AWS_APIGATEWAY_ALLOWS_ANONYMOUS_ACCESS | 255. Allow access only to the necessary ports |
AWS_CFT_SERVES_CONTENT_OVER_HTTP | 181. Transmit data using secure protocols |
AWS_CF_DISTRIBUTION_HAS_LOGGING_DISABLED | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
AWS_CLOUDFRONT_HAS_LOGGING_DISABLED | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
AWS_CLOUDFRONT_INSECURE_PROTOCOLS | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
AWS_CLOUDTRAIL_FILES_NOT_VALIDATED | 080. Prevent log modification |
AWS_CLOUDTRAIL_IS_TRAIL_BUCKET_LOGGING_DISABLED | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
AWS_CLOUDTRAIL_NOT_LOGGING | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
AWS_CLOUDTRAIL_TRAILS_NOT_MULTIREGION | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
AWS_COGNITO_HAS_MFA_DISABLED | 229. Request access credentials 231. Implement a biometric verification component 264. Request authentication 319. Make authentication options equally secure 328. Request MFA for critical systems |
AWS_CREDENTIALS | 145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities |
AWS_DYNAMODB_ENCRYPTED_WITH_AWS_MASTER_KEYS | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
AWS_DYNAMODB_HAS_NOT_POINT_IN_TIME_RECOVERY | 186. Use the principle of least privilege 265. Restrict access to critical processes |
AWS_DYNAMODB_NOT_DEL_PROTEC | 186. Use the principle of least privilege 265. Restrict access to critical processes |
AWS_EBS_HAS_ENCRYPTION_DISABLED | 185. Encrypt sensitive information 300. Mask sensitive data 266. Disable insecure functionalities |
AWS_EC2_ACL_ALLOW_ALL_INGRESS_TRAFFIC | 255. Allow access only to the necessary ports |
AWS_EC2_ACL_ALLOW_EGRESS_TRAFFIC | 255. Allow access only to the necessary ports |
AWS_EC2_ANYONE_ADMIN_PORTS | 255. Allow access only to the necessary ports |
AWS_EC2_DEFAULT_ALL_TRAFIC | 255. Allow access only to the necessary ports |
AWS_EC2_DEFAULT_SECURITY_GROUP | 266. Disable insecure functionalities |
AWS_EC2_HAS_ASSOCIATE_PUBLIC_IP_ADDRESS | 266. Disable insecure functionalities |
AWS_EC2_HAS_DEFAULT_SECURITY_GROUPS_IN_USE | 266. Disable insecure functionalities |
AWS_EC2_HAS_INSTANCES_USING_UNAPPROVED_AMIS | 266. Disable insecure functionalities |
AWS_EC2_HAS_MODIFY_ATTRIBUTE | 266. Disable insecure functionalities |
AWS_EC2_HAS_NOT_TERMINATION_PROTECTION | 186. Use the principle of least privilege |
AWS_EC2_HAS_TERMINATE_SHUTDOWN_BEHAVIOR | 266. Disable insecure functionalities |
AWS_EC2_HAS_UNENCRYPTED_AMIS | 266. Disable insecure functionalities |
AWS_EC2_HAS_UNENCRYPTED_SNAPSHOTS | 266. Disable insecure functionalities |
AWS_EC2_HAS_UNUSED_KEY_PAIRS | 266. Disable insecure functionalities |
AWS_EC2_HAS_UNUSED_SEGGROUPS | 266. Disable insecure functionalities |
AWS_EC2_IAM_INSTANCE_WITHOUT_PROFILE | 266. Disable insecure functionalities |
AWS_EC2_INSECURE_PORT_RANGE | 255. Allow access only to the necessary ports |
AWS_EC2_INSTANCES_WITHOUT_PROFILE | 255. Allow access only to the necessary ports |
AWS_EC2_OPEN_ALL_PORTS_TO_THE_PUBLIC | 255. Allow access only to the necessary ports |
AWS_EC2_SEC_GROUPS_RFC1918 | 255. Allow access only to the necessary ports |
AWS_EC2_UNRESTRICTED_CIDRS | 255. Allow access only to the necessary ports |
AWS_EC2_UNRESTRICTED_DNS_ACCESS | 255. Allow access only to the necessary ports |
AWS_EC2_UNRESTRICTED_FTP_ACCESS | 255. Allow access only to the necessary ports |
AWS_EC2_UNRESTRICTED_IP_PROTOCOlS | 255. Allow access only to the necessary ports |
AWS_EC2_VPC_ENDPOINTS_EXPOSED | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
AWS_EC2_VPC_WITHOUT_FLOWLOG | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
AWS_EFS_IS_ENCRYPTION_DISABLED | 185. Encrypt sensitive information 300. Mask sensitive data 266. Disable insecure functionalities |
AWS_EKS_HAS_ENDPOINTS_PUBLICLY_ACCESSIBLE | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
AWS_ELASTICACHE_REST_ENCRYPTION_DISABLED | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
AWS_ELASTICACHE_TRANSIT_ENCRYPTION_DISABLED | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
AWS_ELASTICACHE_USES_DEFAULT_PORT | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
AWS_ELB2_HAS_NOT_DELETION_PROTECTION | 186. Use the principle of least privilege 265. Restrict access to critical processes |
AWS_ELB2_HAS_NOT_HTTPS | 181. Transmit data using secure protocols 266. Disable insecure functionalities |
AWS_ELBV2_HAS_ACCESS_LOGGING_DISABLED | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
AWS_ELBV2_INSECURE_PROTOCOLS | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
AWS_ELBV2_INSECURE_SSL_CIPHER | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
AWS_HAS_PUBLICLY_SHARED_AMIS | 266. Disable insecure functionalities |
AWS_IAM_ADMIN_POLICY_ATTACHED | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege 035. Manage privilege modifications |
AWS_IAM_ALLOWS_PRIV_ESCALATION_BY_ATTACH_POLICY | 035. Manage privilege modifications |
AWS_IAM_ALLOWS_PRIV_ESCALATION_BY_POLICIES_VERSIONS | 035. Manage privilege modifications |
AWS_IAM_FULL_ACCESS_SSM | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
AWS_IAM_GROUP_WITH_INLINE_POLICY | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
AWS_IAM_HAS_MFA_DISABLED | 229. Request access credentials 231. Implement a biometric verification component 264. Request authentication 319. Make authentication options equally secure 328. Request MFA for critical systems |
AWS_IAM_HAS_OLD_ACCESS_KEYS | 130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 332. Prevent the use of breached passwords |
AWS_IAM_HAS_OLD_CREDS_ENABLED | 130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 332. Prevent the use of breached passwords |
AWS_IAM_HAS_OLD_SSH_PUBLIC_KEYS | 130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 332. Prevent the use of breached passwords |
AWS_IAM_HAS_PERMISSIVE_ROLE_POLICY | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
AWS_IAM_HAS_ROOT_ACTIVE_SIGNING_CERTIFICATES | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
AWS_IAM_HAS_WILDCARD_RESOURCE_IN_WRITE_ACTION | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
AWS_IAM_IS_POLICY_MISS_CONFIGURED | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
AWS_IAM_MFA_DISABLED_FOR_USERS_WITH_CONSOLE_PASSWD | 229. Request access credentials 231. Implement a biometric verification component 264. Request authentication 319. Make authentication options equally secure 328. Request MFA for critical systems |
AWS_IAM_MIN_PASSWORD_LEN_UNSAFE | 130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 332. Prevent the use of breached passwords |
AWS_IAM_NEGATIVE_STATEMENT | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
AWS_IAM_NOT_REQUIRES_LOWERCASE | 130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 332. Prevent the use of breached passwords |
AWS_IAM_NOT_REQUIRES_NUMBERS | 130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 332. Prevent the use of breached passwords |
AWS_IAM_NOT_REQUIRES_SYMBOLS | 130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 332. Prevent the use of breached passwords |
AWS_IAM_NOT_REQUIRES_UPPERCASE | 130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 332. Prevent the use of breached passwords |
AWS_IAM_OPEN_PASSROLE | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
AWS_IAM_PASSWORD_EXPIRATION_UNSAFE | 130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 332. Prevent the use of breached passwords |
AWS_IAM_PASSWORD_REUSE_UNSAFE | 130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 332. Prevent the use of breached passwords |
AWS_IAM_PERMISSIVE_POLICY | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
AWS_IAM_POLICIES_ATTACHED_TO_USERS | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
AWS_IAM_ROOT_HAS_ACCESS_KEYS | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
AWS_IAM_ROOT_HAS_MFA_DISABLED | 229. Request access credentials 231. Implement a biometric verification component 264. Request authentication 319. Make authentication options equally secure 328. Request MFA for critical systems |
AWS_IAM_USERS_WITH_PASSWORD_AND_ACCESS_KEYS | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
AWS_IAM_USER_WITH_INLINE_POLICY | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
AWS_IAM_USER_WITH_MULTIPLE_ACCESS_KEYS | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
AWS_KMS_HAS_MASTER_KEYS_EXPOSED_TO_EVERYONE | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
AWS_KMS_IS_KEY_ROTATION_DISABLED | 266. Disable insecure functionalities |
AWS_RDS_HAS_NOT_AUTOMATED_BACKUPS | 186. Use the principle of least privilege 265. Restrict access to critical processes |
AWS_RDS_HAS_NOT_DELETION_PROTECTION | 186. Use the principle of least privilege 265. Restrict access to critical processes |
AWS_RDS_HAS_PUBLIC_INSTANCES | 096. Set user's required privileges 176. Restrict system objects 265. Restrict access to critical processes |
AWS_RDS_HAS_PUBLIC_SNAPSHOTS | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
AWS_RDS_HAS_UNENCRYPTED_STORAGE | 134. Store passwords with salt 135. Passwords with random salt 185. Encrypt sensitive information 229. Request access credentials 264. Request authentication 300. Mask sensitive data |
AWS_RDS_NOT_INSIDE_A_DB_SUBNET_GROUP | 255. Allow access only to the necessary ports |
AWS_RDS_NOT_USES_IAM_AUTHENTICATION | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
AWS_RDS_UNRESTRICTED_DB_SECURITY_GROUPS | 255. Allow access only to the necessary ports |
AWS_REDSHIFT_HAS_AUDIT_LOGS_DISABLED | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
AWS_REDSHIFT_HAS_ENCRYPTION_DISABLED | 185. Encrypt sensitive information 300. Mask sensitive data |
AWS_REDSHIFT_HAS_PUBLIC_CLUSTERS | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
AWS_REDSHIFT_HAS_USER_ACTIVITY_LOG_DISABLED | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
AWS_REDSHIFT_NOT_REQUIRES_SSL | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
AWS_S3_ACL_PUBLIC_BUCKETS | 096. Set user's required privileges 176. Restrict system objects 264. Request authentication 320. Avoid client-side control enforcement |
AWS_S3_BUCKETS_ALLOW_UNAUTHORIZED_PUBLIC_ACCESS | 096. Set user's required privileges |
AWS_S3_BUCKETS_ALLOW_UNAUTHORIZED_PUBLIC_ACCESS | 176. Restrict system objects |
AWS_S3_BUCKETS_ALLOW_UNAUTHORIZED_PUBLIC_ACCESS | 264. Request authentication |
AWS_S3_BUCKETS_ALLOW_UNAUTHORIZED_PUBLIC_ACCESS | 320. Avoid client-side control enforcement |
AWS_S3_BUCKET_POLICY_ENCRYPTION_DISABLE | 134. Store passwords with salt |
AWS_S3_BUCKET_POLICY_ENCRYPTION_DISABLE | 135. Passwords with random salt |
AWS_S3_BUCKET_POLICY_ENCRYPTION_DISABLE | 185. Encrypt sensitive information |
AWS_S3_BUCKET_POLICY_ENCRYPTION_DISABLE | 227. Display access notification |
AWS_S3_BUCKET_POLICY_ENCRYPTION_DISABLE | 229. Request access credentials |
AWS_S3_BUCKET_POLICY_ENCRYPTION_DISABLE | 264. Request authentication |
AWS_S3_BUCKET_POLICY_ENCRYPTION_DISABLE | 300. Mask sensitive data |
AWS_S3_BUCKET_VERSIONING_DISABLED | 266. Disable insecure functionalities |
AWS_S3_HAS_ACCESS_LOGGING_DISABLED | 075. Record exceptional events in logs |
AWS_S3_HAS_ACCESS_LOGGING_DISABLED | 376. Register severity level |
AWS_S3_HAS_ACCESS_LOGGING_DISABLED | 377. Store logs based on valid regulation |
AWS_S3_HAS_ACCESS_LOGGING_DISABLED | 378. Use of log management system |
AWS_S3_HAS_INSECURE_TRANSPORT | 181. Transmit data using secure protocols |
AWS_S3_PRIVATE_BUCKETS_NOT_BLOCKING_PUBLIC_ACLS | 095. Define users with privileges |
AWS_S3_PRIVATE_BUCKETS_NOT_BLOCKING_PUBLIC_ACLS | 096. Set user's required privileges |
AWS_S3_PRIVATE_BUCKETS_NOT_BLOCKING_PUBLIC_ACLS | 186. Use the principle of least privilege |
AWS_S3_PUBLIC_BUCKETS | 095. Define users with privileges |
AWS_S3_PUBLIC_BUCKETS | 096. Set user's required privileges |
AWS_S3_PUBLIC_BUCKETS | 186. Use the principle of least privilege |
AWS_SECRETS_HAS_AUTOMATIC_ROTATION_DISABLED | 266. Disable insecure functionalities |
AWS_SNS_CAN_ANYONE_PUBLISH | 185. Encrypt sensitive information |
AWS_SNS_CAN_ANYONE_PUBLISH | 265. Restrict access to critical processes |
AWS_SNS_CAN_ANYONE_PUBLISH | 266. Disable insecure functionalities |
AWS_SNS_CAN_ANYONE_SUBSCRIBE | 185. Encrypt sensitive information |
AWS_SNS_CAN_ANYONE_SUBSCRIBE | 265. Restrict access to critical processes |
AWS_SNS_CAN_ANYONE_SUBSCRIBE | 266. Disable insecure functionalities |
AWS_SNS_HAS_SERVER_SIDE_ENCRYPTION_DISABLED | 185. Encrypt sensitive information |
AWS_SNS_HAS_SERVER_SIDE_ENCRYPTION_DISABLED | 265. Restrict access to critical processes |
AWS_SNS_HAS_SERVER_SIDE_ENCRYPTION_DISABLED | 266. Disable insecure functionalities |
AWS_SQS_HAS_ENCRYPTION_DISABLED | 185. Encrypt sensitive information |
AWS_SQS_HAS_ENCRYPTION_DISABLED | 265. Restrict access to critical processes |
AWS_SQS_HAS_ENCRYPTION_DISABLED | 266. Disable insecure functionalities |
AWS_SQS_IS_PUBLIC | 095. Define users with privileges |
AWS_SQS_IS_PUBLIC | 096. Set user's required privileges |
AWS_SQS_IS_PUBLIC | 186. Use the principle of least privilege |