 ID 的動作,例如在控制項 ID 等於 CIS 2.7 時叫用 AWS Lambda 函數,請更新規則以使用 CloudTrail.2,這是該控制項 Compliance.SecurityControlId 欄位的值。
如果您建立的自訂洞見使用任何已變更的欄位或值,請更新這些洞見以使用新的欄位或值。
