本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
合併對ASFF欄位和值的影響
Security Hub 提供兩種類型的整合:
-
合併控制項檢視 (一律開啟;無法關閉) – 每個控制項都有一個跨標準的識別碼。Security Hub 主控台的控制項頁面會顯示跨標準的所有控制項。
-
合併控制問題清單 (可以開啟或關閉) – 開啟合併控制問題清單時,即使跨多個標準共用檢查,Security Hub 也會為安全檢查產生單一問題清單。這是為了減少調查結果雜訊。如果您在 2023 年 2 月 23 日或之後啟用 Security Hub,則預設會為您開啟合併控制問題清單。否則,預設會將其關閉。不過,只有在管理員帳戶中開啟合併控制問題清單時,才會在 Security Hub 成員帳戶中開啟。如果在管理員帳戶中關閉此功能,則會在成員帳戶中關閉此功能。如需開啟此功能的說明,請參閱 合併的控制問題清單。
這兩個功能都會帶來變更,以控制 中的調查結果欄位和值AWS 安全調查結果格式 (ASFF)。本節摘要說明這些變更。
合併控制項檢視 – ASFF變更
合併控制項檢視功能引入了下列變更,以控制 中的調查結果欄位和值ASFF。
如果您的工作流程不依賴這些控制項調查結果欄位的值,則不需要採取任何動作。
如果您有依賴這些控制項問題清單欄位特定值的工作流程,請更新您的工作流程以使用目前的值。
| ASFF 欄位 | 合併控制項檢視之前的範本值 | 合併控制項檢視之後的範例值,加上變更說明 |
|---|---|---|
|
合規。SecurityControlId |
不適用 (新欄位) |
EC22. 跨標準引進單一控制項 ID。 |
|
合規。AssociatedStandards |
不適用 (新欄位) |
【{"StandardsId": "standards/aws-foundational-security-best-practices/v/1.0.0"}】 顯示要在哪些標準中啟用控制項。 |
|
ProductFields.ArchivalReasons:0/Description |
不適用 (新欄位) |
「調查結果處於 ARCHIVED 狀態,因為已開啟或關閉合併控制調查結果。這會導致在產生新的問題清單時,封存先前狀態中的問題清單。」 說明 Security Hub 封存現有問題清單的原因。 |
|
ProductFields.ArchivalReasons:0/ReasonCode |
不適用 (新欄位) |
"CONSOLIDATED_CONTROL_FINDINGS_UPDATE" 提供 Security Hub 封存現有問題清單的原因。 |
|
ProductFields.RecommendationUrl |
https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation |
https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此欄位不再參考標準。 |
|
Remediation.Recommendation.Text |
「如需如何修正此問題的指示,請參閱 AWS Security Hub PCI DSS 文件。」 |
「如需如何修正此問題的指示,請參閱 AWS Security Hub 控制文件。」 此欄位不再參考標準。 |
|
Remediation.Recommendation.Url |
https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation |
https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此欄位不再參考標準。 |
合併控制問題清單 – ASFF變更
如果您開啟合併控制問題清單,您可能會受到下列變更的影響,以控制 中的問題清單欄位和值ASFF。除了先前針對合併控制項檢視所述的變更之外,這些變更也是額外的。
如果您的工作流程不依賴這些控制項調查結果欄位的值,則不需要任何動作。
如果您有依賴這些控制項問題清單欄位特定值的工作流程,請更新您的工作流程以使用目前的值。
注意
v2 AWS .0.0 上的自動安全回應
| ASFF 欄位 | 開啟合併控制問題清單之前的範例值 | 開啟合併控制問題清單後的範例值,以及變更的說明 |
|---|---|---|
| GeneratorId | aws-foundational-security-best-practices/v/1.0.0/Config.1 | security-control/Config.1 此欄位不再參考標準。 |
| Title | PCI AWS Config 應啟用 .Config.1 | AWS Config 應該啟用 此欄位不再參考標準特定資訊。 |
| Id |
arn:aws:securityhub:eu-central-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.IAM.5/finding/ab6d6a26-a156-48f0-9403-115983e5a956 |
arn:aws:securityhub:eu-central-1:123456789012:security-control/iam.9/finding/ab6d6a26-a156-48f0-9403-115983e5a956 此欄位不再參考標準。 |
| ProductFields.ControlId | PCI.EC2.2 | 已移除。請Compliance.SecurityControlId改為參閱 。此欄位會移除,以偏好單一、標準不獨立控制 ID。 |
| ProductFields.RuleId | 1.3 | 已移除。請Compliance.SecurityControlId改為參閱 。此欄位會移除,以偏好單一、標準不獨立控制 ID。 |
| 描述 | 此PCIDSS控制項會檢查目前帳戶和區域中 AWS Config 是否已啟用 。 | 此 AWS 控制項會檢查目前帳戶和區域中是否 AWS Config 已啟用 。 此欄位不再參考標準。 |
| 嚴重性 |
"嚴重性": { "產品":90, "標籤": "CRITICAL", 「標準化」:90、 "原始": "CRITICAL" } |
"嚴重性": { "標籤": "CRITICAL", 「標準化」:90、 "原始": "CRITICAL" } Security Hub 不再使用產品欄位來描述調查結果的嚴重性。 |
| 類型 | 【「軟體和組態 Checks/Industry and Regulatory Standards/PCI-DSS」】 | 【「軟體和組態檢查/產業和法規標準」】 此欄位不再參考標準。 |
| 合規。RelatedRequirements |
【"PCI DSS 10.5.2", "PCI DSS 11.5", 「CIS AWS 基礎 2.5」 |
【"PCI DSS v3.2.1/10.5.2", "PCI DSS v3.2.1/11.5", 「CIS AWS 基礎基準 1.2.0/2.5 版」 此欄位顯示所有啟用標準的相關要求。 |
| CreatedAt | 2022-05-05T08:18:13.138Z | 2022-09-25T08:18:13.138Z 格式保持不變,但值會在您開啟合併控制問題清單時重設。 |
| FirstObservedAt | 2022-05-07T08:18:13.138Z | 2022-09-28T08:18:13.138Z 格式保持不變,但值會在您開啟合併控制問題清單時重設。 |
| ProductFields.RecommendationUrl | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation | 已移除。請Remediation.Recommendation.Url改為參閱 。 |
| ProductFields.StandardsArn |
arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0 |
已移除。請Compliance.AssociatedStandards改為參閱 。 |
| ProductFields.StandardsControlArn |
arn:aws:securityhub:us-east-1:123456789012:control/aws-foundational-security-best-practices/v/1.0.0/Config.1 |
已移除。Security Hub 會產生一個問題清單,用於跨標準進行安全檢查。 |
| ProductFields.StandardsGuideArn | arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0 | 已移除。請Compliance.AssociatedStandards改為參閱 。 |
| ProductFields.StandardsGuideSubscriptionArn | arn:aws:securityhub:us-east-2:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0 | 已移除。Security Hub 會產生一個問題清單,用於跨標準進行安全檢查。 |
| ProductFields.StandardsSubscriptionArn | arn:aws:securityhub:us-east-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0 | 已移除。Security Hub 會產生一個問題清單,用於跨標準進行安全檢查。 |
| ProductFields.aws/securityhub/FindingId | arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0/Config.1/finding/751c2173-7372-4e12-8656-a5210dfb1d67 | arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:security-control/Config.1/finding/751c2173-7372-4e12-8656-a5210dfb1d67 此欄位不再參考標準。 |
開啟合併控制問題清單後,客戶提供ASFF欄位的值
如果您開啟合併的控制問題清單,Security Hub 會跨標準產生一個問題清單,並封存原始問題清單 (每個標準都有不同的問題清單)。若要檢視封存的問題清單,您可以造訪 Security Hub 主控台的調查結果頁面,並將記錄狀態篩選條件設定為 ARCHIVED,或使用 GetFindingsAPI動作。您在 Security Hub 主控台或使用 對原始調查結果所做的更新BatchUpdateFindingsAPI,將不會保留在新的調查結果中 (如有需要,您可以參考封存的調查結果來復原此資料)。
| 客戶提供ASFF的欄位 | 開啟合併控制問題清單後變更的說明 |
|---|---|
| 可信度 | 重設為空白狀態。 |
| 重要性 | 重設為空白狀態。 |
| 注意 | 重設為空白狀態。 |
| RelatedFindings | 重設為空白狀態。 |
| 嚴重性 | 調查結果的預設嚴重性 (符合控制項的嚴重性)。 |
| 類型 | 重設為標準無關值。 |
| UserDefinedFields | 重設為空白狀態。 |
| VerificationState | 重設為空白狀態。 |
| 工作流程 | 新的失敗問題清單預設值為 NEW。新傳遞的調查結果預設值為 RESOLVED。 |
開啟合併控制問題清單IDs前後的產生器
以下是當您開啟合併控制問題清單時,控制項的產生器 ID 變更清單。這些適用於自 2023 年 2 月 15 日起 Security Hub 支援的控制項。
| 開啟合併控制問題清單前的 GeneratorID | 開啟合併控制問題清單後的 GeneratorID |
|---|---|
|
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.1 |
security-control/CloudWatch.1 |
|
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.10 |
security-control/IAM.16 |
|
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.11 |
security-control/IAM.17 |
|
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.12 |
security-control/IAM.4 |
|
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.13 |
security-control/IAM.9 |
|
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.14 |
security-control/IAM.6 |
|
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.16 |
security-control/IAM.2 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.2 |
security-control/IAM.5 |
|
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.20 |
security-control/IAM.18 |
|
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.22 |
security-control/IAM.1 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.3 |
security-control/IAM.8 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.4 |
security-control/IAM.3 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.5 |
security-control/IAM.11 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.6 |
security-control/IAM.12 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.7 |
security-control/IAM.13 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.8 |
security-control/IAM.14 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.9 |
security-control/IAM.15 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.1 |
security-control/CloudTrail.1 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.2 |
security-control/CloudTrail.4 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.3 |
security-control/CloudTrail.6 |
|
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.4 |
security-control/CloudTrail.5 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.5 |
security-control/Config.1 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.6 |
security-control/CloudTrail.7 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.7 |
security-control/CloudTrail.2 |
|
arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.8 |
security-control/KMS.4 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.9 |
security-control/EC2.6 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.1 |
security-control/CloudWatch.2 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.2 |
security-control/CloudWatch.3 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.3 |
security-control/CloudWatch.1 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.4 |
security-control/CloudWatch.4 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.5 |
security-control/CloudWatch.5 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.6 |
security-control/CloudWatch.6 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.7 |
security-control/CloudWatch.7 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.8 |
security-control/CloudWatch.8 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.9 |
security-control/CloudWatch.9 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.10 |
security-control/CloudWatch.10 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.11 |
security-control/CloudWatch.11 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.12 |
security-control/CloudWatch.12 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.13 |
security-control/CloudWatch.13 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.14 |
security-control/CloudWatch.14 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.1 |
security-control/EC2.13 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.2 |
security-control/EC2.14 |
|
arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.3 |
security-control/EC2.2 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.10 |
security-control/IAM.5 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.14 |
security-control/IAM.3 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.16 |
security-control/IAM.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.17 |
security-control/IAM.18 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.4 |
security-control/IAM.4 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.5 |
security-control/IAM.9 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.6 |
security-control/IAM.6 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.7 |
security-control/CloudWatch.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.8 |
security-control/IAM.15 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.9 |
security-control/IAM.16 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.1.2 |
security-control/S3.5 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.1.5.1 |
security-control/S3.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.1.5.2 |
security-control/S3.8 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.2.1 |
security-control/EC2.7 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.3.1 |
security-control/RDS.3 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.1 |
security-control/CloudTrail.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.2 |
security-control/CloudTrail.4 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.4 |
security-control/CloudTrail.5 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.5 |
security-control/Config.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.6 |
security-control/S3.9 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.7 |
security-control/CloudTrail.2 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.8 |
security-control/KMS.4 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.9 |
security-control/EC2.6 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.3 |
security-control/CloudWatch.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.4 |
security-control/CloudWatch.4 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.5 |
security-control/CloudWatch.5 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.6 |
security-control/CloudWatch.6 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.7 |
security-control/CloudWatch.7 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.8 |
security-control/CloudWatch.8 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.9 |
security-control/CloudWatch.9 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.10 |
security-control/CloudWatch.10 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.11 |
security-control/CloudWatch.11 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.12 |
security-control/CloudWatch.12 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.13 |
security-control/CloudWatch.13 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.14 |
security-control/CloudWatch.14 |
|
cis-aws-foundations-benchmark/v/1.4.0/5.1 |
security-control/EC2.21 |
|
cis-aws-foundations-benchmark/v/1.4.0/5.3 |
security-control/EC2.2 |
|
aws-foundational-security-best-practices/v/1.0.0/Account.1 |
security-control/Account.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ACM.1 |
security-control/ACM.1 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.1 |
security-control/APIGateway.1 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.2 |
security-control/APIGateway.2 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.3 |
security-control/APIGateway.3 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.4 |
security-control/APIGateway.4 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.5 |
security-control/APIGateway.5 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.8 |
security-control/APIGateway.8 |
|
aws-foundational-security-best-practices/v/1.0.0/APIGateway.9 |
security-control/APIGateway.9 |
|
aws-foundational-security-best-practices/v/1.0.0/AutoScaling.1 |
security-control/AutoScaling.1 |
|
aws-foundational-security-best-practices/v/1.0.0/AutoScaling.2 |
security-control/AutoScaling.2 |
|
aws-foundational-security-best-practices/v/1.0.0/AutoScaling.3 |
security-control/AutoScaling.3 |
|
aws-foundational-security-best-practices/v/1.0.0/Autoscaling.5 |
security-control/Autoscaling.5 |
|
aws-foundational-security-best-practices/v/1.0.0/AutoScaling.6 |
security-control/AutoScaling.6 |
|
aws-foundational-security-best-practices/v/1.0.0/AutoScaling.9 |
security-control/AutoScaling.9 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.1 |
security-control/CloudFront.1 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.3 |
security-control/CloudFront.3 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.4 |
security-control/CloudFront.4 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.5 |
security-control/CloudFront.5 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.6 |
security-control/CloudFront.6 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.7 |
security-control/CloudFront.7 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.8 |
security-control/CloudFront.8 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.9 |
security-control/CloudFront.9 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.10 |
security-control/CloudFront.10 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudFront.12 |
security-control/CloudFront.12 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudTrail.1 |
security-control/CloudTrail.1 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2 |
security-control/CloudTrail.2 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudTrail.4 |
security-control/CloudTrail.4 |
|
aws-foundational-security-best-practices/v/1.0.0/CloudTrail.5 |
security-control/CloudTrail.5 |
|
aws-foundational-security-best-practices/v/1.0.0/CodeBuild.1 |
security-control/CodeBuild.1 |
|
aws-foundational-security-best-practices/v/1.0.0/CodeBuild.2 |
security-control/CodeBuild.2 |
|
aws-foundational-security-best-practices/v/1.0.0/CodeBuild.3 |
security-control/CodeBuild.3 |
|
aws-foundational-security-best-practices/v/1.0.0/CodeBuild.4 |
security-control/CodeBuild.4 |
|
aws-foundational-security-best-practices/v/1.0.0/Config.1 |
security-control/Config.1 |
|
aws-foundational-security-best-practices/v/1.0.0/DMS.1 |
security-control/DMS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/DynamoDB.1 |
security-control/DynamoDB.1 |
|
aws-foundational-security-best-practices/v/1.0.0/DynamoDB.2 |
security-control/DynamoDB.2 |
|
aws-foundational-security-best-practices/v/1.0.0/DynamoDB.3 |
security-control/DynamoDB.3 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.1 |
security-control/EC2.1 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.3 |
security-control/EC2.3 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.4 |
security-control/EC2.4 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.6 |
security-control/EC2.6 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.7 |
security-control/EC2.7 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.8 |
security-control/EC2.8 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.9 |
security-control/EC2.9 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.10 |
security-control/EC2.10 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.15 |
security-control/EC2.15 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.16 |
security-control/EC2.16 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.17 |
security-control/EC2.17 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.18 |
security-control/EC2.18 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.19 |
security-control/EC2.19 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.2 |
security-control/EC2.2 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.20 |
security-control/EC2.20 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.21 |
security-control/EC2.21 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.23 |
security-control/EC2.23 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.24 |
security-control/EC2.24 |
|
aws-foundational-security-best-practices/v/1.0.0/EC2.25 |
security-control/EC2.25 |
|
aws-foundational-security-best-practices/v/1.0.0/ECR.1 |
security-control/ECR.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ECR.2 |
security-control/ECR.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ECR.3 |
security-control/ECR.3 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.1 |
security-control/ECS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.10 |
security-control/ECS.10 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.12 |
security-control/ECS.12 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.2 |
security-control/ECS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.3 |
security-control/ECS.3 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.4 |
security-control/ECS.4 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.5 |
security-control/ECS.5 |
|
aws-foundational-security-best-practices/v/1.0.0/ECS.8 |
security-control/ECS.8 |
|
aws-foundational-security-best-practices/v/1.0.0/EFS.1 |
security-control/EFS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/EFS.2 |
security-control/EFS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/EFS.3 |
security-control/EFS.3 |
|
aws-foundational-security-best-practices/v/1.0.0/EFS.4 |
security-control/EFS.4 |
|
aws-foundational-security-best-practices/v/1.0.0/EKS.2 |
security-control/EKS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ElasticBeanstalk.1 |
security-control/ElasticBeanstalk.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ElasticBeanstalk.2 |
security-control/ElasticBeanstalk.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ELBv2.1 |
security-control/ELB.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.2 |
security-control/ELB.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.3 |
security-control/ELB.3 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.4 |
security-control/ELB.4 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.5 |
security-control/ELB.5 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.6 |
security-control/ELB.6 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.7 |
security-control/ELB.7 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.8 |
security-control/ELB.8 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.9 |
security-control/ELB.9 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.10 |
security-control/ELB.10 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.11 |
security-control/ELB.11 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.12 |
security-control/ELB.12 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.13 |
security-control/ELB.13 |
|
aws-foundational-security-best-practices/v/1.0.0/ELB.14 |
security-control/ELB.14 |
|
aws-foundational-security-best-practices/v/1.0.0/EMR.1 |
security-control/EMR.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.1 |
security-control/ES.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.2 |
security-control/ES.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.3 |
security-control/ES.3 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.4 |
security-control/ES.4 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.5 |
security-control/ES.5 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.6 |
security-control/ES.6 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.7 |
security-control/ES.7 |
|
aws-foundational-security-best-practices/v/1.0.0/ES.8 |
security-control/ES.8 |
|
aws-foundational-security-best-practices/v/1.0.0/GuardDuty.1 |
security-control/GuardDuty.1 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.1 |
security-control/IAM.1 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.2 |
security-control/IAM.2 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.21 |
security-control/IAM.21 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.3 |
security-control/IAM.3 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.4 |
security-control/IAM.4 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.5 |
security-control/IAM.5 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.6 |
security-control/IAM.6 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.7 |
security-control/IAM.7 |
|
aws-foundational-security-best-practices/v/1.0.0/IAM.8 |
security-control/IAM.8 |
|
aws-foundational-security-best-practices/v/1.0.0/Kinesis.1 |
security-control/Kinesis.1 |
|
aws-foundational-security-best-practices/v/1.0.0/KMS.1 |
security-control/KMS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/KMS.2 |
security-control/KMS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/KMS.3 |
security-control/KMS.3 |
|
aws-foundational-security-best-practices/v/1.0.0/Lambda.1 |
security-control/Lambda.1 |
|
aws-foundational-security-best-practices/v/1.0.0/Lambda.2 |
security-control/Lambda.2 |
|
aws-foundational-security-best-practices/v/1.0.0/Lambda.5 |
security-control/Lambda.5 |
|
aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.3 |
security-control/NetworkFirewall.3 |
|
aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.4 |
security-control/NetworkFirewall.4 |
|
aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.5 |
security-control/NetworkFirewall.5 |
|
aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.6 |
security-control/NetworkFirewall.6 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.1 |
security-control/Opensearch.1 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.2 |
security-control/Opensearch.2 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.3 |
security-control/Opensearch.3 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.4 |
security-control/Opensearch.4 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.5 |
security-control/Opensearch.5 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.6 |
security-control/Opensearch.6 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.7 |
security-control/Opensearch.7 |
|
aws-foundational-security-best-practices/v/1.0.0/Opensearch.8 |
security-control/Opensearch.8 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.1 |
security-control/RDS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.10 |
security-control/RDS.10 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.11 |
security-control/RDS.11 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.12 |
security-control/RDS.12 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.13 |
security-control/RDS.13 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.14 |
security-control/RDS.14 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.15 |
security-control/RDS.15 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.16 |
security-control/RDS.16 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.17 |
security-control/RDS.17 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.18 |
security-control/RDS.18 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.19 |
security-control/RDS.19 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.2 |
security-control/RDS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.20 |
security-control/RDS.20 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.21 |
security-control/RDS.21 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.22 |
security-control/RDS.22 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.23 |
security-control/RDS.23 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.24 |
security-control/RDS.24 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.25 |
security-control/RDS.25 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.3 |
security-control/RDS.3 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.4 |
security-control/RDS.4 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.5 |
security-control/RDS.5 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.6 |
security-control/RDS.6 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.7 |
security-control/RDS.7 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.8 |
security-control/RDS.8 |
|
aws-foundational-security-best-practices/v/1.0.0/RDS.9 |
security-control/RDS.9 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.1 |
security-control/Redshift.1 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.2 |
security-control/Redshift.2 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.3 |
security-control/Redshift.3 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.4 |
security-control/Redshift.4 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.6 |
security-control/Redshift。6 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.7 |
security-control/Redshift。7 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.8 |
security-control/Redshift。8 |
|
aws-foundational-security-best-practices/v/1.0.0/Redshift.9 |
security-control/Redshift.9 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.1 |
security-control/S3.1 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.12 |
security-control/S3.12 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.13 |
security-control/S3.13 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.2 |
security-control/S3.2 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.3 |
security-control/S3.3 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.5 |
security-control/S3.5 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.6 |
security-control/S3.6 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.8 |
security-control/S3.8 |
|
aws-foundational-security-best-practices/v/1.0.0/S3.9 |
security-control/S3.9 |
|
aws-foundational-security-best-practices/v/1.0.0/SageMaker AI.1 |
security-control/SageMaker AI.1 |
|
aws-foundational-security-best-practices/v/1.0.0/SageMaker AI.2 |
security-control/SageMaker AI.2 |
|
aws-foundational-security-best-practices/v/1.0.0/SageMaker AI.3 |
security-control/SageMaker AI.3 |
|
aws-foundational-security-best-practices/v/1.0.0/SecretsManager.1 |
security-control/SecretsManager.1 |
|
aws-foundational-security-best-practices/v/1.0.0/SecretsManager.2 |
security-control/SecretsManager.2 |
|
aws-foundational-security-best-practices/v/1.0.0/SecretsManager.3 |
security-control/SecretsManager.3 |
|
aws-foundational-security-best-practices/v/1.0.0/SecretsManager.4 |
security-control/SecretsManager.4 |
|
aws-foundational-security-best-practices/v/1.0.0/SQS.1 |
security-control/SQS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/SSM.1 |
security-control/SSM.1 |
|
aws-foundational-security-best-practices/v/1.0.0/SSM.2 |
security-control/SSM.2 |
|
aws-foundational-security-best-practices/v/1.0.0/SSM.3 |
security-control/SSM.3 |
|
aws-foundational-security-best-practices/v/1.0.0/SSM.4 |
security-control/SSM.4 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.1 |
security-control/WAF.1 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.2 |
security-control/WAF.2 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.3 |
security-control/WAF.3 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.4 |
security-control/WAF.4 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.6 |
security-control/WAF.6 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.7 |
security-control/WAF.7 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.8 |
security-control/WAF.8 |
|
aws-foundational-security-best-practices/v/1.0.0/WAF.10 |
security-control/WAF.10 |
|
pci-dss/v/3.2.1/PCI.AutoScaling.1 |
security-control/AutoScaling.1 |
|
pci-dss/v/3.2.1/PCI.CloudTrail.1 |
security-control/CloudTrail.2 |
|
pci-dss/v/3.2.1/PCICloudTrail.2 |
security-control/CloudTrail.3 |
|
pci-dss/v/3.2.1/PCICloudTrail.3 |
security-control/CloudTrail.4 |
|
pci-dss/v/3.2.1/PCICloudTrail.4 |
security-control/CloudTrail.5 |
|
pci-dss/v/3.2.1/PCI.CodeBuild.1 |
security-control/CodeBuild.1 |
|
pci-dss/v/3.2.1/PCICodeBuild..2 |
security-control/CodeBuild.2 |
|
pci-dss/v/3.2.1/PCI。Config.1 |
security-control/Config.1 |
|
pci-dss/v/3.2.1/PCI。CW.1 |
security-control/CloudWatch.1 |
|
pci-dss/v/3.2.1/PCI.DMS.1 |
security-control/DMS.1 |
|
pci-dss/v/3.2.1/PCI.EC2.1 |
security-control/EC2.1 |
|
pci-dss/v/3.2.1/PCIEC2..2 |
security-control/EC2.2 |
|
pci-dss/v/3.2.1/PCIEC2.4 |
security-control/EC2.12 |
|
pci-dss/v/3.2.1/PCIEC2.5 |
security-control/EC2.13 |
|
pci-dss/v/3.2.1/PCIEC2.6 |
security-control/EC2.6 |
|
pci-dss/v/3.2.1/PCI.ELBv2.1 |
security-control/ELB.1 |
|
pci-dss/v/3.2.1/PCI。ES.1 |
security-control/ES.2 |
|
pci-dss/v/3.2.1/PCI。ES.2 |
security-control/ES.1 |
|
pci-dss/v/3.2.1/PCI.GuardDuty.1 |
security-control/GuardDuty.1 |
|
pci-dss/v/3.2.1/PCI.IAM.1 |
security-control/IAM.4 |
|
pci-dss/v/3.2.1/PCIIAM.2 |
security-control/IAM.2 |
|
pci-dss/v/3.2.1/PCIIAM.3 |
security-control/IAM.1 |
|
pci-dss/v/3.2.1/PCIIAM.4 |
security-control/IAM.6 |
|
pci-dss/v/3.2.1/PCIIAM.5 |
security-control/IAM.9 |
|
pci-dss/v/3.2.1/PCIIAM.6 |
security-control/IAM.19 |
|
pci-dss/v/3.2.1/PCIIAM.7 |
security-control/IAM.8 |
|
pci-dss/v/3.2.1/PCIIAM.8 |
security-control/IAM.10 |
|
pci-dss/v/3.2.1/PCIKMS..1 |
security-control/KMS.4 |
|
pci-dss/v/3.2.1/PCI。Lambda.1 |
security-control/Lambda.1 |
|
pci-dss/v/3.2.1/PCI。Lambda.2 |
security-control/Lambda.3 |
|
pci-dss/v/3.2.1/PCI。Opensearch.1 |
security-control/Opensearch.2 |
|
pci-dss/v/3.2.1/PCI。Opensearch.2 |
security-control/Opensearch.1 |
|
pci-dss/v/3.2.1/PCIRDS..1 |
security-control/RDS.1 |
|
pci-dss/v/3.2.1/PCIRDS..2 |
security-control/RDS.2 |
|
pci-dss/v/3.2.1/PCI。Redshift.1 |
security-control/Redshift.1 |
|
pci-dss/v/3.2.1/PCI。S3.1 |
security-control/S3.3 |
|
pci-dss/v/3.2.1/PCI。S3.2 |
security-control/S3.2 |
|
pci-dss/v/3.2.1/PCI。S3.3 |
security-control/S3.7 |
|
pci-dss/v/3.2.1/PCI。S3.5 |
security-control/S3.5 |
|
pci-dss/v/3.2.1/PCI。S3.6 |
security-control/S3.1 |
|
pci-dss/v/3.2.1/PCI。SageMaker AI.1 |
security-control/SageMaker AI.1 |
|
pci-dss/v/3.2.1/PCI.SSM.1 |
security-control/SSM.2 |
|
pci-dss/v/3.2.1/PCISSM.2 |
security-control/SSM.3 |
|
pci-dss/v/3.2.1/PCISSM.3 |
security-control/SSM.1 |
|
service-managed-aws-control-tower/v/1.0.0/ACM.1 |
security-control/ACM.1 |
|
service-managed-aws-control-tower/v/1.0.0/APIGateway.1 |
security-control/APIGateway.1 |
|
service-managed-aws-control-tower/v/1.0.0/APIGateway.2 |
security-control/APIGateway.2 |
|
service-managed-aws-control-tower/v/1.0.0/APIGateway.3 |
security-control/APIGateway.3 |
|
service-managed-aws-control-tower/v/1.0.0/APIGateway.4 |
security-control/APIGateway.4 |
|
service-managed-aws-control-tower/v/1.0.0/APIGateway.5 |
security-control/APIGateway.5 |
|
service-managed-aws-control-tower/v/1.0.0/AutoScaling.1 |
security-control/AutoScaling.1 |
|
service-managed-aws-control-tower/v/1.0.0/AutoScaling.2 |
security-control/AutoScaling.2 |
|
service-managed-aws-control-tower/v/1.0.0/AutoScaling.3 |
security-control/AutoScaling.3 |
|
service-managed-aws-control-tower/v/1.0.0/AutoScaling.4 |
security-control/AutoScaling.4 |
|
service-managed-aws-control-tower/v/1.0.0/Autoscaling.5 |
security-control/Autoscaling.5 |
|
service-managed-aws-control-tower/v/1.0.0/AutoScaling.6 |
security-control/AutoScaling.6 |
|
service-managed-aws-control-tower/v/1.0.0/AutoScaling.9 |
security-control/AutoScaling.9 |
|
service-managed-aws-control-tower/v/1.0.0/CloudTrail.1 |
security-control/CloudTrail.1 |
|
service-managed-aws-control-tower/v/1.0.0/CloudTrail.2 |
security-control/CloudTrail.2 |
|
service-managed-aws-control-tower/v/1.0.0/CloudTrail.4 |
security-control/CloudTrail.4 |
|
service-managed-aws-control-tower/v/1.0.0/CloudTrail.5 |
security-control/CloudTrail.5 |
|
service-managed-aws-control-tower/v/1.0.0/CodeBuild.1 |
security-control/CodeBuild.1 |
|
service-managed-aws-control-tower/v/1.0.0/CodeBuild.2 |
security-control/CodeBuild.2 |
|
service-managed-aws-control-tower/v/1.0.0/CodeBuild.4 |
security-control/CodeBuild.4 |
|
service-managed-aws-control-tower/v/1.0.0/CodeBuild.5 |
security-control/CodeBuild.5 |
|
service-managed-aws-control-tower/v/1.0.0/DMS.1 |
security-control/DMS.1 |
|
service-managed-aws-control-tower/v/1.0.0/DynamoDB.1 |
security-control/DynamoDB.1 |
|
service-managed-aws-control-tower/v/1.0.0/DynamoDB.2 |
security-control/DynamoDB.2 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.1 |
security-control/EC2.1 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.2 |
security-control/EC2.2 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.3 |
security-control/EC2.3 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.4 |
security-control/EC2.4 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.6 |
security-control/EC2.6 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.7 |
security-control/EC2.7 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.8 |
security-control/EC2.8 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.9 |
security-control/EC2.9 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.10 |
security-control/EC2.10 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.15 |
security-control/EC2.15 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.16 |
security-control/EC2.16 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.17 |
security-control/EC2.17 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.18 |
security-control/EC2.18 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.19 |
security-control/EC2.19 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.20 |
security-control/EC2.20 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.21 |
security-control/EC2.21 |
|
service-managed-aws-control-tower/v/1.0.0/EC2.22 |
security-control/EC2.22 |
|
service-managed-aws-control-tower/v/1.0.0/ECR.1 |
security-control/ECR.1 |
|
service-managed-aws-control-tower/v/1.0.0/ECR.2 |
security-control/ECR.2 |
|
service-managed-aws-control-tower/v/1.0.0/ECR.3 |
security-control/ECR.3 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.1 |
security-control/ECS.1 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.2 |
security-control/ECS.2 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.3 |
security-control/ECS.3 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.4 |
security-control/ECS.4 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.5 |
security-control/ECS.5 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.8 |
security-control/ECS.8 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.10 |
security-control/ECS.10 |
|
service-managed-aws-control-tower/v/1.0.0/ECS.12 |
security-control/ECS.12 |
|
service-managed-aws-control-tower/v/1.0.0/EFS.1 |
security-control/EFS.1 |
|
service-managed-aws-control-tower/v/1.0.0/EFS.2 |
security-control/EFS.2 |
|
service-managed-aws-control-tower/v/1.0.0/EFS.3 |
security-control/EFS.3 |
|
service-managed-aws-control-tower/v/1.0.0/EFS.4 |
security-control/EFS.4 |
|
service-managed-aws-control-tower/v/1.0.0/EKS.2 |
security-control/EKS.2 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.2 |
security-control/ELB.2 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.3 |
security-control/ELB.3 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.4 |
security-control/ELB.4 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.5 |
security-control/ELB.5 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.6 |
security-control/ELB.6 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.7 |
security-control/ELB.7 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.8 |
security-control/ELB.8 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.9 |
security-control/ELB.9 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.10 |
security-control/ELB.10 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.12 |
security-control/ELB.12 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.13 |
security-control/ELB.13 |
|
service-managed-aws-control-tower/v/1.0.0/ELB.14 |
security-control/ELB.14 |
|
service-managed-aws-control-tower/v/1.0.0/ELBv2.1 |
security-control/ELBv2.1 |
|
service-managed-aws-control-tower/v/1.0.0/EMR.1 |
security-control/EMR.1 |
|
service-managed-aws-control-tower/v/1.0.0/ES.1 |
security-control/ES.1 |
|
service-managed-aws-control-tower/v/1.0.0/ES.2 |
security-control/ES.2 |
|
service-managed-aws-control-tower/v/1.0.0/ES.3 |
security-control/ES.3 |
|
service-managed-aws-control-tower/v/1.0.0/ES.4 |
security-control/ES.4 |
|
service-managed-aws-control-tower/v/1.0.0/ES.5 |
security-control/ES.5 |
|
service-managed-aws-control-tower/v/1.0.0/ES.6 |
security-control/ES.6 |
|
service-managed-aws-control-tower/v/1.0.0/ES.7 |
security-control/ES.7 |
|
service-managed-aws-control-tower/v/1.0.0/ES.8 |
security-control/ES.8 |
|
service-managed-aws-control-tower/v/1.0.0/ElasticBeanstalk.1 |
security-control/ElasticBeanstalk.1 |
|
service-managed-aws-control-tower/v/1.0.0/ElasticBeanstalk.2 |
security-control/ElasticBeanstalk.2 |
|
service-managed-aws-control-tower/v/1.0.0/GuardDuty.1 |
security-control/GuardDuty.1 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.1 |
security-control/IAM.1 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.2 |
security-control/IAM.2 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.3 |
security-control/IAM.3 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.4 |
security-control/IAM.4 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.5 |
security-control/IAM.5 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.6 |
security-control/IAM.6 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.7 |
security-control/IAM.7 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.8 |
security-control/IAM.8 |
|
service-managed-aws-control-tower/v/1.0.0/IAM.21 |
security-control/IAM.21 |
|
service-managed-aws-control-tower/v/1.0.0/Kinesis.1 |
security-control/Kinesis.1 |
|
service-managed-aws-control-tower/v/1.0.0/KMS.1 |
security-control/KMS.1 |
|
service-managed-aws-control-tower/v/1.0.0/KMS.2 |
security-control/KMS.2 |
|
service-managed-aws-control-tower/v/1.0.0/KMS.3 |
security-control/KMS.3 |
|
service-managed-aws-control-tower/v/1.0.0/Lambda.1 |
security-control/Lambda.1 |
|
service-managed-aws-control-tower/v/1.0.0/Lambda.2 |
security-control/Lambda.2 |
|
service-managed-aws-control-tower/v/1.0.0/Lambda.5 |
security-control/Lambda.5 |
|
service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.3 |
security-control/NetworkFirewall.3 |
|
service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.4 |
security-control/NetworkFirewall.4 |
|
service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.5 |
security-control/NetworkFirewall.5 |
|
service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.6 |
security-control/NetworkFirewall.6 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.1 |
security-control/Opensearch.1 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.2 |
security-control/Opensearch.2 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.3 |
security-control/Opensearch.3 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.4 |
security-control/Opensearch.4 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.5 |
security-control/Opensearch.5 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.6 |
security-control/Opensearch.6 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.7 |
security-control/Opensearch.7 |
|
service-managed-aws-control-tower/v/1.0.0/Opensearch.8 |
security-control/Opensearch.8 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.1 |
security-control/RDS.1 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.2 |
security-control/RDS.2 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.3 |
security-control/RDS.3 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.4 |
security-control/RDS.4 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.5 |
security-control/RDS.5 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.6 |
security-control/RDS.6 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.8 |
security-control/RDS.8 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.9 |
security-control/RDS.9 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.10 |
security-control/RDS.10 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.11 |
security-control/RDS.11 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.13 |
security-control/RDS.13 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.17 |
security-control/RDS.17 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.18 |
security-control/RDS.18 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.19 |
security-control/RDS.19 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.20 |
security-control/RDS.20 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.21 |
security-control/RDS.21 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.22 |
security-control/RDS.22 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.23 |
security-control/RDS.23 |
|
service-managed-aws-control-tower/v/1.0.0/RDS.25 |
security-control/RDS.25 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.1 |
security-control/Redshift.1 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.2 |
security-control/Redshift.2 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.4 |
security-control/Redshift.4 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.6 |
security-control/Redshift。6 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.7 |
security-control/Redshift。7 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.8 |
security-control/Redshift。8 |
|
service-managed-aws-control-tower/v/1.0.0/Redshift.9 |
security-control/Redshift.9 |
|
service-managed-aws-control-tower/v/1.0.0/S3.1 |
security-control/S3.1 |
|
service-managed-aws-control-tower/v/1.0.0/S3.2 |
security-control/S3.2 |
|
service-managed-aws-control-tower/v/1.0.0/S3.3 |
security-control/S3.3 |
|
service-managed-aws-control-tower/v/1.0.0/S3.5 |
security-control/S3.5 |
|
service-managed-aws-control-tower/v/1.0.0/S3.6 |
security-control/S3.6 |
|
service-managed-aws-control-tower/v/1.0.0/S3.8 |
security-control/S3.8 |
|
service-managed-aws-control-tower/v/1.0.0/S3.9 |
security-control/S3.9 |
|
service-managed-aws-control-tower/v/1.0.0/S3.12 |
security-control/S3.12 |
|
service-managed-aws-control-tower/v/1.0.0/S3.13 |
security-control/S3.13 |
|
service-managed-aws-control-tower/v/1.0.0/SageMaker AI.1 |
security-control/SageMaker AI.1 |
|
service-managed-aws-control-tower/v/1.0.0/SecretsManager.1 |
security-control/SecretsManager.1 |
|
service-managed-aws-control-tower/v/1.0.0/SecretsManager.2 |
security-control/SecretsManager.2 |
|
service-managed-aws-control-tower/v/1.0.0/SecretsManager.3 |
security-control/SecretsManager.3 |
|
service-managed-aws-control-tower/v/1.0.0/SecretsManager.4 |
security-control/SecretsManager.4 |
|
service-managed-aws-control-tower/v/1.0.0/SQS.1 |
security-control/SQS.1 |
|
service-managed-aws-control-tower/v/1.0.0/SSM.1 |
security-control/SSM.1 |
|
service-managed-aws-control-tower/v/1.0.0/SSM.2 |
security-control/SSM.2 |
|
service-managed-aws-control-tower/v/1.0.0/SSM.3 |
security-control/SSM.3 |
|
service-managed-aws-control-tower/v/1.0.0/SSM.4 |
security-control/SSM.4 |
|
service-managed-aws-control-tower/v/1.0.0/WAF.2 |
security-control/WAF.2 |
|
service-managed-aws-control-tower/v/1.0.0/WAF.3 |
security-control/WAF.3 |
|
service-managed-aws-control-tower/v/1.0.0/WAF.4 |
security-control/WAF.4 |
合併如何影響控制IDs和標題
合併控制項檢視和合併的控制項問題清單會將跨標準的控制IDs和標題標準化。安全控制 ID 和安全控制標題一詞是指這些標準無關的值。
Security Hub 主控台會顯示標準無關的安全控制IDs和安全控制標題,無論合併控制問題清單是否已在您的帳戶中開啟或關閉。不過,如果您的帳戶中的合併控制問題清單已關閉,Security Hub 問題清單會包含標準特定的控制標題 (適用於 PCI和 v1CIS.2.0)。如果您的帳戶中關閉了合併的控制問題清單,Security Hub 問題清單會包含標準特定的控制 ID 和安全控制 ID。如需整合如何影響控制問題清單的詳細資訊,請參閱Security Hub 中的控制項問題清單範例。
對於屬於服務受管標準 的控制項: AWS Control Tower在開啟合併控制項問題清單時,會從問題清單的控制項 ID 和標題CT.中移除字首。
若要在 Security Hub 中停用安全控制,您必須停用所有與安全控制對應的標準控制。下表顯示安全控制IDs和標題映射到標準特定的控制IDs和標題。屬於 AWS 基礎安全最佳實務 1.0.0 版 (FSBP) 標準的控制IDs和標題已經是標準無關的。如需符合網際網路安全中心 (CIS) 3.0.0 版需求的控制項映射,請參閱 將控制項映射到每個版本中的CIS要求。
若要在此資料表上執行您自己的指令碼,請將其下載為 .csv 檔案。
| 標準 | 標準控制項 ID 和標題 | 安全控制 ID 和標題 |
|---|---|---|
|
CIS 1.2.0 版 |
1.1 避免使用根使用者 |
|
|
CIS 1.2.0 版 |
1.10 確保IAM密碼政策防止密碼重複使用 |
|
|
CIS 1.2.0 版 |
1.11 確保IAM密碼政策在 90 天內過期密碼 |
|
|
CIS 1.2.0 版 |
1.12 確保不存在根使用者存取金鑰 |
|
|
CIS 1.2.0 版 |
1.13 確定MFA已為根使用者啟用 |
|
|
CIS 1.2.0 版 |
1.14 確定MFA已啟用根使用者的硬體 |
|
|
CIS 1.2.0 版 |
1.16 確保IAM政策僅連接到群組或角色 |
|
|
CIS 1.2.0 版 |
1.2 確保為具有主控台密碼的IAM所有使用者啟用多重驗證 (MFA) |
|
|
CIS 1.2.0 版 |
1.20 確保已建立支援角色,以使用 管理事件 AWS Support |
|
|
CIS 1.2.0 版 |
1.22 確保未建立允許完整 "*:*" 管理權限IAM的政策 |
|
|
CIS 1.2.0 版 |
1.3 確定停用 90 天 (含) 以上未使用的登入資料 |
|
|
CIS 1.2.0 版 |
1.4 確保每 90 天或更短期限輪換存取金鑰 |
|
|
CIS 1.2.0 版 |
1.5 確保IAM密碼政策至少需要一個大寫字母 |
|
|
CIS 1.2.0 版 |
1.6 確保IAM密碼政策至少需要一個小寫字母 |
|
|
CIS 1.2.0 版 |
1.7 確保IAM密碼政策至少需要一個符號 |
|
|
CIS 1.2.0 版 |
1.8 確保IAM密碼政策至少需要一個數字 |
|
|
CIS 1.2.0 版 |
1.9 確保IAM密碼政策要求密碼長度至少為 14 或更高 |
|
|
CIS 1.2.0 版 |
2.1 確保所有區域 CloudTrail 都已啟用 |
|
|
CIS 1.2.0 版 |
2.2 確保日誌 CloudTrail 檔案驗證已啟用 |
|
|
CIS 1.2.0 版 |
2.3 確保用於存放 CloudTrail 日誌的 S3 儲存貯體不可公開存取 |
|
|
CIS 1.2.0 版 |
2.4 確保 CloudTrail 追蹤與 CloudWatch 日誌整合 |
|
|
CIS 1.2.0 版 |
2.5 確保 AWS Config 已啟用 |
|
|
CIS 1.2.0 版 |
2.6 確保 S3 儲存貯體上已啟用 CloudTrail S3 儲存貯體存取記錄 |
|
|
CIS 1.2.0 版 |
2.7 確保 CloudTrail 日誌使用 進行靜態加密 KMS CMKs |
|
|
CIS 1.2.0 版 |
2.8 確保CMKs已啟用客戶建立的輪換 |
|
|
CIS 1.2.0 版 |
2.9 確定所有 都已啟用VPC流程記錄 VPCs |
|
|
CIS 1.2.0 版 |
3.1 確保日誌指標篩選條件和警示對未經授權的API呼叫存在 |
|
|
CIS 1.2.0 版 |
3.10 確定安全群組變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.2.0 版 |
3.11 確保網路存取控制清單 (NACL) 的變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.2.0 版 |
3.12 確定網路閘道變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.2.0 版 |
3.13 確定路由表變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.2.0 版 |
3.14 確保VPC變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.2.0 版 |
3.2 確保 Management Console 登入時存在日誌指標篩選條件和警示,而沒有 MFA |
|
|
CIS 1.2.0 版 |
3.3 確保根使用者的用量具有日誌指標篩選條件和警示 |
|
|
CIS 1.2.0 版 |
3.4 確保IAM政策變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.2.0 版 |
3.5 確保 CloudTrail 組態變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.2.0 版 |
3.6 確保 AWS Management Console 存在驗證失敗的日誌指標篩選條件和警示 |
|
|
CIS 1.2.0 版 |
3.7 確保日誌指標篩選條件和警示存在,以停用或排程刪除已建立的客戶 CMKs |
|
|
CIS 1.2.0 版 |
3.8 確定 S3 儲存貯體政策變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.2.0 版 |
3.9 確保 AWS Config 組態變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.2.0 版 |
4.1 確保無安全群組允許從 0.0.0.0/0 輸入連接埠 22 |
|
|
CIS 1.2.0 版 |
4.2 確保無安全群組允許從 0.0.0.0/0 輸入連接埠 3389 |
|
|
CIS 1.2.0 版 |
4.3 確保每個 的預設安全群組VPC限制所有流量 |
|
|
CIS 1.4.0 版 |
1.10 確保為具有主控台密碼的IAM所有使用者啟用多重驗證 (MFA) |
|
|
CIS 1.4.0 版 |
1.14 確保每 90 天或更短時間輪換存取金鑰 |
|
|
CIS 1.4.0 版 |
1.16 確保未連接允許完整 "*:*" 管理權限IAM的政策 |
|
|
CIS 1.4.0 版 |
1.17 確保已建立支援角色,以使用 管理事件 AWS Support |
|
|
CIS 1.4.0 版 |
1.4 確保根使用者帳戶存取金鑰不存在 |
|
|
CIS 1.4.0 版 |
1.5 確定 MFA 已啟用根使用者帳戶 |
|
|
CIS 1.4.0 版 |
1.6 確定MFA已啟用根使用者帳戶的硬體 |
|
|
CIS 1.4.0 版 |
1.7 避免將根使用者用於管理和日常任務 |
|
|
CIS 1.4.0 版 |
1.8 確保IAM密碼政策的長度至少為 14 個或更多 |
|
|
CIS 1.4.0 版 |
1.9 確保IAM密碼政策防止密碼重複使用 |
|
|
CIS 1.4.0 版 |
2.1.2 確保 S3 儲存貯體政策設定為拒絕HTTP請求 |
|
|
CIS 1.4.0 版 |
應啟用 2.1.5.1 S3 Block Public Access 設定 |
|
|
CIS 1.4.0 版 |
2.1.5.2 S3 封鎖公開存取設定應在儲存貯體層級啟用 |
|
|
CIS 1.4.0 版 |
2.2.1 確保已啟用EBS磁碟區加密 |
|
|
CIS 1.4.0 版 |
2.3.1 確定已為RDS執行個體啟用加密 |
|
|
CIS 1.4.0 版 |
3.1 確保所有區域 CloudTrail 都已啟用 |
|
|
CIS 1.4.0 版 |
3.2 確保 CloudTrail 日誌檔案驗證已啟用 |
|
|
CIS 1.4.0 版 |
3.4 確保 CloudTrail 追蹤與 CloudWatch 日誌整合 |
|
|
CIS 1.4.0 版 |
3.5 確保所有區域 AWS Config 都已啟用 |
|
|
CIS 1.4.0 版 |
3.6 確保 S3 儲存貯體上已啟用 CloudTrail S3 儲存貯體存取記錄 |
|
|
CIS 1.4.0 版 |
3.7 確保 CloudTrail 日誌使用 進行靜態加密 KMS CMKs |
|
|
CIS 1.4.0 版 |
3.8 確保CMKs已啟用客戶建立的輪換 |
|
|
CIS 1.4.0 版 |
3.9 確定所有 都已啟用VPC流程記錄 VPCs |
|
|
CIS 1.4.0 版 |
4.4 確保IAM政策變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.5 確保 CloudTrail 組態變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.6 確保 AWS Management Console 存在驗證失敗的日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.7 確保日誌指標篩選條件和警示存在,以停用或排程刪除已建立的客戶 CMKs |
|
|
CIS 1.4.0 版 |
4.8 確保 S3 儲存貯體政策變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.9 確保 AWS Config 組態變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.10 確保安全群組變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.11 確保網路存取控制清單 (NACL) 的變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.12 確保網路閘道變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.13 確保路由表變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
4.14 確保VPC變更存在日誌指標篩選條件和警示 |
|
|
CIS 1.4.0 版 |
5.1 確保網路不允許從 0.0.0.0/0 ACLs 傳入遠端伺服器管理連接埠 |
|
|
CIS 1.4.0 版 |
5.3 確保每個 的預設安全群組VPC限制所有流量 |
|
|
PCI DSS v3.2.1 |
PCI.AutoScaling.1 與負載平衡器相關聯的自動擴展群組應使用負載平衡器運作狀態檢查 |
|
|
PCI DSS v3.2.1 |
PCI.CloudTrail.1 CloudTrail logs 應使用 進行靜態加密 AWS KMS CMKs |
|
|
PCI DSS v3.2.1 |
PCI.CloudTrail.2 CloudTrail 應啟用 |
|
|
PCI DSS v3.2.1 |
PCI應啟用 .CloudTrail.3 CloudTrail log 檔案驗證 |
|
|
PCI DSS v3.2.1 |
PCI.CloudTrail.4 CloudTrail trails 應與 Amazon CloudWatch Logs 整合 |
|
|
PCI DSS v3.2.1 |
PCI.CodeBuild.1 CodeBuild GitHub 或 Bitbucket 來源儲存庫URLs應使用 OAuth |
|
|
PCI DSS v3.2.1 |
PCI.CodeBuild.2 CodeBuild 專案環境變數不應包含純文字登入資料 |
|
|
PCI DSS v3.2.1 |
PCI AWS Config 應啟用 .Config.1 |
|
|
PCI DSS v3.2.1 |
PCI.CW.1 日誌指標篩選條件和警示應存在,以使用「根」使用者 |
|
|
PCI DSS v3.2.1 |
PCI.DMS.1 Database Migration Service 複寫執行個體不應公開 |
|
|
PCI DSS v3.2.1 |
PCI.EC2.1 EBS快照不應可公開還原 |
|
|
PCI DSS v3.2.1 |
PCI.EC2.2 VPC 預設安全群組應禁止傳入和傳出流量 |
|
|
PCI DSS v3.2.1 |
PCI.EC2.4 EC2EIPs應該移除未使用的 |
|
|
PCI DSS v3.2.1 |
PCI.EC2.5 安全群組不應允許從 0.0.0.0/0 傳入連接埠 22 |
|
|
PCI DSS v3.2.1 |
PCI所有 .EC2.6 VPC流程記錄都應啟用 VPCs |
|
|
PCI DSS v3.2.1 |
PCI.ELBv2.1 Application Load Balancer 應設定為將所有HTTP請求重新導向至 HTTPS |
|
|
PCI DSS v3.2.1 |
PCI.ES.1 Elasticsearch 網域應該位於 VPC |
|
|
PCI DSS v3.2.1 |
PCI.ES.2 Elasticsearch 網域應該啟用靜態加密 |
|
|
PCI DSS v3.2.1 |
PCI.GuardDuty.1 GuardDuty 應啟用 |
|
|
PCI DSS v3.2.1 |
PCI.IAM.1 IAM根使用者存取金鑰不應存在 |
|
|
PCI DSS v3.2.1 |
PCI.IAM.2 IAM使用者不應連接IAM政策 |
|
|
PCI DSS v3.2.1 |
PCI.IAM.3 IAM政策不應允許完整的「*」管理權限 |
|
|
PCI DSS v3.2.1 |
PCI.IAM.4 MFA應為根使用者啟用硬體 |
|
|
PCI DSS v3.2.1 |
PCI根使用者MFA應啟用 .IAM.5 虛擬 |
|
|
PCI DSS v3.2.1 |
PCIMFA應為IAM所有使用者啟用 .IAM.6 |
|
|
PCI DSS v3.2.1 |
PCI如果未在預先定義的天數內使用 .IAM.7 IAM使用者登入資料,則應停用 |
|
|
PCI DSS v3.2.1 |
PCI.IAM.8 IAM使用者的密碼政策應具有強大的組態 |
|
|
PCI DSS v3.2.1 |
PCI.KMS.1 應啟用客戶主金鑰 (CMK) 輪換 |
|
|
PCI DSS v3.2.1 |
PCI.Lambda.1 Lambda 函數應禁止公開存取 |
|
|
PCI DSS v3.2.1 |
PCI.Lambda.2 Lambda 函數應該位於 VPC |
|
|
PCI DSS v3.2.1 |
PCI.Opensearch.1 OpenSearch 網域應該位於 VPC |
|
|
PCI DSS v3.2.1 |
PCI.Opensearch.2 EBS快照不應可公開還原 |
|
|
PCI DSS v3.2.1 |
PCI.RDS.1 RDS快照應為私有 |
|
|
PCI DSS v3.2.1 |
PCI.RDS.2 RDS 資料庫執行個體應禁止公開存取 |
|
|
PCI DSS v3.2.1 |
PCI.Redshift.1 Amazon Redshift 叢集應禁止公開存取 |
|
|
PCI DSS v3.2.1 |
PCI.S3.1 S3 儲存貯體應禁止公有寫入存取 |
|
|
PCI DSS v3.2.1 |
PCI.S3.2 S3 儲存貯體應禁止公開讀取存取 |
|
|
PCI DSS v3.2.1 |
PCI.S3.3 S3 儲存貯體應該啟用跨區域複寫 |
|
|
PCI DSS v3.2.1 |
PCI.S3.5 S3 儲存貯體應要求請求使用 Secure Socket Layer |
|
|
PCI DSS v3.2.1 |
PCI應啟用 .S3.6 S3 封鎖公開存取設定 |
|
|
PCI DSS v3.2.1 |
PCI.SageMaker AI.1 Amazon SageMaker AI 筆記本執行個體不應具有直接網際網路存取 |
|
|
PCI DSS v3.2.1 |
PCISystems Manager 管理的 .SSM.1 EC2執行個體在修補程式安裝COMPLIANT後應具有 的修補程式合規狀態 |
【SSM.2】 Systems Manager 管理的 Amazon EC2執行個體在修補程式安裝COMPLIANT後應具有 的修補程式合規狀態 |
|
PCI DSS v3.2.1 |
PCISystems Manager 管理的 .SSM.2 EC2執行個體應具有 的關聯合規狀態 COMPLIANT |
【SSM.3】 由 Systems Manager 管理的 Amazon EC2執行個體的關聯合規狀態應為 COMPLIANT |
|
PCI DSS v3.2.1 |
PCI.SSM.3 EC2執行個體應該由 管理 AWS Systems Manager |
更新用於合併的工作流程
如果您的工作流程不依賴任何控制項調查結果欄位的特定格式,則不需要任何動作。
如果您的工作流程依賴資料表中記下的任何控制項問題清單欄位的特定格式,您應該更新您的工作流程。例如,如果您建立的 Amazon CloudWatch Events 規則觸發了特定控制項 ID 的動作 (例如,如果控制項 ID CIS 等於 2.7 呼叫 AWS Lambda 函數),請將規則更新為使用 CloudTrail。2,即該控制項Compliance.SecurityControlId的欄位。
如果您使用變更的任何控制項調查結果欄位或值建立自訂洞見,請更新這些洞見以使用目前的欄位或值。
