diff --git a/.gitignore b/.gitignore index 709bb11..6ec928c 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ *.conf *.csv +*.xls *.tab *.txt diff --git a/README.md b/README.md index ec34e92..60ebbfc 100644 --- a/README.md +++ b/README.md @@ -4,15 +4,16 @@ The `pcs-inspect.py` script queries the Prisma Cloud API for all enabled Policies and for all Alerts within a Relative Time Range (with a default of one month), -and outputs results to tab-delimited CSV files, including: +and outputs results to an Excel spreadsheet, including: +* Utilization Summary * Alerts By Compliance Standard * Alerts By Policy -* Alert Totals +* Alert Summary ### Requirements -* (Developed and tested on) Python 3.x with the `requests` library. +* (Developed and tested on) Python 3.x with the `pandas` and `requests` libraries. * Prisma Cloud Access Key with `ACCOUNT GROUP READ ONLY` or `SYSTEM ADMIN` privileges. ### Usage @@ -20,7 +21,7 @@ and outputs results to tab-delimited CSV files, including: * Download this repository. * If necessary, install the `requests` library. * Execute `pcs-inspect.py` to collect and process the data. -* Import the data into Google Sheets, and/or Google Slides (for example: [PCS Inspect Report](https://docs.google.com/presentation/d/10x_PGAu0ZPUGZMc4Tfevf9gpXvhIUOwGrBuRBkI6Jjc/edit?usp=sharing)) +* Import the results into Google Sheets, and/or Google Slides (for example: [PCS Inspect Report](https://docs.google.com/presentation/d/10x_PGAu0ZPUGZMc4Tfevf9gpXvhIUOwGrBuRBkI6Jjc/edit?usp=sharing)) * Profit! (You can independently execute the collect and process steps of the script by specifying `--mode collect` or `--mode process`) @@ -39,5 +40,3 @@ chmod +x pcs-inspect.py pip3 install -r requirements.txt ./pcs-inspect.py --customer_name example -u "https://api.prismacloud.io" -a "aaaaaaaa-1111-aaaa-1111-aaaaaaaa1111" -s "ssss1111ssss1111ssss1111=" ``` - -See [example.tab](example.tab) for example output. diff --git a/example.tab b/example.tab deleted file mode 100644 index 66e243d..0000000 --- a/example.tab +++ /dev/null @@ -1,1469 +0,0 @@ -################################################################################# -# Summary: Utilization -################################################################################# - -Number of Assets: 2172976 - -Number of Cloud Accounts (Not Including Child Accounts): 2 -Cloud Accounts Disabled 0 -Cloud Accounts Enabled 2 - -Number of Cloud Account Groups: 5 - -Number of Alert Rules 4 -Alert Rules Disabled 2 -Alert Rules Enabled 2 - -Number of Integrations 1 -Integrations Disabled 0 -Integrations Enabled 1 - -Number of Policies 646 -Policies Custom 1 -Policies Default 645 - -Number of Users: 21 -Users Disabled 0 -Users Enabled 21 - - -################################################################################# -# By Compliance Standard: Open Alerts, Past 1 Month -################################################################################# -Compliance Standard Alerts High Alerts Medium Alerts Low -APRA (CPS 234) Information Security 103 2445 515 -CCPA 2018 191 1475 409 -CIS v1.0.0 (GCP) 0 0 0 -CIS v1.0.0 (OCI) 113 0 30 -CIS v1.1 (Azure) 0 0 0 -CIS v1.1.0 (GCP) 0 0 0 -CIS v1.1.0 (GKE) 0 0 0 -CIS v1.1.0 (OCI) 156 0 30 -CIS v1.2.0 (AWS) 7 424 94 -CIS v1.2.0 (Azure) 0 0 0 -CIS v1.3.0 (AWS) 7 512 302 -CSA CCM v3.0.1 162 359 451 -GDPR 245 372 377 -HIPAA 204 18 335 -HITRUST CSF v9.3 162 393 451 -ISO 27001:2013 33 259 375 -MITRE ATT&CK [Beta] 263 671 137 -Multi-Level Protection Scheme (MLPS) v2.0 65 1537 473 -NIST 800-171 Rev1 33 375 446 -NIST 800-53 Rev 5 66 2297 497 -NIST 800-53 Rev4 195 2297 502 -NIST CSF 245 337 377 -PCI DSS v3.2 162 130 356 -PIPEDA 198 1481 409 -SOC 2 245 359 451 - -################################################################################# -# By Policy: Open Alerts, Past 1 Month -################################################################################# -Policy Severity Type With IAC With Remediation Alert Count Compliance Standards -OCI File Storage File System Export is publicly accessible high config False False 0 "" -AWS ACM Certificate with wildcard domain name low config False False 9 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS API Gateway endpoints without client certificate authentication medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA,SOC 2" -AWS API gateway request parameter is not validated medium config False False 0 "APRA (CPS 234) Information Security" -AWS Access key enabled on root account low config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS Access logging not enabled on S3 buckets medium config False False 63 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS Amazon Machine Image (AMI) is publicly accessible high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Application Load Balancer (ALB) is not using the latest predefined security policy low config False False 107 "" -AWS Certificate Manager (ACM) contains certificate pending validation low config False False 1 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS Certificate Manager (ACM) has certificates expiring in 30 days or less low config False False 3 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Certificate Manager (ACM) has certificates with Certificate Transparency Logging disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Certificate Manager (ACM) has expired certificates medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA,SOC 2" -AWS Certificate Manager (ACM) has invalid or failed certificate low config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS Certificate Manager (ACM) has unused certificates medium config False False 14 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS CloudFormation stack configured without SNS topic medium config False False 8 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFormation template contains globally open resources low config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront Distributions with Field-Level Encryption not enabled medium config False False 4 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront distribution is using insecure SSL protocols for HTTPS communication high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS CloudFront distribution with access logging disabled medium config False False 1 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront origin protocol policy does not enforce HTTPS-only high config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront viewer protocol policy is not configured with HTTPS high config False False 4 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront web distribution that allow TLS versions 1.0 or lower medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront web distribution with AWS Web Application Firewall (AWS WAF) service disabled medium config False False 4 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS CloudFront web distribution with default SSL certificate medium config False False 1 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront web distribution with geo restriction disabled low config False False 4 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudTrail S3 buckets have not enabled MFA Delete low config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudTrail bucket is publicly accessible high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS CloudTrail is not enabled in all regions medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS CloudTrail is not enabled on the account high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS CloudTrail log validation is not enabled in all regions low config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,SOC 2" -AWS CloudTrail logging is disabled medium config True True 0 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudTrail logs are not encrypted using Customer Master Keys (CMKs) medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,SOC 2" -AWS CloudTrail logs should integrate with CloudWatch for all regions medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Cloudfront Distribution with S3 have Origin Access set to disabled medium config False False 1 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Config Recording is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Config fails to deliver log files medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,PIPEDA" -AWS Config must record all possible resources medium config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,SOC 2" -AWS Customer Master Key (CMK) rotation is not enabled medium config True True 57 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS Database Migration Service (DMS) has expired certificates medium config False False 0 "" -AWS Database Migration Service endpoint do not have SSL configured medium config False False 0 "APRA (CPS 234) Information Security" -AWS Default Security Group does not restrict all traffic high config False False 4 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS DynamoDB encrypted using AWS owned CMK instead of AWS managed CMK medium config False False 711 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EBS Snapshot with access for unmonitored cloud accounts medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS EBS Volume is unattached medium config False False 40 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0" -AWS EBS snapshot is not encrypted medium config False False 0 "" -AWS EBS snapshots are accessible to public high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS EBS volume not encrypted using Customer Managed Key medium config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EBS volumes are not encrypted low config False False 299 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS EC2 Instance IAM Role not enabled medium config False False 194 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EC2 Instance Scheduled Events medium config False False 1 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0" -AWS EC2 instance allowing public IP in subnets medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EC2 instance is not configured with VPC high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EC2 instances with Public IP and associated with Security Groups have Internet Access medium config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS ECR repository is exposed to public high config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS ECS task definition elevated privileges enabled high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS ECS task definition logging not enabled medium config False False 0 "NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS ECS task definition readonlyRootFilesystem not enabled high config False False 0 "APRA (CPS 234) Information Security" -AWS ECS task definition resource limits not set high config False False 0 "" -AWS ECS/ Fargate task definition execution IAM Role not found medium config False False 5 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS ECS/ Fargate task definition root user found high config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS EKS cluster control plane assigned multiple security groups low config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0" -AWS EKS cluster endpoint access publicly enabled medium config True True 10 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EKS cluster security group overly permissive to all traffic medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EKS cluster using the default VPC medium config False False 1 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS EKS control plane logging disabled low config True True 10 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EKS unsupported Master node version high config False False 0 "" -AWS EMR cluster is not configured with CSE CMK for data at rest encryption (Amazon S3 with EMRFS) medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EMR cluster is not configured with Kerberos Authentication medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS EMR cluster is not configured with SSE KMS for data at rest encryption (Amazon S3 with EMRFS) medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EMR cluster is not configured with security configuration medium config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EMR cluster is not enabled with data encryption at rest medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EMR cluster is not enabled with data encryption in transit medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EMR cluster is not enabled with local disk encryption medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EMR cluster is not enabled with local disk encryption using CMK medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS ElastiCache Redis cluster with Multi-AZ Automatic Failover feature set to disabled medium config False False 1 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS ElastiCache Redis cluster with Redis AUTH feature disabled medium config False False 8 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS ElastiCache Redis cluster with encryption for data at rest disabled medium config False False 9 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS ElastiCache Redis cluster with in-transit encryption disabled medium config False False 8 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS ElastiCache cluster not associated with VPC medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic File System (EFS) not encrypted using Customer Managed Key medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic File System (EFS) with encryption for data at rest is disabled medium config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic Load Balancer (Classic) SSL negotiation policy configured with insecure ciphers medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic Load Balancer (Classic) SSL negotiation policy configured with vulnerable SSL protocol medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic Load Balancer (Classic) with access log disabled medium config False False 2 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic Load Balancer (Classic) with connection draining disabled medium config True True 2 "APRA (CPS 234) Information Security" -AWS Elastic Load Balancer (Classic) with cross-zone load balancing disabled medium config True True 2 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Elastic Load Balancer (ELB) has security group with no inbound rules medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Elastic Load Balancer (ELB) has security group with no outbound rules medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Elastic Load Balancer (ELB) not in use low config False False 0 "APRA (CPS 234) Information Security,ISO 27001:2013" -AWS Elastic Load Balancer (ELB) with ACM certificate expiring in 90 days medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Elastic Load Balancer (ELB) with IAM certificate expiring in 90 days medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Elastic Load Balancer v2 (ELBv2) SSL negotiation policy configured with weak ciphers medium config False False 0 "" -AWS Elastic Load Balancer v2 (ELBv2) listener that allow connection requests over HTTP medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic Load Balancer v2 (ELBv2) load balancer with invalid security groups medium config False False 0 "" -AWS Elastic Load Balancer v2 (ELBv2) with access log disabled medium config False False 26 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic Load Balancer v2 (ELBv2) with deletion protection feature disabled low config False False 205 "" -AWS Elastic Load Balancer v2 (ELBv2) with listener TLS/SSL is not configured medium config False False 11 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Elastic Load Balancer with listener TLS/SSL is not configured medium config False False 2 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS ElasticSearch cluster not in a VPC medium config False False 5 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elasticsearch IAM policy overly permissive to all traffic high config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,SOC 2" -AWS Elasticsearch domain Encryption for data at rest is disabled low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA" -AWS Elasticsearch domain has Dedicated master set to disabled low config False False 5 "APRA (CPS 234) Information Security" -AWS Elasticsearch domain has Index slow logs set to disabled low config False False 6 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS Elasticsearch domain has Search slow logs set to disabled low config False False 6 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS Elasticsearch domain has Zone Awareness set to disabled low config False False 5 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HITRUST CSF v9.3,NIST 800-53 Rev4,SOC 2" -AWS Elasticsearch domain publicly accessible medium config False False 5 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Glue connection do not have SSL configured medium config False False 0 "" -AWS IAM Groups with Administrator Access Permissions medium config False False 0 "APRA (CPS 234) Information Security" -AWS IAM Password policy is unsecure medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA,SOC 2" -AWS IAM Roles with Administrator Access Permissions medium config False False 2 "APRA (CPS 234) Information Security" -AWS IAM SSH keys for AWS CodeCommit have aged more than 90 days without being rotated medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS IAM deprecated managed policies in use by User high config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0" -AWS IAM has expired SSL/TLS certificates medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.3.0 (AWS),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS IAM password policy allows password reuse medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA,SOC 2" -AWS IAM password policy does not expire in 90 days medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS IAM password policy does not have a lowercase character medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS IAM password policy does not have a minimum of 14 characters medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS IAM password policy does not have a number medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS IAM password policy does not have a symbol medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS IAM password policy does not have an uppercase character medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS IAM password policy does not have password expiration period medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA,SOC 2" -AWS IAM policy allows assume role permission across all services high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS IAM policy allows full administrative privileges low config False False 2 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS IAM policy attached to users low config False False 35 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS IAM role/user with unused CloudTrail delete or full permission low config False False 98 "" -AWS IAM support access policy is not associated to any role medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS IAM user has both Console access and Access Keys medium config False False 27 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),GDPR,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,PIPEDA" -AWS IAM user has two active Access Keys medium config False False 5 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Inactive users for more than 30 days low config False False 56 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CSA CCM v3.0.1,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PCI DSS v3.2,SOC 2" -AWS KMS Customer Managed Key not in use medium config False False 38 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS KMS Key scheduled for deletion medium config False False 38 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS KMS customer managed external key expiring in 30 days or less medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Kinesis streams are not encrypted using Server Side Encryption medium config False False 3 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Kinesis streams encryption using default KMS keys instead of Customer's Managed Master Keys medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Lambda Environment Variables not encrypted at-rest using CMK low config False False 10 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Lambda Function is not assigned to access within VPC medium config False False 7 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Lambda functions with tracing not enabled medium config False False 18 "APRA (CPS 234) Information Security,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Lambda nearing availability code storage limit low config False False 0 "APRA (CPS 234) Information Security" -AWS Log metric filter and alarm does not exist for AWS Config configuration changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for AWS management console authentication failures low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for CloudTrail configuration changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for IAM policy changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for Network Access Control Lists (NACL) changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for Network gateways changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for Route table changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for S3 bucket policy changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for VPC changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for disabling or scheduled deletion of customer created CMKs low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for unauthorized API calls low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS MFA is not enabled on Root account high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -AWS MFA not enabled for IAM users medium config False False 8 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -AWS MQ is publicly accessible medium config False False 0 "APRA (CPS 234) Information Security" -AWS NAT Gateways are not being utilized for the default route medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0" -AWS Network ACLs allow ingress traffic to server administration ports medium config False False 8 "APRA (CPS 234) Information Security" -AWS Network ACLs with Inbound rule to allow All ICMP IPv4 medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Network ACLs with Inbound rule to allow All ICMP IPv6 medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Network ACLs with Inbound rule to allow All Traffic medium config False False 8 "APRA (CPS 234) Information Security,CCPA 2018,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Network ACLs with Outbound rule to allow All ICMP IPv4 medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Network ACLs with Outbound rule to allow All ICMP IPv6 medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Network ACLs with Outbound rule to allow All Traffic medium config False False 8 "APRA (CPS 234) Information Security,CCPA 2018,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Network Load Balancer (NLB) is not using the latest predefined security policy low config False False 15 "" -AWS RDS DB cluster encryption is disabled medium config False False 10 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS RDS DB cluster is encrypted using default KMS key instead of CMK medium config False False 10 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS RDS DB snapshot is encrypted using default KMS key instead of CMK medium config False False 516 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS RDS DB snapshot is not encrypted medium config False False 140 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS RDS Snapshot with access for unmonitored cloud accounts medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS RDS database instance is publicly accessible medium config True True 28 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS RDS database not encrypted using Customer Managed Key medium config False False 12 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS RDS event subscription disabled for DB instance medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS RDS event subscription disabled for DB security groups medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS RDS instance is not encrypted medium config False False 2 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS RDS instance not in private subnet medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS RDS instance with Multi-Availability Zone disabled medium config True True 7 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0" -AWS RDS instance with copy tags to snapshots disabled low config True True 8 "APRA (CPS 234) Information Security" -AWS RDS instance without Automatic Backup setting low config True True 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS RDS minor upgrades not enabled low config True True 12 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS RDS retention policy less than 7 days medium config False False 6 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS RDS snapshots are accessible to public high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS Redshift Cluster not encrypted using Customer Managed Key medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Redshift clusters should not be publicly accessible medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Redshift database does not have audit logging enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Redshift does not have require_ssl configured medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Redshift instances are not encrypted high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS Route53 Public Zone with Private Records medium config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 Bucket Policy allows public access to CloudTrail logs medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 Bucket has Global DELETE Permissions enabled via bucket policy high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 Bucket has Global GET Permissions enabled via bucket policy high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 Bucket has Global LIST Permissions enabled via bucket policy medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 Bucket has Global PUT Permissions enabled via bucket policy low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 Buckets Block public access setting disabled high config True True 37 "APRA (CPS 234) Information Security" -AWS S3 CloudTrail buckets for which access logging is disabled low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS S3 Object Versioning is disabled medium config True True 60 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta]" -AWS S3 bucket accessible to unmonitored cloud accounts medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS S3 bucket has global view ACL permissions enabled low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 bucket having policy overly permissive to VPC endpoints medium config False False 0 "" -AWS S3 bucket is not configured with MFA Delete low config False False 3 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 bucket not configured with secure data transport policy medium config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.3.0 (AWS),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 buckets are accessible to any authenticated user high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS S3 buckets are accessible to public high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS S3 buckets do not have server side encryption low config False False 40 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS SNS subscription is not configured with HTTPS medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS SNS topic encrypted using default KMS key instead of CMK medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS SNS topic with server-side encryption disabled medium config False False 61 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS SQS queue access policy is overly permissive high config False False 13 "" -AWS SQS queue encryption using default KMS key instead of CMK medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS SQS server side encryption not enabled medium config False False 43 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS SSM Parameter is not encrypted medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS SageMaker notebook instance IAM policy overly permissive to all traffic high config False False 0 "APRA (CPS 234) Information Security" -AWS SageMaker notebook instance configured with direct internet access feature medium config False False 0 "APRA (CPS 234) Information Security" -AWS SageMaker notebook instance is not placed in VPC medium config False False 0 "APRA (CPS 234) Information Security" -AWS SageMaker notebook instance not configured with data encryption at rest using KMS key high config False False 0 "APRA (CPS 234) Information Security" -AWS SageMaker notebook instance not encrypted using Customer Managed Key medium config False False 0 "APRA (CPS 234) Information Security" -AWS Security Group Inbound rule overly permissive to all traffic on all protocols (-1) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on CIFS port (445) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on DNS port (53) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on FTP port (21) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on FTP-Data port (20) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on MSQL port (4333) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on MYSQL port (3306) high config False False 2 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on NetBIOS port (137) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on NetBIOS port (138) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on PostgreSQL port (5432) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on RDP port (3389) high config True True 2 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Security Group allows all traffic on SMTP port (25) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on SQL Server port (1433) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on SQL Server port (1434) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on SSH port (22) high config True True 1 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Security Group allows all traffic on Telnet port (23) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on VNC Listener port (5500) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on VNC Server port (5900) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on Windows RPC port (135) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on ports which are not commonly used high config False False 16 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group overly permissive to all traffic high config True True 25 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS VPC NACL allows egress traffic from blocked ports medium config False False 0 "NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS VPC NACL allows traffic from blocked ports medium config False False 0 "NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS VPC Security group nearing availability limit low config False False 0 "APRA (CPS 234) Information Security" -AWS VPC Subnets nearing availability limit low config False False 0 "APRA (CPS 234) Information Security" -AWS VPC allows unauthorized peering medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS VPC has flow logs disabled medium config False False 8 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,SOC 2" -AWS VPC not in use medium config False False 0 "APRA (CPS 234) Information Security" -AWS VPC subnets should not allow automatic public IP assignment medium config True True 20 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS access keys are not rotated for 90 days medium config False False 130 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS access keys not used for more than 90 days medium config False False 19 "APRA (CPS 234) Information Security,CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,SOC 2" -AWS regions nearing VPC Private Gateway IPSec Limit low config False False 0 "APRA (CPS 234) Information Security" -AWS regions nearing VPC Private Gateway limit low config False False 0 "APRA (CPS 234) Information Security" -AWS root account configured with Virtual MFA medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS route table with VPC peering overly permissive to all traffic high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS security group allows egress traffic to blocked ports - 21,22,135,137-139,445,69 medium config False False 0 "NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS security groups allow ingress traffic from blocked ports - 21,22,135,137-139,445,69 medium config False False 0 "NIST 800-53 Rev 5,NIST 800-53 Rev4" -Account hijacking attempts high anomaly False False 1 "GDPR,MITRE ATT&CK [Beta],NIST CSF,SOC 2" -Activity Log Retention should not be set to less than 365 days medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Alibaba Cloud ActionTrail log OSS bucket is publicly accessible medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ActionTrail logging is disabled medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ApsaraDB RDS allowlist group is not restrictive medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ApsaraDB RDS instance is using the default VPC medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ECS instance RAM role not enabled medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ECS instance is not using VPC network medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ECS instance release protection is disabled low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ECS instance that has a public IP address and is attached to a security group with internet access medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud MFA is disabled for RAM user medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud OSS bucket accessible to public high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud OSS bucket server-side encryption is disabled medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password history check policy is disabled medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy configured to allow login after the password expires medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy does not expire in 90 days medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy does not have a lowercase character medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy does not have a minimum of 14 characters medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy does not have a number medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy does not have a symbol medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy does not have an uppercase character medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password retry constraint policy is disabled medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM policy allows full administrative privileges low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM policy attached to users low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM user has more than one active access keys medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud SLB delete protection is disabled low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud SLB listener is configured with SSL policy having TLS version 1.1 or lower medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud SLB listener that allow connection requests over HTTP medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to DNS port (53) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to FTP port (21) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to FTP-Data port (20) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to HTTP port (80) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to MS SQL Monitor port (1434) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to MS SQL port (1433) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to MySQL port (3306) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to Oracle DB port (1521) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to PostgreSQL port (5432) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to RDP port (3389) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to SMTP port (25) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to SSH port (22) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to Telnet port (23) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to VNC Listener port (5500) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to VNC Server port (5900) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group is overly permissive to all traffic high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud data disk is configured with delete automatic snapshots feature low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud data disk is configured with release disk with instance feature low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud disk automatic snapshot policy is disabled low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud disk encryption is disabled medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -All capabilities should be dropped high config False False 0 "" -Avoid running privileged containers high config False False 0 "" -Azure ACR HTTPS not enabled for webhook medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure AKS cluster Azure CNI networking not enabled medium config False False 0 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure AKS cluster HTTP application routing enabled low config False False 0 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure AKS cluster monitoring not enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure AKS cluster pool profile count contains less than 3 nodes low config False False 0 "APRA (CPS 234) Information Security" -Azure AKS enable role-based access control (RBAC) not enforced high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Active Directory Guest users found medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure Activity log alert for Create or update SQL server firewall rule does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Create or update network security group does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Create or update network security group rule does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Create or update security solution does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Create policy assignment does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Delete SQL server firewall rule does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Delete network security group does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Delete network security group rule does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Delete security solution does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Update security policy does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure App Service Web app authentication is off medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Service Web app client certificate is disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure App Service Web app doesn't have a Managed Service Identity medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,PIPEDA" -Azure App Service Web app doesn't redirect HTTP to HTTPS medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Service Web app doesn't use HTTP 2.0 medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure App Service Web app doesn't use latest .Net Core version medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Service Web app doesn't use latest Java version medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Service Web app doesn't use latest PHP version medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Service Web app doesn't use latest Python version medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Service Web app doesn't use latest TLS version medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Services FTP deployment is All allowed medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure App Services Remote debugging is enabled low config False False 0 "APRA (CPS 234) Information Security" -Azure Application Gateway allows TLSv1.1 or lower medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Application Gateway does not have the Web application firewall (WAF) enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Application gateways listener that allow connection requests over HTTP medium config False False 0 "APRA (CPS 234) Information Security" -Azure Container Registry does not use a dedicated resource group medium config False False 0 "APRA (CPS 234) Information Security" -Azure Container Registry using the deprecated classic registry medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta]" -Azure Cosmos DB IP range filter not configured medium config False False 0 "APRA (CPS 234) Information Security" -Azure Custom Role Administering Resource Locks not assigned low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure Key Vault Keys have no expiration date medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Key Vault audit logging is disabled high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Key Vault is not recoverable medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Key Vault secrets have no expiration date medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Key vaults diagnostics logs are disabled low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure Load Balancer diagnostics logs are disabled medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Monitor log profile does not capture all activities low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Monitoring log profile is not configured to export activity logs medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure MySQL Database Server SSL connection is disabled medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Network Security Group allows all traffic on CIFS (UDP Port 445) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on FTP (TCP Port 21) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on FTP-Data (TCP Port 20) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on ICMP (Ping) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on MSQL (TCP Port 4333) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on MySQL (TCP Port 3306) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on NetBIOS (UDP Port 137) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on NetBIOS (UDP Port 138) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on NetBIOS DNS (TCP Port 53) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on NetBIOS DNS (UDP Port 53) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on PostgreSQL (TCP Port 5432) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on RDP Port 3389 high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Network Security Group allows all traffic on SMTP (TCP Port 25) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on SQL Server (TCP Port 1433) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on SQL Server (UDP Port 1434) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on SSH port 22 high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Network Security Group allows all traffic on Telnet (TCP Port 23) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on VNC Listener (TCP Port 5500) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on VNC Server (TCP Port 5900) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on Windows RPC (TCP Port 135) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on Windows SMB (TCP Port 445) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group having Inbound rule overly permissive to all traffic on TCP protocol medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group having Inbound rule overly permissive to all traffic on UDP protocol medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group having Inbound rule overly permissive to all traffic on any protocol medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group with overly permissive outbound rule low config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Watcher Network Security Group (NSG) flow logs are disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Watcher Network Security Group (NSG) flow logs retention is less than 90 days medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL Database Server 'Allow access to Azure services' enabled medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure PostgreSQL Database Server Firewall rule allow access to all IPV4 address high config False False 0 "" -Azure PostgreSQL database server log retention days is less than or equals to 3 days medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL database server with SSL connection disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL database server with connection throttling parameter is disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL database server with log checkpoints parameter disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL database server with log connections parameter disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL database server with log disconnections parameter disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL database server with log duration parameter disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Resource Group does not have a resource lock low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure)" -Azure SQL Database with Auditing Retention less than 90 days medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure SQL Database with Threat Retention less than or equals to 90 days medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure SQL Databases with disabled Email service and co-administrators for Threat Detection medium config True True 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Azure SQL Server advanced data security does not have an email alert recipient medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure SQL Server advanced data security does not send alerts to service and co-administrators medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure SQL Server advanced data security is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure SQL Server audit log retention is less than 91 days high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure SQL Server auditing is disabled high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure SQL Server threat detection alerts not enabled for all threat types medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure SQL Server threat logs retention is less than 91 days high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure SQL Servers Firewall rule allow access to all IPV4 address high config False False 0 "" -Azure SQL database auditing is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure SQL server TDE protector is not encrypted with BYOK (Use your own key) medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure SQL server send alerts to field value is not set low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Security Center 'Standard pricing tier' is not selected medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),ISO 27001:2013" -Azure Security Center Defender set to Off for App Service medium config False False 0 "CIS v1.2.0 (Azure)" -Azure Security Center Defender set to Off for Azure SQL database servers medium config False False 0 "CIS v1.2.0 (Azure)" -Azure Security Center Defender set to Off for Key Vault medium config False False 0 "CIS v1.2.0 (Azure)" -Azure Security Center Defender set to Off for Kubernetes medium config False False 0 "CIS v1.2.0 (Azure)" -Azure Security Center Defender set to Off for Servers medium config False False 0 "CIS v1.2.0 (Azure)" -Azure Security Center Defender set to Off for Storage medium config False False 0 "CIS v1.2.0 (Azure)" -Azure Security Center JIT network access monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PIPEDA" -Azure Security Center SQL auditing and threat detection monitoring is set to disabled high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center SQL encryption monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center adaptive application controls monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PIPEDA" -Azure Security Center automatic provisioning of monitoring agent is set to Off medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),HIPAA,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PIPEDA" -Azure Security Center contact email not set medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Azure Security Center contact phone number not set low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Azure Security Center disk encryption monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center email notification for subscription owner is not set medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Azure Security Center endpoint protection monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center security configurations monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center send email notifications set to 'Off' medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Azure Security Center storage encryption monitoring is set to disabled high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center system updates monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA" -Azure Security Center vulnerability assessment monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center web application firewall monitoring is set to disabled high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Storage Account 'Trusted Microsoft Services' access not enabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,PIPEDA" -Azure Storage Account Container with activity log has BYOK encryption disabled medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Storage Account default network access is set to 'Allow' medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Storage account Encryption Customer Managed Keys Disabled medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure Storage account container storing activity logs is publicly accessible medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure VM OS disk is encrypted with the default encryption key instead of ADE/CMK medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure VM data disk is encrypted with the default encryption key instead of ADE/CMK medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure VPN is not configured with cryptographic algorithm medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA" -Azure Virtual Machine Boot Diagnostics Disabled low config False False 0 "APRA (CPS 234) Information Security" -Azure Virtual Machine does not have endpoint protection installed medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Virtual Machine is not assigned to an availability set medium config False False 0 "APRA (CPS 234) Information Security" -Azure Virtual Machine scale sets Boot Diagnostics Disabled low config False False 0 "APRA (CPS 234) Information Security" -Azure Virtual Machines are not utilising Managed Disks medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure Virtual Network subnet is not configured with a Network Security Group medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Virtual machine NIC has IP forwarding enabled medium config False False 0 "" -Azure Virtual machine scale sets are not utilising Managed Disks medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure disk is unattached and is encrypted with the default encryption key instead of ADE/CMK medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure log profile not capturing activity logs for all regions medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure storage account has a blob container with public access high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure storage account logging for blobs is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure storage account logging for queues is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure storage account logging for tables is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure subscriptions with custom roles are overly permissive medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure virtual network peer is disconnected medium config False False 0 "APRA (CPS 234) Information Security" -CUSTOMIZE: Non-corporate accounts have access to Google Cloud Platform (GCP) resources medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -CloudTrail trail is not integrated with CloudWatch Log medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -Containers must be run as non-root high config False False 0 "" -Default Firewall rule should not have any rules (except http and https) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Do not allow sharing host IPC namespace medium config False False 0 "" -Do not allow sharing host PID namespace medium config False False 0 "" -Do not allow volume claims to be read by many nodes low config False False 0 "" -Do not run containers as root high config False False 0 "" -Do not share host network with containers high config False False 0 "" -Ensure containers are immutable medium config False False 0 "" -Entrypoint of the container must be run with a user with a high ID medium config False False 0 "" -Excessive login failures high anomaly False False 10 "GDPR,MITRE ATT&CK [Beta],NIST CSF,SOC 2" -GCP BigQuery dataset is publicly accessible high config False False 0 "APRA (CPS 234) Information Security" -GCP Cloud DNS has DNSSEC disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,PIPEDA" -GCP Cloud DNS zones using RSASHA1 algorithm for DNSSEC key-signing medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,PIPEDA" -GCP Cloud DNS zones using RSASHA1 algorithm for DNSSEC zone-signing medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,PIPEDA" -GCP Firewall rule allows internet traffic to DNS port (53) medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to FTP port (21) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to HTTP port (80) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to Microsoft-DS port (445) medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to MongoDB port (27017) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to MySQL DB port (3306) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to NetBIOS-SSN port (139) medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to Oracle DB port (1521) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to POP3 port (110) medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to PostgreSQL port (5432) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to RDP port (3389) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to SMTP port (25) medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to SSH port (22) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to Telnet port (23) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rules allow inbound traffic from anywhere with no target tags set medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Firewall with Inbound rule overly permissive to All Traffic high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP GCR Container Vulnerability Scanning is disabled medium config False False 0 "" -GCP GKE unsupported Master node version high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,PIPEDA" -GCP GKE unsupported node version high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,PIPEDA" -GCP HTTPS Load balancer SSL Policy not using restrictive profile medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP HTTPS Load balancer is configured with SSL policy having TLS version 1.1 or lower medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP IAM Service account has admin privileges medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP IAM Users have overly permissive service account privileges medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP IAM primitive roles are in use medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP IAM user have overly permissive Cloud KMS roles medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP IAM user with service account privileges medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Cluster Nodes have default Service account for Project access medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters Basic Authentication is set to Enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),HIPAA,ISO 27001:2013,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Kubernetes Engine Clusters Client Certificate is set to Disabled low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have Alias IP disabled low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have Alpha cluster feature enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1.0 (GKE),PIPEDA" -GCP Kubernetes Engine Clusters have HTTP load balancing disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,ISO 27001:2013,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Kubernetes Engine Clusters have Legacy Authorization enabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),HIPAA,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have Master authorized networks disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),CSA CCM v3.0.1,HIPAA,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have Network policy disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),CSA CCM v3.0.1,HIPAA,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have Stackdriver Logging disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),HIPAA,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have Stackdriver Monitoring disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),CSA CCM v3.0.1,GDPR,HIPAA,ISO 27001:2013,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have binary authorization disabled medium config False False 0 "CCPA 2018,PIPEDA" -GCP Kubernetes Engine Clusters have legacy compute engine metadata endpoints enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1.0 (GKE),MITRE ATT&CK [Beta],PIPEDA" -GCP Kubernetes Engine Clusters have pod security policy disabled low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),ISO 27001:2013,PIPEDA" -GCP Kubernetes Engine Clusters network firewall inbound rule overly permissive to all traffic medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Kubernetes Engine Clusters not configured with network traffic egress metering low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,PIPEDA" -GCP Kubernetes Engine Clusters not configured with private cluster low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),ISO 27001:2013,PIPEDA" -GCP Kubernetes Engine Clusters not configured with private nodes feature medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1.0 (GKE),PIPEDA" -GCP Kubernetes Engine Clusters not using Container-Optimized OS for Node image low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),MITRE ATT&CK [Beta],PCI DSS v3.2" -GCP Kubernetes Engine Clusters using the default network medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Kubernetes Engine Clusters web UI/Dashboard is set to Enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),CSA CCM v3.0.1,HITRUST CSF v9.3,MITRE ATT&CK [Beta],NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA" -GCP Kubernetes Engine Clusters without any label information low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CSA CCM v3.0.1,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2" -GCP Kubernetes Engine cluster not using Release Channel for version management medium config False False 0 "" -GCP Kubernetes Engine cluster workload identity is disabled medium config False False 0 "" -GCP Kubernetes cluster Application-layer Secrets not encrypted medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Kubernetes cluster Shielded GKE Nodes feature disabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP Kubernetes cluster intra-node visibility disabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP Kubernetes cluster istioConfig not enabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP Kubernetes cluster node auto-repair configuration disabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP Kubernetes cluster node auto-upgrade configuration disabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP Kubernetes cluster not in redundant zones medium config False False 0 "APRA (CPS 234) Information Security" -GCP Kubernetes cluster shielded GKE node with Secure Boot disabled medium config False False 0 "" -GCP Kubernetes cluster shielded GKE node with integrity monitoring disabled medium config False False 0 "" -GCP Kubernetes cluster size contains less than 3 nodes with auto upgrade enabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP Load balancer HTTPS target proxy configured with default SSL policy instead of custom SSL policy medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Load balancer HTTPS target proxy is not configured with QUIC protocol low config False False 0 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for Audit Configuration Changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for Cloud Storage IAM permission changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for IAM custom role changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for Project Ownership assignments/changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for SQL instance configuration changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for VPC Network Firewall rule changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for VPC network changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for VPC network route changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP MySQL instance with local_infile database flag is not disabled low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1.0 (GCP)" -GCP PostgreSQL instance database flag log_connections is disabled low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP PostgreSQL instance database flag log_disconnections is disabled low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP PostgreSQL instance database flag log_lock_waits is disabled low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP PostgreSQL instance database flag log_min_duration_statement is not set to -1 low config False False 0 "APRA (CPS 234) Information Security" -GCP PostgreSQL instance database flag log_min_messages is not set low config False False 0 "APRA (CPS 234) Information Security" -GCP PostgreSQL instance database flag log_temp_files is not set to 0 low config False False 0 "APRA (CPS 234) Information Security" -GCP PostgreSQL instance with log_checkpoints database flag is disabled low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Project audit logging is not configured properly across all services and all users in a project medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Projects have OS Login disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],PIPEDA" -GCP SQL Instances without any Label information low config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,NIST 800-53 Rev4,PCI DSS v3.2" -GCP SQL Server instance database flag 'contained database authentication' is enabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP SQL Server instance database flag 'cross db ownership chaining' is enabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP SQL database instance is not configured with automated backups medium config False False 0 "APRA (CPS 234) Information Security" -GCP SQL database is assigned with public IP medium config False False 0 "APRA (CPS 234) Information Security" -GCP Storage bucket encrypted using default KMS key instead of a customer-managed key medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Storage buckets are publicly accessible to all authenticated users medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Storage buckets are publicly accessible to all users medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Storage log buckets have object versioning disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta]" -GCP User managed service account keys are not rotated for 90 days medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP User managed service accounts have user managed service account keys medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP VM disks not encrypted with Customer-Supplied Encryption Keys (CSEK) low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP VM instance configured with default service account medium config False False 0 "APRA (CPS 234) Information Security" -GCP VM instance using a default service account with full access to all Cloud APIs medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP)" -GCP VM instance with Shielded VM features disabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP VM instance with the external IP address medium config False False 0 "APRA (CPS 234) Information Security" -GCP VM instances have IP Forwarding enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,PIPEDA" -GCP VM instances have block project-wide SSH keys feature disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],PIPEDA" -GCP VM instances have serial port access enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),MITRE ATT&CK [Beta],PIPEDA" -GCP VM instances with excessive service account permissions medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP VPC Flow logs for the subnet is set to Off medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP VPC Network subnets have Private Google access disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CSA CCM v3.0.1,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,SOC 2" -GCP cloud storage bucket with uniform bucket-level access disabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP project is configured with legacy network medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP project is using the default network medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP sink not configured to export all log entries medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -Healthcare information publicly exposed high data False False 0 "" -Instance is communicating with ports known to mine Bitcoin high network False False 0 "CCPA 2018,HIPAA,MITRE ATT&CK [Beta],NIST CSF,PIPEDA" -Instance is communicating with ports known to mine Ethereum high network False False 0 "CCPA 2018,HIPAA,MITRE ATT&CK [Beta],NIST CSF,PIPEDA" -Instances exposed to network traffic from the internet high network False False 129 "CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Intellectual Property publicly exposed high data False False 0 "" -Internet connectivity via TCP over insecure port high network False False 7 "GDPR,HIPAA,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -List of VPCs less then 20 low config False False 0 "" -Logging on the Stackdriver exported Bucket is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,HIPAA,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -OCI Block Storage Block Volume does not have backup enabled high config False False 0 "" -OCI Block Storage Block Volume is not restorable high config False False 0 "" -OCI Block Storage Block Volumes are not encrypted with a Customer Managed Key (CMK) high config False False 0 "" -OCI Compute Instance boot volume has in-transit data encryption is disabled high config False False 59223 "" -OCI Compute Instance has Legacy MetaData service endpoint enabled high config False False 59223 "" -OCI Compute Instance has monitoring disabled high config False False 0 "" -OCI Default Security List of every VCN allows all traffic on SSH port (22) high config False False 39 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for IAM group changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for IAM policy changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for Identity Provider Group (IdP) group mapping changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for Identity Provider changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for Network Security Groups changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for VCN changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for network gateways changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for route tables changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for security list changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for user changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI File Storage File System access is not restricted to root users high config False False 0 "" -OCI File Storage File Systems are not encrypted with a Customer Managed Key (CMK) high config False False 0 "" -OCI IAM local (non-federated) user account does not have a valid and current email address high config False False 2 "CIS v1.1.0 (OCI)" -OCI IAM password policy for local (non-federated) users does not have a lowercase character high config False False 0 "CIS v1.0.0 (OCI)" -OCI IAM password policy for local (non-federated) users does not have a number high config False False 0 "CIS v1.0.0 (OCI)" -OCI IAM password policy for local (non-federated) users does not have a symbol high config False False 0 "CIS v1.0.0 (OCI)" -OCI IAM password policy for local (non-federated) users does not have an uppercase character high config False False 0 "CIS v1.0.0 (OCI)" -OCI IAM password policy for local (non-federated) users does not have minimum 14 characters high config False False 1 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI MFA is disabled for IAM users high config False False 25 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Network Security Group allows all traffic on RDP port (3389) high config False False 0 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Network Security Groups (NSG) has stateful security rules high config False False 36 "" -OCI Object Storage Bucket has object Versioning disabled high config False False 29 "" -OCI Object Storage Bucket is not encrypted with a Customer Managed Key (CMK) high config False False 29 "CIS v1.1.0 (OCI)" -OCI Object Storage bucket does not emit object events high config False False 12 "CIS v1.1.0 (OCI)" -OCI Object Storage bucket is publicly accessible high config False False 1 "" -OCI Security List allows all traffic on SSH port (22) high config False False 39 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI VCN Security list has stateful security rules high config False False 78 "" -OCI VCN has no inbound security list high config False False 68 "" -OCI security group allows unrestricted ingress access to port 22 high config False False 0 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI security lists allows unrestricted ingress access to port 3389 high config False False 0 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI tenancy administrator users are associated with API keys high config False False 2 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI users API keys have aged more than 90 days without being rotated high config False False 7 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -Objects containing Financial Information publicly exposed high data False False 0 "" -Objects containing Malware high data False False 0 "" -Objects containing PII data publicly exposed high data False False 0 "" -Overly permissive capabilities in container security context medium config False False 0 "" -Port scan activity (Internal) high anomaly False False 0 "MITRE ATT&CK [Beta]" -Port sweep activity (Internal) high anomaly False False 0 "MITRE ATT&CK [Beta]" -S3 buckets with configurations set to host websites medium config False False 1 "APRA (CPS 234) Information Security,ISO 27001:2013" -SQL DB Instance backup Binary logs configuration is not enabled medium config False False 0 "APRA (CPS 234) Information Security,HIPAA,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,SOC 2" -SQL DB instance backup configuration is not enabled high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,HITRUST CSF v9.3,ISO 27001:2013,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA" -SQL Instances do not have SSL configured medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -SQL Instances with network authorization exposing them to the Internet medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,ISO 27001:2013,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -SQL Server Firewall rules allow access to any Azure internal resources medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -SQL databases has encryption disabled high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -SQL servers which do not have Azure Active Directory admin configured medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Send alerts on field value on SQL Databases is misconfigured medium config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PCI DSS v3.2,SOC 2" -Sensitive Network configuration updates in GCP medium audit_event False False 0 "CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Sensitive SQL instance updates medium audit_event False False 0 "CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Sensitive Storage configuration updates medium audit_event False False 0 "CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Sensitive User actions medium audit_event False False 0 "CSA CCM v3.0.1,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,PCI DSS v3.2" -Spambot activity high anomaly False False 0 "" -Storage Accounts without Secure transfer enabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Storage Bucket does not have Access and Storage Logging enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Storage Buckets with publicly accessible Stackdriver logs medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Threat Detection on SQL databases is set to Off high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA" -Threat Detection types on SQL databases is misconfigured medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA" -Unusual protocol activity (External) high anomaly False False 0 "" -Unusual protocol activity (Internal) high anomaly False False 0 "" -Unusual server port activity (External) high anomaly False False 0 "" -Unusual server port activity (Internal) high anomaly False False 3 "" -Unusual user activity high anomaly False False 65 "GDPR,HIPAA,MITRE ATT&CK [Beta],NIST CSF,SOC 2" -VM Instances enabled with Pre-Emptible termination medium config False False 0 "APRA (CPS 234) Information Security,ISO 27001:2013,MITRE ATT&CK [Beta]" -VM Instances without any Custom metadata information low config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,NIST 800-53 Rev4,PCI DSS v3.2" -VM Instances without any Label information low config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,NIST 800-53 Rev4,PCI DSS v3.2" -VM instances without metadata, zone or label information medium config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,NIST 800-53 Rev4,PCI DSS v3.2" -do not allow volume claims to be read-write by many nodes medium config False False 0 "" - -################################################################################# -# Summary: Open Alerts, Past 1 Month -################################################################################# - -Number of Compliance Standards with Open Alerts: 20 - -Number of Policies with Open Alerts: 139 - -Open Alerts 122560 - -Open Alerts High-Severity 119145 -Open Alerts Medium-Severity 2445 -Open Alerts Low-Severity 970 - -Open Anomaly Alerts 79 -Open Config Alerts 122345 -Open Network Alerts 136 - -Open Alerts with IaC 247 - -Open Alerts with Remediation 281 - -Open Alerts Generated by Custom Policies 0 -Open Alerts Generated by Default Policies 122560 - -################################################################################# -# Summary: Utilization -################################################################################# - -Number of Assets: 2172976 - -Number of Cloud Accounts (Not Including Child Accounts): 2 -Cloud Accounts Disabled 0 -Cloud Accounts Enabled 2 - -Number of Cloud Account Groups: 5 - -Number of Alert Rules 4 -Alert Rules Disabled 2 -Alert Rules Enabled 2 - -Number of Integrations 1 -Integrations Disabled 0 -Integrations Enabled 1 - -Number of Policies 646 -Policies Custom 1 -Policies Default 645 - -Number of Users: 21 -Users Disabled 0 -Users Enabled 21 - - -################################################################################# -# By Compliance Standard: Open Alerts, Past 1 Month -################################################################################# -Compliance Standard Alerts High Alerts Medium Alerts Low -APRA (CPS 234) Information Security 103 2445 515 -CCPA 2018 191 1475 409 -CIS v1.0.0 (GCP) 0 0 0 -CIS v1.0.0 (OCI) 113 0 30 -CIS v1.1 (Azure) 0 0 0 -CIS v1.1.0 (GCP) 0 0 0 -CIS v1.1.0 (GKE) 0 0 0 -CIS v1.1.0 (OCI) 156 0 30 -CIS v1.2.0 (AWS) 7 424 94 -CIS v1.2.0 (Azure) 0 0 0 -CIS v1.3.0 (AWS) 7 512 302 -CSA CCM v3.0.1 162 359 451 -GDPR 245 372 377 -HIPAA 204 18 335 -HITRUST CSF v9.3 162 393 451 -ISO 27001:2013 33 259 375 -MITRE ATT&CK [Beta] 263 671 137 -Multi-Level Protection Scheme (MLPS) v2.0 65 1537 473 -NIST 800-171 Rev1 33 375 446 -NIST 800-53 Rev 5 66 2297 497 -NIST 800-53 Rev4 195 2297 502 -NIST CSF 245 337 377 -PCI DSS v3.2 162 130 356 -PIPEDA 198 1481 409 -SOC 2 245 359 451 - -################################################################################# -# By Policy: Open Alerts, Past 1 Month -################################################################################# -Policy Severity Type With IAC With Remediation Alert Count Compliance Standards -OCI File Storage File System Export is publicly accessible high config False False 0 "" -AWS ACM Certificate with wildcard domain name low config False False 9 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS API Gateway endpoints without client certificate authentication medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA,SOC 2" -AWS API gateway request parameter is not validated medium config False False 0 "APRA (CPS 234) Information Security" -AWS Access key enabled on root account low config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS Access logging not enabled on S3 buckets medium config False False 63 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS Amazon Machine Image (AMI) is publicly accessible high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Application Load Balancer (ALB) is not using the latest predefined security policy low config False False 107 "" -AWS Certificate Manager (ACM) contains certificate pending validation low config False False 1 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS Certificate Manager (ACM) has certificates expiring in 30 days or less low config False False 3 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Certificate Manager (ACM) has certificates with Certificate Transparency Logging disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Certificate Manager (ACM) has expired certificates medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA,SOC 2" -AWS Certificate Manager (ACM) has invalid or failed certificate low config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS Certificate Manager (ACM) has unused certificates medium config False False 14 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS CloudFormation stack configured without SNS topic medium config False False 8 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFormation template contains globally open resources low config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront Distributions with Field-Level Encryption not enabled medium config False False 4 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront distribution is using insecure SSL protocols for HTTPS communication high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS CloudFront distribution with access logging disabled medium config False False 1 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront origin protocol policy does not enforce HTTPS-only high config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront viewer protocol policy is not configured with HTTPS high config False False 4 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront web distribution that allow TLS versions 1.0 or lower medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront web distribution with AWS Web Application Firewall (AWS WAF) service disabled medium config False False 4 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS CloudFront web distribution with default SSL certificate medium config False False 1 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudFront web distribution with geo restriction disabled low config False False 4 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudTrail S3 buckets have not enabled MFA Delete low config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudTrail bucket is publicly accessible high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS CloudTrail is not enabled in all regions medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS CloudTrail is not enabled on the account high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS CloudTrail log validation is not enabled in all regions low config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,SOC 2" -AWS CloudTrail logging is disabled medium config True True 0 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS CloudTrail logs are not encrypted using Customer Master Keys (CMKs) medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,SOC 2" -AWS CloudTrail logs should integrate with CloudWatch for all regions medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Cloudfront Distribution with S3 have Origin Access set to disabled medium config False False 1 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Config Recording is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Config fails to deliver log files medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,PIPEDA" -AWS Config must record all possible resources medium config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,SOC 2" -AWS Customer Master Key (CMK) rotation is not enabled medium config True True 57 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS Database Migration Service (DMS) has expired certificates medium config False False 0 "" -AWS Database Migration Service endpoint do not have SSL configured medium config False False 0 "APRA (CPS 234) Information Security" -AWS Default Security Group does not restrict all traffic high config False False 4 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS DynamoDB encrypted using AWS owned CMK instead of AWS managed CMK medium config False False 711 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EBS Snapshot with access for unmonitored cloud accounts medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS EBS Volume is unattached medium config False False 40 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0" -AWS EBS snapshot is not encrypted medium config False False 0 "" -AWS EBS snapshots are accessible to public high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS EBS volume not encrypted using Customer Managed Key medium config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EBS volumes are not encrypted low config False False 299 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS EC2 Instance IAM Role not enabled medium config False False 194 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EC2 Instance Scheduled Events medium config False False 1 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0" -AWS EC2 instance allowing public IP in subnets medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EC2 instance is not configured with VPC high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EC2 instances with Public IP and associated with Security Groups have Internet Access medium config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS ECR repository is exposed to public high config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS ECS task definition elevated privileges enabled high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS ECS task definition logging not enabled medium config False False 0 "NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS ECS task definition readonlyRootFilesystem not enabled high config False False 0 "APRA (CPS 234) Information Security" -AWS ECS task definition resource limits not set high config False False 0 "" -AWS ECS/ Fargate task definition execution IAM Role not found medium config False False 5 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS ECS/ Fargate task definition root user found high config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS EKS cluster control plane assigned multiple security groups low config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0" -AWS EKS cluster endpoint access publicly enabled medium config True True 10 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EKS cluster security group overly permissive to all traffic medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EKS cluster using the default VPC medium config False False 1 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS EKS control plane logging disabled low config True True 10 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EKS unsupported Master node version high config False False 0 "" -AWS EMR cluster is not configured with CSE CMK for data at rest encryption (Amazon S3 with EMRFS) medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EMR cluster is not configured with Kerberos Authentication medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS EMR cluster is not configured with SSE KMS for data at rest encryption (Amazon S3 with EMRFS) medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EMR cluster is not configured with security configuration medium config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EMR cluster is not enabled with data encryption at rest medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EMR cluster is not enabled with data encryption in transit medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EMR cluster is not enabled with local disk encryption medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS EMR cluster is not enabled with local disk encryption using CMK medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS ElastiCache Redis cluster with Multi-AZ Automatic Failover feature set to disabled medium config False False 1 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS ElastiCache Redis cluster with Redis AUTH feature disabled medium config False False 8 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS ElastiCache Redis cluster with encryption for data at rest disabled medium config False False 9 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS ElastiCache Redis cluster with in-transit encryption disabled medium config False False 8 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS ElastiCache cluster not associated with VPC medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic File System (EFS) not encrypted using Customer Managed Key medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic File System (EFS) with encryption for data at rest is disabled medium config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic Load Balancer (Classic) SSL negotiation policy configured with insecure ciphers medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic Load Balancer (Classic) SSL negotiation policy configured with vulnerable SSL protocol medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic Load Balancer (Classic) with access log disabled medium config False False 2 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic Load Balancer (Classic) with connection draining disabled medium config True True 2 "APRA (CPS 234) Information Security" -AWS Elastic Load Balancer (Classic) with cross-zone load balancing disabled medium config True True 2 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Elastic Load Balancer (ELB) has security group with no inbound rules medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Elastic Load Balancer (ELB) has security group with no outbound rules medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Elastic Load Balancer (ELB) not in use low config False False 0 "APRA (CPS 234) Information Security,ISO 27001:2013" -AWS Elastic Load Balancer (ELB) with ACM certificate expiring in 90 days medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Elastic Load Balancer (ELB) with IAM certificate expiring in 90 days medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Elastic Load Balancer v2 (ELBv2) SSL negotiation policy configured with weak ciphers medium config False False 0 "" -AWS Elastic Load Balancer v2 (ELBv2) listener that allow connection requests over HTTP medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic Load Balancer v2 (ELBv2) load balancer with invalid security groups medium config False False 0 "" -AWS Elastic Load Balancer v2 (ELBv2) with access log disabled medium config False False 26 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elastic Load Balancer v2 (ELBv2) with deletion protection feature disabled low config False False 205 "" -AWS Elastic Load Balancer v2 (ELBv2) with listener TLS/SSL is not configured medium config False False 11 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Elastic Load Balancer with listener TLS/SSL is not configured medium config False False 2 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS ElasticSearch cluster not in a VPC medium config False False 5 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Elasticsearch IAM policy overly permissive to all traffic high config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,SOC 2" -AWS Elasticsearch domain Encryption for data at rest is disabled low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA" -AWS Elasticsearch domain has Dedicated master set to disabled low config False False 5 "APRA (CPS 234) Information Security" -AWS Elasticsearch domain has Index slow logs set to disabled low config False False 6 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS Elasticsearch domain has Search slow logs set to disabled low config False False 6 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS Elasticsearch domain has Zone Awareness set to disabled low config False False 5 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HITRUST CSF v9.3,NIST 800-53 Rev4,SOC 2" -AWS Elasticsearch domain publicly accessible medium config False False 5 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Glue connection do not have SSL configured medium config False False 0 "" -AWS IAM Groups with Administrator Access Permissions medium config False False 0 "APRA (CPS 234) Information Security" -AWS IAM Password policy is unsecure medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA,SOC 2" -AWS IAM Roles with Administrator Access Permissions medium config False False 2 "APRA (CPS 234) Information Security" -AWS IAM SSH keys for AWS CodeCommit have aged more than 90 days without being rotated medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS IAM deprecated managed policies in use by User high config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0" -AWS IAM has expired SSL/TLS certificates medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.3.0 (AWS),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS IAM password policy allows password reuse medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA,SOC 2" -AWS IAM password policy does not expire in 90 days medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS IAM password policy does not have a lowercase character medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS IAM password policy does not have a minimum of 14 characters medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS IAM password policy does not have a number medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS IAM password policy does not have a symbol medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS IAM password policy does not have an uppercase character medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS IAM password policy does not have password expiration period medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA,SOC 2" -AWS IAM policy allows assume role permission across all services high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS IAM policy allows full administrative privileges low config False False 2 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS IAM policy attached to users low config False False 35 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS IAM role/user with unused CloudTrail delete or full permission low config False False 98 "" -AWS IAM support access policy is not associated to any role medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS IAM user has both Console access and Access Keys medium config False False 27 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),GDPR,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,PIPEDA" -AWS IAM user has two active Access Keys medium config False False 5 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Inactive users for more than 30 days low config False False 56 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CSA CCM v3.0.1,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PCI DSS v3.2,SOC 2" -AWS KMS Customer Managed Key not in use medium config False False 38 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS KMS Key scheduled for deletion medium config False False 38 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS KMS customer managed external key expiring in 30 days or less medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Kinesis streams are not encrypted using Server Side Encryption medium config False False 3 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Kinesis streams encryption using default KMS keys instead of Customer's Managed Master Keys medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Lambda Environment Variables not encrypted at-rest using CMK low config False False 10 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Lambda Function is not assigned to access within VPC medium config False False 7 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Lambda functions with tracing not enabled medium config False False 18 "APRA (CPS 234) Information Security,HITRUST CSF v9.3,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Lambda nearing availability code storage limit low config False False 0 "APRA (CPS 234) Information Security" -AWS Log metric filter and alarm does not exist for AWS Config configuration changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for AWS management console authentication failures low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for CloudTrail configuration changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for IAM policy changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for Network Access Control Lists (NACL) changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for Network gateways changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for Route table changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for S3 bucket policy changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for VPC changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for disabling or scheduled deletion of customer created CMKs low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Log metric filter and alarm does not exist for unauthorized API calls low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS MFA is not enabled on Root account high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -AWS MFA not enabled for IAM users medium config False False 8 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -AWS MQ is publicly accessible medium config False False 0 "APRA (CPS 234) Information Security" -AWS NAT Gateways are not being utilized for the default route medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0" -AWS Network ACLs allow ingress traffic to server administration ports medium config False False 8 "APRA (CPS 234) Information Security" -AWS Network ACLs with Inbound rule to allow All ICMP IPv4 medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Network ACLs with Inbound rule to allow All ICMP IPv6 medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Network ACLs with Inbound rule to allow All Traffic medium config False False 8 "APRA (CPS 234) Information Security,CCPA 2018,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Network ACLs with Outbound rule to allow All ICMP IPv4 medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Network ACLs with Outbound rule to allow All ICMP IPv6 medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS Network ACLs with Outbound rule to allow All Traffic medium config False False 8 "APRA (CPS 234) Information Security,CCPA 2018,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Network Load Balancer (NLB) is not using the latest predefined security policy low config False False 15 "" -AWS RDS DB cluster encryption is disabled medium config False False 10 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS RDS DB cluster is encrypted using default KMS key instead of CMK medium config False False 10 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS RDS DB snapshot is encrypted using default KMS key instead of CMK medium config False False 516 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS RDS DB snapshot is not encrypted medium config False False 140 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS RDS Snapshot with access for unmonitored cloud accounts medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS RDS database instance is publicly accessible medium config True True 28 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS RDS database not encrypted using Customer Managed Key medium config False False 12 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS RDS event subscription disabled for DB instance medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS RDS event subscription disabled for DB security groups medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS RDS instance is not encrypted medium config False False 2 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS RDS instance not in private subnet medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS RDS instance with Multi-Availability Zone disabled medium config True True 7 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0" -AWS RDS instance with copy tags to snapshots disabled low config True True 8 "APRA (CPS 234) Information Security" -AWS RDS instance without Automatic Backup setting low config True True 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS RDS minor upgrades not enabled low config True True 12 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS RDS retention policy less than 7 days medium config False False 6 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS RDS snapshots are accessible to public high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS Redshift Cluster not encrypted using Customer Managed Key medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Redshift clusters should not be publicly accessible medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Redshift database does not have audit logging enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Redshift does not have require_ssl configured medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Redshift instances are not encrypted high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS Route53 Public Zone with Private Records medium config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 Bucket Policy allows public access to CloudTrail logs medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 Bucket has Global DELETE Permissions enabled via bucket policy high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 Bucket has Global GET Permissions enabled via bucket policy high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 Bucket has Global LIST Permissions enabled via bucket policy medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 Bucket has Global PUT Permissions enabled via bucket policy low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 Buckets Block public access setting disabled high config True True 37 "APRA (CPS 234) Information Security" -AWS S3 CloudTrail buckets for which access logging is disabled low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS S3 Object Versioning is disabled medium config True True 60 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta]" -AWS S3 bucket accessible to unmonitored cloud accounts medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS S3 bucket has global view ACL permissions enabled low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 bucket having policy overly permissive to VPC endpoints medium config False False 0 "" -AWS S3 bucket is not configured with MFA Delete low config False False 3 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 bucket not configured with secure data transport policy medium config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.3.0 (AWS),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS S3 buckets are accessible to any authenticated user high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS S3 buckets are accessible to public high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS S3 buckets do not have server side encryption low config False False 40 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS SNS subscription is not configured with HTTPS medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS SNS topic encrypted using default KMS key instead of CMK medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS SNS topic with server-side encryption disabled medium config False False 61 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS SQS queue access policy is overly permissive high config False False 13 "" -AWS SQS queue encryption using default KMS key instead of CMK medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS SQS server side encryption not enabled medium config False False 43 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS SSM Parameter is not encrypted medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS SageMaker notebook instance IAM policy overly permissive to all traffic high config False False 0 "APRA (CPS 234) Information Security" -AWS SageMaker notebook instance configured with direct internet access feature medium config False False 0 "APRA (CPS 234) Information Security" -AWS SageMaker notebook instance is not placed in VPC medium config False False 0 "APRA (CPS 234) Information Security" -AWS SageMaker notebook instance not configured with data encryption at rest using KMS key high config False False 0 "APRA (CPS 234) Information Security" -AWS SageMaker notebook instance not encrypted using Customer Managed Key medium config False False 0 "APRA (CPS 234) Information Security" -AWS Security Group Inbound rule overly permissive to all traffic on all protocols (-1) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on CIFS port (445) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on DNS port (53) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on FTP port (21) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on FTP-Data port (20) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on MSQL port (4333) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on MYSQL port (3306) high config False False 2 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on NetBIOS port (137) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on NetBIOS port (138) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on PostgreSQL port (5432) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on RDP port (3389) high config True True 2 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Security Group allows all traffic on SMTP port (25) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on SQL Server port (1433) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on SQL Server port (1434) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on SSH port (22) high config True True 1 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS Security Group allows all traffic on Telnet port (23) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on VNC Listener port (5500) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on VNC Server port (5900) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on Windows RPC port (135) high config False False 1 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group allows all traffic on ports which are not commonly used high config False False 16 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS Security Group overly permissive to all traffic high config True True 25 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -AWS VPC NACL allows egress traffic from blocked ports medium config False False 0 "NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS VPC NACL allows traffic from blocked ports medium config False False 0 "NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS VPC Security group nearing availability limit low config False False 0 "APRA (CPS 234) Information Security" -AWS VPC Subnets nearing availability limit low config False False 0 "APRA (CPS 234) Information Security" -AWS VPC allows unauthorized peering medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS VPC has flow logs disabled medium config False False 8 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,SOC 2" -AWS VPC not in use medium config False False 0 "APRA (CPS 234) Information Security" -AWS VPC subnets should not allow automatic public IP assignment medium config True True 20 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS access keys are not rotated for 90 days medium config False False 130 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -AWS access keys not used for more than 90 days medium config False False 19 "APRA (CPS 234) Information Security,CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,SOC 2" -AWS regions nearing VPC Private Gateway IPSec Limit low config False False 0 "APRA (CPS 234) Information Security" -AWS regions nearing VPC Private Gateway limit low config False False 0 "APRA (CPS 234) Information Security" -AWS root account configured with Virtual MFA medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,SOC 2" -AWS route table with VPC peering overly permissive to all traffic high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -AWS security group allows egress traffic to blocked ports - 21,22,135,137-139,445,69 medium config False False 0 "NIST 800-53 Rev 5,NIST 800-53 Rev4" -AWS security groups allow ingress traffic from blocked ports - 21,22,135,137-139,445,69 medium config False False 0 "NIST 800-53 Rev 5,NIST 800-53 Rev4" -Account hijacking attempts high anomaly False False 1 "GDPR,MITRE ATT&CK [Beta],NIST CSF,SOC 2" -Activity Log Retention should not be set to less than 365 days medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Alibaba Cloud ActionTrail log OSS bucket is publicly accessible medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ActionTrail logging is disabled medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ApsaraDB RDS allowlist group is not restrictive medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ApsaraDB RDS instance is using the default VPC medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ECS instance RAM role not enabled medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ECS instance is not using VPC network medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ECS instance release protection is disabled low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud ECS instance that has a public IP address and is attached to a security group with internet access medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud MFA is disabled for RAM user medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud OSS bucket accessible to public high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud OSS bucket server-side encryption is disabled medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password history check policy is disabled medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy configured to allow login after the password expires medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy does not expire in 90 days medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy does not have a lowercase character medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy does not have a minimum of 14 characters medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy does not have a number medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy does not have a symbol medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password policy does not have an uppercase character medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM password retry constraint policy is disabled medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM policy allows full administrative privileges low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM policy attached to users low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud RAM user has more than one active access keys medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud SLB delete protection is disabled low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud SLB listener is configured with SSL policy having TLS version 1.1 or lower medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud SLB listener that allow connection requests over HTTP medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to DNS port (53) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to FTP port (21) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to FTP-Data port (20) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to HTTP port (80) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to MS SQL Monitor port (1434) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to MS SQL port (1433) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to MySQL port (3306) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to Oracle DB port (1521) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to PostgreSQL port (5432) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to RDP port (3389) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to SMTP port (25) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to SSH port (22) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to Telnet port (23) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to VNC Listener port (5500) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group allow internet traffic to VNC Server port (5900) high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud Security group is overly permissive to all traffic high config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud data disk is configured with delete automatic snapshots feature low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud data disk is configured with release disk with instance feature low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud disk automatic snapshot policy is disabled low config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Alibaba Cloud disk encryption is disabled medium config False False 0 "Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -All capabilities should be dropped high config False False 0 "" -Avoid running privileged containers high config False False 0 "" -Azure ACR HTTPS not enabled for webhook medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure AKS cluster Azure CNI networking not enabled medium config False False 0 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure AKS cluster HTTP application routing enabled low config False False 0 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure AKS cluster monitoring not enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure AKS cluster pool profile count contains less than 3 nodes low config False False 0 "APRA (CPS 234) Information Security" -Azure AKS enable role-based access control (RBAC) not enforced high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Active Directory Guest users found medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure Activity log alert for Create or update SQL server firewall rule does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Create or update network security group does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Create or update network security group rule does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Create or update security solution does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Create policy assignment does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Delete SQL server firewall rule does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Delete network security group does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Delete network security group rule does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Delete security solution does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Activity log alert for Update security policy does not exist low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure App Service Web app authentication is off medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Service Web app client certificate is disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure App Service Web app doesn't have a Managed Service Identity medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,PIPEDA" -Azure App Service Web app doesn't redirect HTTP to HTTPS medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Service Web app doesn't use HTTP 2.0 medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure App Service Web app doesn't use latest .Net Core version medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Service Web app doesn't use latest Java version medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Service Web app doesn't use latest PHP version medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Service Web app doesn't use latest Python version medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Service Web app doesn't use latest TLS version medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure App Services FTP deployment is All allowed medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure App Services Remote debugging is enabled low config False False 0 "APRA (CPS 234) Information Security" -Azure Application Gateway allows TLSv1.1 or lower medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Application Gateway does not have the Web application firewall (WAF) enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Application gateways listener that allow connection requests over HTTP medium config False False 0 "APRA (CPS 234) Information Security" -Azure Container Registry does not use a dedicated resource group medium config False False 0 "APRA (CPS 234) Information Security" -Azure Container Registry using the deprecated classic registry medium config False False 0 "APRA (CPS 234) Information Security,MITRE ATT&CK [Beta]" -Azure Cosmos DB IP range filter not configured medium config False False 0 "APRA (CPS 234) Information Security" -Azure Custom Role Administering Resource Locks not assigned low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure Key Vault Keys have no expiration date medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Key Vault audit logging is disabled high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Key Vault is not recoverable medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Key Vault secrets have no expiration date medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Key vaults diagnostics logs are disabled low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure Load Balancer diagnostics logs are disabled medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Monitor log profile does not capture all activities low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Monitoring log profile is not configured to export activity logs medium config False False 0 "APRA (CPS 234) Information Security,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure MySQL Database Server SSL connection is disabled medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Network Security Group allows all traffic on CIFS (UDP Port 445) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on FTP (TCP Port 21) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on FTP-Data (TCP Port 20) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on ICMP (Ping) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on MSQL (TCP Port 4333) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on MySQL (TCP Port 3306) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on NetBIOS (UDP Port 137) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on NetBIOS (UDP Port 138) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on NetBIOS DNS (TCP Port 53) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on NetBIOS DNS (UDP Port 53) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on PostgreSQL (TCP Port 5432) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on RDP Port 3389 high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Network Security Group allows all traffic on SMTP (TCP Port 25) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on SQL Server (TCP Port 1433) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on SQL Server (UDP Port 1434) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on SSH port 22 high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Network Security Group allows all traffic on Telnet (TCP Port 23) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on VNC Listener (TCP Port 5500) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on VNC Server (TCP Port 5900) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on Windows RPC (TCP Port 135) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group allows all traffic on Windows SMB (TCP Port 445) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group having Inbound rule overly permissive to all traffic on TCP protocol medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group having Inbound rule overly permissive to all traffic on UDP protocol medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group having Inbound rule overly permissive to all traffic on any protocol medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Security Group with overly permissive outbound rule low config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Watcher Network Security Group (NSG) flow logs are disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Network Watcher Network Security Group (NSG) flow logs retention is less than 90 days medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL Database Server 'Allow access to Azure services' enabled medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure PostgreSQL Database Server Firewall rule allow access to all IPV4 address high config False False 0 "" -Azure PostgreSQL database server log retention days is less than or equals to 3 days medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL database server with SSL connection disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL database server with connection throttling parameter is disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL database server with log checkpoints parameter disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL database server with log connections parameter disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL database server with log disconnections parameter disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure PostgreSQL database server with log duration parameter disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Resource Group does not have a resource lock low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure)" -Azure SQL Database with Auditing Retention less than 90 days medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure SQL Database with Threat Retention less than or equals to 90 days medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure SQL Databases with disabled Email service and co-administrators for Threat Detection medium config True True 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Azure SQL Server advanced data security does not have an email alert recipient medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure SQL Server advanced data security does not send alerts to service and co-administrators medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure SQL Server advanced data security is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure SQL Server audit log retention is less than 91 days high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure SQL Server auditing is disabled high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure SQL Server threat detection alerts not enabled for all threat types medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure SQL Server threat logs retention is less than 91 days high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure SQL Servers Firewall rule allow access to all IPV4 address high config False False 0 "" -Azure SQL database auditing is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure SQL server TDE protector is not encrypted with BYOK (Use your own key) medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure SQL server send alerts to field value is not set low config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Security Center 'Standard pricing tier' is not selected medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),ISO 27001:2013" -Azure Security Center Defender set to Off for App Service medium config False False 0 "CIS v1.2.0 (Azure)" -Azure Security Center Defender set to Off for Azure SQL database servers medium config False False 0 "CIS v1.2.0 (Azure)" -Azure Security Center Defender set to Off for Key Vault medium config False False 0 "CIS v1.2.0 (Azure)" -Azure Security Center Defender set to Off for Kubernetes medium config False False 0 "CIS v1.2.0 (Azure)" -Azure Security Center Defender set to Off for Servers medium config False False 0 "CIS v1.2.0 (Azure)" -Azure Security Center Defender set to Off for Storage medium config False False 0 "CIS v1.2.0 (Azure)" -Azure Security Center JIT network access monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PIPEDA" -Azure Security Center SQL auditing and threat detection monitoring is set to disabled high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center SQL encryption monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center adaptive application controls monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PIPEDA" -Azure Security Center automatic provisioning of monitoring agent is set to Off medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),HIPAA,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PIPEDA" -Azure Security Center contact email not set medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Azure Security Center contact phone number not set low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Azure Security Center disk encryption monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center email notification for subscription owner is not set medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Azure Security Center endpoint protection monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center security configurations monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center send email notifications set to 'Off' medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Azure Security Center storage encryption monitoring is set to disabled high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center system updates monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA" -Azure Security Center vulnerability assessment monitoring is set to disabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Security Center web application firewall monitoring is set to disabled high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Azure Storage Account 'Trusted Microsoft Services' access not enabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,PIPEDA" -Azure Storage Account Container with activity log has BYOK encryption disabled medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure Storage Account default network access is set to 'Allow' medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Storage account Encryption Customer Managed Keys Disabled medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure Storage account container storing activity logs is publicly accessible medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure VM OS disk is encrypted with the default encryption key instead of ADE/CMK medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure VM data disk is encrypted with the default encryption key instead of ADE/CMK medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure VPN is not configured with cryptographic algorithm medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA" -Azure Virtual Machine Boot Diagnostics Disabled low config False False 0 "APRA (CPS 234) Information Security" -Azure Virtual Machine does not have endpoint protection installed medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Virtual Machine is not assigned to an availability set medium config False False 0 "APRA (CPS 234) Information Security" -Azure Virtual Machine scale sets Boot Diagnostics Disabled low config False False 0 "APRA (CPS 234) Information Security" -Azure Virtual Machines are not utilising Managed Disks medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure Virtual Network subnet is not configured with a Network Security Group medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure Virtual machine NIC has IP forwarding enabled medium config False False 0 "" -Azure Virtual machine scale sets are not utilising Managed Disks medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure)" -Azure disk is unattached and is encrypted with the default encryption key instead of ADE/CMK medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure log profile not capturing activity logs for all regions medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.1 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure storage account has a blob container with public access high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure storage account logging for blobs is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure storage account logging for queues is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure storage account logging for tables is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (Azure),MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -Azure subscriptions with custom roles are overly permissive medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.2.0 (Azure),Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev 5,NIST 800-53 Rev4" -Azure virtual network peer is disconnected medium config False False 0 "APRA (CPS 234) Information Security" -CUSTOMIZE: Non-corporate accounts have access to Google Cloud Platform (GCP) resources medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -CloudTrail trail is not integrated with CloudWatch Log medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.2.0 (AWS),CIS v1.3.0 (AWS),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,NIST 800-171 Rev1,NIST 800-53 Rev 5,NIST 800-53 Rev4,NIST CSF,PIPEDA,SOC 2" -Containers must be run as non-root high config False False 0 "" -Default Firewall rule should not have any rules (except http and https) high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Do not allow sharing host IPC namespace medium config False False 0 "" -Do not allow sharing host PID namespace medium config False False 0 "" -Do not allow volume claims to be read by many nodes low config False False 0 "" -Do not run containers as root high config False False 0 "" -Do not share host network with containers high config False False 0 "" -Ensure containers are immutable medium config False False 0 "" -Entrypoint of the container must be run with a user with a high ID medium config False False 0 "" -Excessive login failures high anomaly False False 10 "GDPR,MITRE ATT&CK [Beta],NIST CSF,SOC 2" -GCP BigQuery dataset is publicly accessible high config False False 0 "APRA (CPS 234) Information Security" -GCP Cloud DNS has DNSSEC disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,PIPEDA" -GCP Cloud DNS zones using RSASHA1 algorithm for DNSSEC key-signing medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,PIPEDA" -GCP Cloud DNS zones using RSASHA1 algorithm for DNSSEC zone-signing medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,PIPEDA" -GCP Firewall rule allows internet traffic to DNS port (53) medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to FTP port (21) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to HTTP port (80) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to Microsoft-DS port (445) medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to MongoDB port (27017) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to MySQL DB port (3306) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to NetBIOS-SSN port (139) medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to Oracle DB port (1521) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to POP3 port (110) medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to PostgreSQL port (5432) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to RDP port (3389) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to SMTP port (25) medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to SSH port (22) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rule allows internet traffic to Telnet port (23) high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Firewall rules allow inbound traffic from anywhere with no target tags set medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Firewall with Inbound rule overly permissive to All Traffic high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP GCR Container Vulnerability Scanning is disabled medium config False False 0 "" -GCP GKE unsupported Master node version high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,PIPEDA" -GCP GKE unsupported node version high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,PIPEDA" -GCP HTTPS Load balancer SSL Policy not using restrictive profile medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP HTTPS Load balancer is configured with SSL policy having TLS version 1.1 or lower medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP IAM Service account has admin privileges medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP IAM Users have overly permissive service account privileges medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP IAM primitive roles are in use medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP IAM user have overly permissive Cloud KMS roles medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP IAM user with service account privileges medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Cluster Nodes have default Service account for Project access medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters Basic Authentication is set to Enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),HIPAA,ISO 27001:2013,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Kubernetes Engine Clusters Client Certificate is set to Disabled low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have Alias IP disabled low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,ISO 27001:2013,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have Alpha cluster feature enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1.0 (GKE),PIPEDA" -GCP Kubernetes Engine Clusters have HTTP load balancing disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,ISO 27001:2013,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Kubernetes Engine Clusters have Legacy Authorization enabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),HIPAA,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have Master authorized networks disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),CSA CCM v3.0.1,HIPAA,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have Network policy disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),CSA CCM v3.0.1,HIPAA,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have Stackdriver Logging disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),HIPAA,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have Stackdriver Monitoring disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),CSA CCM v3.0.1,GDPR,HIPAA,ISO 27001:2013,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Kubernetes Engine Clusters have binary authorization disabled medium config False False 0 "CCPA 2018,PIPEDA" -GCP Kubernetes Engine Clusters have legacy compute engine metadata endpoints enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1.0 (GKE),MITRE ATT&CK [Beta],PIPEDA" -GCP Kubernetes Engine Clusters have pod security policy disabled low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),ISO 27001:2013,PIPEDA" -GCP Kubernetes Engine Clusters network firewall inbound rule overly permissive to all traffic medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Kubernetes Engine Clusters not configured with network traffic egress metering low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,PIPEDA" -GCP Kubernetes Engine Clusters not configured with private cluster low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),ISO 27001:2013,PIPEDA" -GCP Kubernetes Engine Clusters not configured with private nodes feature medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1.0 (GKE),PIPEDA" -GCP Kubernetes Engine Clusters not using Container-Optimized OS for Node image low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),MITRE ATT&CK [Beta],PCI DSS v3.2" -GCP Kubernetes Engine Clusters using the default network medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Kubernetes Engine Clusters web UI/Dashboard is set to Enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GKE),CSA CCM v3.0.1,HITRUST CSF v9.3,MITRE ATT&CK [Beta],NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA" -GCP Kubernetes Engine Clusters without any label information low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CSA CCM v3.0.1,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2" -GCP Kubernetes Engine cluster not using Release Channel for version management medium config False False 0 "" -GCP Kubernetes Engine cluster workload identity is disabled medium config False False 0 "" -GCP Kubernetes cluster Application-layer Secrets not encrypted medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Kubernetes cluster Shielded GKE Nodes feature disabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP Kubernetes cluster intra-node visibility disabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP Kubernetes cluster istioConfig not enabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP Kubernetes cluster node auto-repair configuration disabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP Kubernetes cluster node auto-upgrade configuration disabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP Kubernetes cluster not in redundant zones medium config False False 0 "APRA (CPS 234) Information Security" -GCP Kubernetes cluster shielded GKE node with Secure Boot disabled medium config False False 0 "" -GCP Kubernetes cluster shielded GKE node with integrity monitoring disabled medium config False False 0 "" -GCP Kubernetes cluster size contains less than 3 nodes with auto upgrade enabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP Load balancer HTTPS target proxy configured with default SSL policy instead of custom SSL policy medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Load balancer HTTPS target proxy is not configured with QUIC protocol low config False False 0 "APRA (CPS 234) Information Security,NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for Audit Configuration Changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for Cloud Storage IAM permission changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for IAM custom role changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for Project Ownership assignments/changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for SQL instance configuration changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for VPC Network Firewall rule changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for VPC network changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Log metric filter and alert does not exist for VPC network route changes low config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP MySQL instance with local_infile database flag is not disabled low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1.0 (GCP)" -GCP PostgreSQL instance database flag log_connections is disabled low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP PostgreSQL instance database flag log_disconnections is disabled low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP PostgreSQL instance database flag log_lock_waits is disabled low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP PostgreSQL instance database flag log_min_duration_statement is not set to -1 low config False False 0 "APRA (CPS 234) Information Security" -GCP PostgreSQL instance database flag log_min_messages is not set low config False False 0 "APRA (CPS 234) Information Security" -GCP PostgreSQL instance database flag log_temp_files is not set to 0 low config False False 0 "APRA (CPS 234) Information Security" -GCP PostgreSQL instance with log_checkpoints database flag is disabled low config False False 0 "APRA (CPS 234) Information Security,CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP Project audit logging is not configured properly across all services and all users in a project medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Projects have OS Login disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],PIPEDA" -GCP SQL Instances without any Label information low config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,NIST 800-53 Rev4,PCI DSS v3.2" -GCP SQL Server instance database flag 'contained database authentication' is enabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP SQL Server instance database flag 'cross db ownership chaining' is enabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP SQL database instance is not configured with automated backups medium config False False 0 "APRA (CPS 234) Information Security" -GCP SQL database is assigned with public IP medium config False False 0 "APRA (CPS 234) Information Security" -GCP Storage bucket encrypted using default KMS key instead of a customer-managed key medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Storage buckets are publicly accessible to all authenticated users medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -GCP Storage buckets are publicly accessible to all users medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP Storage log buckets have object versioning disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta]" -GCP User managed service account keys are not rotated for 90 days medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP User managed service accounts have user managed service account keys medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP VM disks not encrypted with Customer-Supplied Encryption Keys (CSEK) low config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP VM instance configured with default service account medium config False False 0 "APRA (CPS 234) Information Security" -GCP VM instance using a default service account with full access to all Cloud APIs medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP)" -GCP VM instance with Shielded VM features disabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP VM instance with the external IP address medium config False False 0 "APRA (CPS 234) Information Security" -GCP VM instances have IP Forwarding enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,PIPEDA" -GCP VM instances have block project-wide SSH keys feature disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],PIPEDA" -GCP VM instances have serial port access enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),MITRE ATT&CK [Beta],PIPEDA" -GCP VM instances with excessive service account permissions medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1.0 (GCP),ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP VPC Flow logs for the subnet is set to Off medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,NIST 800-53 Rev 5,NIST 800-53 Rev4" -GCP VPC Network subnets have Private Google access disabled medium config True True 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CSA CCM v3.0.1,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,SOC 2" -GCP cloud storage bucket with uniform bucket-level access disabled medium config False False 0 "APRA (CPS 234) Information Security" -GCP project is configured with legacy network medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP project is using the default network medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),ISO 27001:2013,NIST 800-53 Rev 5,NIST 800-53 Rev4,PIPEDA" -GCP sink not configured to export all log entries medium config False False 0 "APRA (CPS 234) Information Security,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),NIST 800-53 Rev 5,NIST 800-53 Rev4" -Healthcare information publicly exposed high data False False 0 "" -Instance is communicating with ports known to mine Bitcoin high network False False 0 "CCPA 2018,HIPAA,MITRE ATT&CK [Beta],NIST CSF,PIPEDA" -Instance is communicating with ports known to mine Ethereum high network False False 0 "CCPA 2018,HIPAA,MITRE ATT&CK [Beta],NIST CSF,PIPEDA" -Instances exposed to network traffic from the internet high network False False 129 "CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Intellectual Property publicly exposed high data False False 0 "" -Internet connectivity via TCP over insecure port high network False False 7 "GDPR,HIPAA,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -List of VPCs less then 20 low config False False 0 "" -Logging on the Stackdriver exported Bucket is disabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,HIPAA,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA,SOC 2" -OCI Block Storage Block Volume does not have backup enabled high config False False 0 "" -OCI Block Storage Block Volume is not restorable high config False False 0 "" -OCI Block Storage Block Volumes are not encrypted with a Customer Managed Key (CMK) high config False False 0 "" -OCI Compute Instance boot volume has in-transit data encryption is disabled high config False False 59223 "" -OCI Compute Instance has Legacy MetaData service endpoint enabled high config False False 59223 "" -OCI Compute Instance has monitoring disabled high config False False 0 "" -OCI Default Security List of every VCN allows all traffic on SSH port (22) high config False False 39 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for IAM group changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for IAM policy changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for Identity Provider Group (IdP) group mapping changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for Identity Provider changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for Network Security Groups changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for VCN changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for network gateways changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for route tables changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for security list changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Event Rule and Notification does not exist for user changes low config False False 3 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI File Storage File System access is not restricted to root users high config False False 0 "" -OCI File Storage File Systems are not encrypted with a Customer Managed Key (CMK) high config False False 0 "" -OCI IAM local (non-federated) user account does not have a valid and current email address high config False False 2 "CIS v1.1.0 (OCI)" -OCI IAM password policy for local (non-federated) users does not have a lowercase character high config False False 0 "CIS v1.0.0 (OCI)" -OCI IAM password policy for local (non-federated) users does not have a number high config False False 0 "CIS v1.0.0 (OCI)" -OCI IAM password policy for local (non-federated) users does not have a symbol high config False False 0 "CIS v1.0.0 (OCI)" -OCI IAM password policy for local (non-federated) users does not have an uppercase character high config False False 0 "CIS v1.0.0 (OCI)" -OCI IAM password policy for local (non-federated) users does not have minimum 14 characters high config False False 1 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI MFA is disabled for IAM users high config False False 25 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Network Security Group allows all traffic on RDP port (3389) high config False False 0 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI Network Security Groups (NSG) has stateful security rules high config False False 36 "" -OCI Object Storage Bucket has object Versioning disabled high config False False 29 "" -OCI Object Storage Bucket is not encrypted with a Customer Managed Key (CMK) high config False False 29 "CIS v1.1.0 (OCI)" -OCI Object Storage bucket does not emit object events high config False False 12 "CIS v1.1.0 (OCI)" -OCI Object Storage bucket is publicly accessible high config False False 1 "" -OCI Security List allows all traffic on SSH port (22) high config False False 39 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI VCN Security list has stateful security rules high config False False 78 "" -OCI VCN has no inbound security list high config False False 68 "" -OCI security group allows unrestricted ingress access to port 22 high config False False 0 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI security lists allows unrestricted ingress access to port 3389 high config False False 0 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI tenancy administrator users are associated with API keys high config False False 2 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -OCI users API keys have aged more than 90 days without being rotated high config False False 7 "CIS v1.0.0 (OCI),CIS v1.1.0 (OCI)" -Objects containing Financial Information publicly exposed high data False False 0 "" -Objects containing Malware high data False False 0 "" -Objects containing PII data publicly exposed high data False False 0 "" -Overly permissive capabilities in container security context medium config False False 0 "" -Port scan activity (Internal) high anomaly False False 0 "MITRE ATT&CK [Beta]" -Port sweep activity (Internal) high anomaly False False 0 "MITRE ATT&CK [Beta]" -S3 buckets with configurations set to host websites medium config False False 1 "APRA (CPS 234) Information Security,ISO 27001:2013" -SQL DB Instance backup Binary logs configuration is not enabled medium config False False 0 "APRA (CPS 234) Information Security,HIPAA,ISO 27001:2013,NIST 800-53 Rev4,PCI DSS v3.2,SOC 2" -SQL DB instance backup configuration is not enabled high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,HITRUST CSF v9.3,ISO 27001:2013,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA" -SQL Instances do not have SSL configured medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -SQL Instances with network authorization exposing them to the Internet medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CIS v1.1.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,ISO 27001:2013,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -SQL Server Firewall rules allow access to any Azure internal resources medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -SQL databases has encryption disabled high config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -SQL servers which do not have Azure Active Directory admin configured medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Send alerts on field value on SQL Databases is misconfigured medium config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PCI DSS v3.2,SOC 2" -Sensitive Network configuration updates in GCP medium audit_event False False 0 "CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Sensitive SQL instance updates medium audit_event False False 0 "CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Sensitive Storage configuration updates medium audit_event False False 0 "CSA CCM v3.0.1,GDPR,HITRUST CSF v9.3,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,SOC 2" -Sensitive User actions medium audit_event False False 0 "CSA CCM v3.0.1,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,PCI DSS v3.2" -Spambot activity high anomaly False False 0 "" -Storage Accounts without Secure transfer enabled medium config True True 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.1 (Azure),CIS v1.2.0 (Azure),CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Storage Bucket does not have Access and Storage Logging enabled medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CIS v1.0.0 (GCP),CSA CCM v3.0.1,GDPR,HIPAA,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Storage Buckets with publicly accessible Stackdriver logs medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,GDPR,HIPAA,HITRUST CSF v9.3,ISO 27001:2013,MITRE ATT&CK [Beta],NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA,SOC 2" -Threat Detection on SQL databases is set to Off high config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,PCI DSS v3.2,PIPEDA" -Threat Detection types on SQL databases is misconfigured medium config False False 0 "APRA (CPS 234) Information Security,CCPA 2018,CSA CCM v3.0.1,HITRUST CSF v9.3,ISO 27001:2013,Multi-Level Protection Scheme (MLPS) v2.0,NIST 800-53 Rev4,NIST CSF,PCI DSS v3.2,PIPEDA" -Unusual protocol activity (External) high anomaly False False 0 "" -Unusual protocol activity (Internal) high anomaly False False 0 "" -Unusual server port activity (External) high anomaly False False 0 "" -Unusual server port activity (Internal) high anomaly False False 3 "" -Unusual user activity high anomaly False False 65 "GDPR,HIPAA,MITRE ATT&CK [Beta],NIST CSF,SOC 2" -VM Instances enabled with Pre-Emptible termination medium config False False 0 "APRA (CPS 234) Information Security,ISO 27001:2013,MITRE ATT&CK [Beta]" -VM Instances without any Custom metadata information low config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,NIST 800-53 Rev4,PCI DSS v3.2" -VM Instances without any Label information low config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,NIST 800-53 Rev4,PCI DSS v3.2" -VM instances without metadata, zone or label information medium config False False 0 "APRA (CPS 234) Information Security,CSA CCM v3.0.1,NIST 800-53 Rev4,PCI DSS v3.2" -do not allow volume claims to be read-write by many nodes medium config False False 0 "" - -################################################################################# -# Summary: Open Alerts, Past 1 Month -################################################################################# - -Number of Compliance Standards with Open Alerts: 20 - -Number of Policies with Open Alerts: 139 - -Open Alerts 122560 - -Open Alerts High-Severity 119145 -Open Alerts Medium-Severity 2445 -Open Alerts Low-Severity 970 - -Open Anomaly Alerts 79 -Open Config Alerts 122345 -Open Network Alerts 136 - -Open Alerts with IaC 247 - -Open Alerts with Remediation 281 - -Open Alerts Generated by Custom Policies 0 -Open Alerts Generated by Default Policies 122560 \ No newline at end of file diff --git a/pcs-inspect.py b/pcs-inspect.py index ef40e15..286a6d3 100755 --- a/pcs-inspect.py +++ b/pcs-inspect.py @@ -4,6 +4,7 @@ import json import math import os +import pandas as pd import re import requests from requests.exceptions import RequestException @@ -89,41 +90,36 @@ 'RULES': '%s-rules.txt' % CUSTOMER_PREFIX, 'INTEGRATIONS': '%s-integrations.txt' % CUSTOMER_PREFIX } -OUTPUT_FILES = { - 'STANDARDS-OPEN-ALERTS': '%s-standards-open-alerts.csv' % CUSTOMER_PREFIX, - 'STANDARDS-ALL-ALERTS': '%s-standards-all-alerts.csv' % CUSTOMER_PREFIX, - 'POLICIES-OPEN-ALERTS': '%s-policies-open-alerts.csv' % CUSTOMER_PREFIX, - 'POLICIES-ALL-ALERTS': '%s-policies-all-alerts.csv' % CUSTOMER_PREFIX, - 'SUMMARY-OPEN-ALERTS': '%s-summary-open.csv' % CUSTOMER_PREFIX, - 'SUMMARY-ALL-ALERTS': '%s-summary-all.csv' % CUSTOMER_PREFIX, - 'SUMMARY-OTHER': '%s-summary-all.csv' % CUSTOMER_PREFIX -} -NO_STDOUT = True +OUTPUT_FILE_XLS = '%s.xls' % CUSTOMER_PREFIX ########################################################################################## # Helpers. ########################################################################################## -def output(output_data='', file_name=None, suppress_stdout=False): - if suppress_stdout == False or DEBUG_MODE: - print(output_data) - if file_name: - append_file(file_name, output_data) +def output(output_data=''): + print(output_data) + +#### + +def open_sheet(file_name): + return pd.ExcelWriter(file_name, engine='xlsxwriter') #### -def write_file(file_name, write_data=''): - this_file = open(file_name, 'w') - this_file.write(write_data) - this_file.close() +def write_sheet(panda_writer, this_sheet_name, rows): + dataframe = pd.DataFrame.from_records(rows) + dataframe.to_excel(panda_writer, sheet_name=this_sheet_name, header=False, index=False) + if DEBUG_MODE: + print(this_sheet_name) + print() + pd.set_option('display.max_rows', None) + print(dataframe) + print() #### -def append_file(file_name, write_data): - this_file = open(file_name, 'a') - this_file.write(write_data) - this_file.write("\n") - this_file.close() +def save_sheet(panda_writer): + panda_writer.save() #### @@ -380,7 +376,7 @@ def get_integrations(): output('Results saved as: %s' % RESULT_FILES['INTEGRATIONS']) output() if RUN_MODE == 'collect': - output("Run '%s --customer_name %s --mode process' to process the collected data and save to CSV files." % (os.path.basename(__file__), CUSTOMER_NAME)) + output("Run '%s --customer_name %s --mode process' to process the collected data and save to a spreadsheet." % (os.path.basename(__file__), CUSTOMER_NAME)) sys.exit(0) ########################################################################################## @@ -398,11 +394,6 @@ def get_integrations(): with open(RESULT_FILES[this_result_file], 'r') as f: DATA[this_result_file] = json.load(f) -# Initialize output files. - -for this_output_file in OUTPUT_FILES: - write_file(OUTPUT_FILES[this_output_file]) - # SUPPORT_API_MODE returns a dictionary (of Open Alerts) instead of a list. if type(DATA['ALERTS']) is dict: @@ -571,14 +562,14 @@ def get_integrations(): if DEBUG_MODE: output('Skipping Alert: Policy Deleted or Disabled: Policy ID: %s' % this_policy_id) continue - this_policy_name = policies[this_policy_id]['policyName'] + policy_name = policies[this_policy_id]['policyName'] # Compliance Standards for compliance_standard_name in policies[this_policy_id]['complianceStandards']: compliance_standards_counts_from_alerts.setdefault(compliance_standard_name, {'high': 0, 'medium': 0, 'low': 0}) compliance_standards_counts_from_alerts[compliance_standard_name][policies[this_policy_id]['policySeverity']] += 1 # Policies - policy_counts_from_alerts.setdefault(this_policy_name, {'policyId': this_policy_id, 'alertCount': 0}) - policy_counts_from_alerts[this_policy_name]['alertCount'] += 1 + policy_counts_from_alerts.setdefault(policy_name, {'policyId': this_policy_id, 'alertCount': 0}) + policy_counts_from_alerts[policy_name]['alertCount'] += 1 policy_totals_by_alert[policies[this_policy_id]['policySeverity']] += 1 policy_totals_by_alert[policies[this_policy_id]['policyType']] += 1 # Alerts @@ -608,7 +599,7 @@ def get_integrations(): count_of_compliance_standards_with_alerts_from_policies = sum(v != {'high': 0, 'medium': 0, 'low': 0} for k,v in compliance_standards_counts_from_policies.items()) if SUPPORT_API_MODE: - VAR_TIME_RANGE = ', %s' % TIME_RANGE_LABEL + VAR_TIME_RANGE = ' %s' % TIME_RANGE_LABEL alert_count = aggregate_alerts_by['status']['open'] count_of_policies_with_alerts_from_policies = len(aggregate_alerts_by['policy']) else: @@ -622,163 +613,167 @@ def get_integrations(): # Output totals. ########################################################################################## -# Output Utilization. +panda_writer = open_sheet(OUTPUT_FILE_XLS) output() -output('#################################################################################') -output('# Summary: Utilization', OUTPUT_FILES['SUMMARY-OTHER']) -output('#################################################################################') -output() -output("Number of Assets:\t%s" % asset_count, OUTPUT_FILES['SUMMARY-OTHER']) -output() -output("Number of Cloud Accounts (Not Including Child Accounts):\t%s" % len(DATA['ACCOUNTS']), OUTPUT_FILES['SUMMARY-OTHER']) -output("Cloud Accounts Disabled\t%s" % sum(x.get('enabled') == False for x in DATA['ACCOUNTS']), OUTPUT_FILES['SUMMARY-OTHER']) -output("Cloud Accounts Enabled\t%s" % sum(x.get('enabled') == True for x in DATA['ACCOUNTS']), OUTPUT_FILES['SUMMARY-OTHER']) -output() -output("Number of Cloud Account Groups:\t%s" % len(DATA['GROUPS']), OUTPUT_FILES['SUMMARY-OTHER']) -output() -output("Number of Alert Rules\t%s" % len(DATA['RULES']), OUTPUT_FILES['SUMMARY-OTHER']) -output("Alert Rules Disabled\t%s" % sum(x.get('enabled') == False for x in DATA['RULES']), OUTPUT_FILES['SUMMARY-OTHER']) -output("Alert Rules Enabled\t%s" % sum(x.get('enabled') == True for x in DATA['RULES']), OUTPUT_FILES['SUMMARY-OTHER']) +output('Saving Utilization Worksheet') output() -output("Number of Integrations\t%s" % len(DATA['INTEGRATIONS']), OUTPUT_FILES['SUMMARY-OTHER']) -output("Integrations Disabled\t%s" % sum(x.get('enabled') == False for x in DATA['INTEGRATIONS']), OUTPUT_FILES['SUMMARY-OTHER']) -output("Integrations Enabled\t%s" % sum(x.get('enabled') == True for x in DATA['INTEGRATIONS']), OUTPUT_FILES['SUMMARY-OTHER']) +rows = [ + ('Number of Assets', asset_count), + ('',''), + ('Number of Cloud Accounts', len(DATA['ACCOUNTS'])), # (Not Including Child Accounts) + ('Cloud Accounts Disabled', sum(x.get('enabled') == False for x in DATA['ACCOUNTS'])), + ('Cloud Accounts Enabled', sum(x.get('enabled') == True for x in DATA['ACCOUNTS'])), + ('',''), + ('Number of Cloud Account Groups', len(DATA['GROUPS'])), + ('',''), + ('Number of Alert Rules', len(DATA['RULES'])), + ('Alert Rules Disabled', sum(x.get('enabled') == False for x in DATA['RULES'])), + ('Alert Rules Enabled', sum(x.get('enabled') == True for x in DATA['RULES'])), + ('',''), + ('Number of Integrations', len(DATA['INTEGRATIONS'])), + ('Integrations Disabled', sum(x.get('enabled') == False for x in DATA['INTEGRATIONS'])), + ('Integrations Enabled', sum(x.get('enabled') == True for x in DATA['INTEGRATIONS'])), + ('',''), + ('Number of Policies', len(DATA['POLICIES'])), + ('Policies Custom', sum(x.get('systemDefault') == False for x in DATA['POLICIES'])), + ('Policies Default', sum(x.get('systemDefault') == True for x in DATA['POLICIES'])), + ('',''), + ('Number of Users', len(DATA['USERS'])), + ('Users Disabled', sum(x.get('enabled') == False for x in DATA['USERS'])), + ('Users Enabled', sum(x.get('enabled') == True for x in DATA['USERS'])), +] +write_sheet(panda_writer, 'Utilization', rows) + +output('Saving Alerts by Compliance Standard Worksheet(s)') output() -output("Number of Policies\t%s" % len(DATA['POLICIES']), OUTPUT_FILES['SUMMARY-OTHER']) -output("Policies Custom\t%s" % sum(x.get('systemDefault') == False for x in DATA['POLICIES']), OUTPUT_FILES['SUMMARY-OTHER']) -output("Policies Default\t%s" % sum(x.get('systemDefault') == True for x in DATA['POLICIES']), OUTPUT_FILES['SUMMARY-OTHER']) -output() -output("Number of Users:\t%s" % len(DATA['USERS']), OUTPUT_FILES['SUMMARY-OTHER']) -output("Users Disabled\t%s" % sum(x.get('enabled') == False for x in DATA['USERS']), OUTPUT_FILES['SUMMARY-OTHER']) -output("Users Enabled\t%s" % sum(x.get('enabled') == True for x in DATA['USERS']), OUTPUT_FILES['SUMMARY-OTHER']) -output() - -# Output Compliance Standards with Alerts. - -output() -output('#################################################################################') -output('# By Compliance Standard: Open Alerts%s' % VAR_TIME_RANGE, OUTPUT_FILES['STANDARDS-OPEN-ALERTS']) -output('#################################################################################') -output('Saved to: %s' % OUTPUT_FILES['STANDARDS-OPEN-ALERTS']) -output('%s\t%s\t%s\t%s' % ('Compliance Standard', 'Alerts High', 'Alerts Medium', 'Alerts Low'), OUTPUT_FILES['STANDARDS-OPEN-ALERTS'], NO_STDOUT) +rows = [] +rows.append(('Compliance Standard', 'Alerts High', 'Alerts Medium', 'Alerts Low') ) for compliance_standard_name in sorted(compliance_standards_counts_from_policies): alert_count_high = compliance_standards_counts_from_policies[compliance_standard_name]['high'] alert_count_medium = compliance_standards_counts_from_policies[compliance_standard_name]['medium'] alert_count_low = compliance_standards_counts_from_policies[compliance_standard_name]['low'] - output('%s\t%s\t%s\t%s' % (compliance_standard_name, alert_count_high, alert_count_medium, alert_count_low), OUTPUT_FILES['STANDARDS-OPEN-ALERTS'], NO_STDOUT) + rows.append((compliance_standard_name, alert_count_high, alert_count_medium, alert_count_low) ) +rows.append(('')) +rows.append(('')) +rows.append(('Time Range: %s' % VAR_TIME_RANGE, '')) +write_sheet(panda_writer, 'Open Alerts by Standard', rows) if not SUPPORT_API_MODE: - output() - output('#################################################################################') - output('# By Compliance Standard: Open and Closed Alerts, %s' % TIME_RANGE_LABEL, OUTPUT_FILES['STANDARDS-ALL-ALERTS']) - output('#################################################################################') - output('Saved to: %s' % OUTPUT_FILES['STANDARDS-ALL-ALERTS']) - output('%s\t%s\t%s\t%s' % ('Compliance Standard', 'Alerts High', 'Alerts Medium', 'Alerts Low'), OUTPUT_FILES['STANDARDS-ALL-ALERTS'], NO_STDOUT) - for standard_name in sorted(compliance_standards_counts_from_alerts): - alert_count_high = compliance_standards_counts_from_alerts[standard_name]['high'] - alert_count_medium = compliance_standards_counts_from_alerts[standard_name]['medium'] - alert_count_low = compliance_standards_counts_from_alerts[standard_name]['low'] - output('%s\t%s\t%s\t%s' % (standard_name, alert_count_high, alert_count_medium, alert_count_low), OUTPUT_FILES['STANDARDS-ALL-ALERTS'], NO_STDOUT) - -# Output Policies with Alerts. - + rows = [] + rows.append(('Compliance Standard', 'Alerts High', 'Alerts Medium', 'Alerts Low')) + for compliance_standard_name in sorted(compliance_standards_counts_from_alerts): + alert_count_high = compliance_standards_counts_from_alerts[compliance_standard_name]['high'] + alert_count_medium = compliance_standards_counts_from_alerts[compliance_standard_name]['medium'] + alert_count_low = compliance_standards_counts_from_alerts[compliance_standard_name]['low'] + rows.append((compliance_standard_name, alert_count_high, alert_count_medium, alert_count_low)) + rows.append(('')) + rows.append(('')) + rows.append(('Time Range: %s' % TIME_RANGE_LABEL, '')) + write_sheet(panda_writer, 'Open and Closed Alerts by Standard', rows) + +output('Saving Alerts by Policy Worksheet(s)') output() -output('#################################################################################') -output('# By Policy: Open Alerts%s' % VAR_TIME_RANGE, OUTPUT_FILES['POLICIES-OPEN-ALERTS']) -output('#################################################################################') -output('Saved to: %s' % OUTPUT_FILES['POLICIES-OPEN-ALERTS']) -output('%s\t%s\t%s\t%s\t%s\t%s\t%s' % ('Policy', 'Severity', 'Type', 'With IAC', 'With Remediation', 'Alert Count', 'Compliance Standards'), OUTPUT_FILES['POLICIES-OPEN-ALERTS'], NO_STDOUT) -for this_policy_name in sorted(policies_by_name): - this_policy_id = policies_by_name[this_policy_name]['policyId'] +rows = [] +rows.append(('Policy', 'Severity', 'Type', 'With IAC', 'With Remediation', 'Alert Count', 'Compliance Standards')) +for policy_name in sorted(policies_by_name): + this_policy_id = policies_by_name[policy_name]['policyId'] policy_severity = policies[this_policy_id]['policySeverity'] policy_type = policies[this_policy_id]['policyType'] policy_is_shiftable = policies[this_policy_id]['policyShiftable'] policy_is_remediable = policies[this_policy_id]['policyRemediable'] policy_alert_count = policies[this_policy_id]['alertCount'] policy_standards_list = ','.join(map(str, policies[this_policy_id]['complianceStandards'])) - output('%s\t%s\t%s\t%s\t%s\t%s\t"%s"' % (this_policy_name, policy_severity, policy_type, policy_is_remediable, policy_is_remediable, policy_alert_count, policy_standards_list), OUTPUT_FILES['POLICIES-OPEN-ALERTS'], NO_STDOUT) + rows.append((policy_name, policy_severity, policy_type, policy_is_remediable, policy_is_remediable, policy_alert_count, policy_standards_list)) +rows.append(('')) +rows.append(('')) +rows.append(('Time Range: %s' % VAR_TIME_RANGE, '')) +write_sheet(panda_writer, 'Open Alerts by Policy', rows) if not SUPPORT_API_MODE: - output() - output('#################################################################################') - output('# By Policy: Open and Closed Alerts, %s' % TIME_RANGE_LABEL, OUTPUT_FILES['POLICIES-ALL-ALERTS']) - output('#################################################################################') - output('Saved to: %s' % OUTPUT_FILES['POLICIES-ALL-ALERTS']) - output('%s\t%s\t%s\t%s\t%s\t%s\t%s' % ('Policy', 'Severity', 'Type', 'With IAC', 'With Remediation', 'Alert Count', 'Compliance Standards'), OUTPUT_FILES['POLICIES-ALL-ALERTS'], NO_STDOUT) - for this_policy_name in sorted(policy_counts_from_alerts): - this_policy_id = policy_counts_from_alerts[this_policy_name]['policyId'] + rows = [] + rows.append(('Policy', 'Severity', 'Type', 'With IAC', 'With Remediation', 'Alert Count', 'Compliance Standards')) + for policy_name in sorted(policy_counts_from_alerts): + this_policy_id = policy_counts_from_alerts[policy_name]['policyId'] policy_severity = policies[this_policy_id]['policySeverity'] policy_type = policies[this_policy_id]['policyType'] policy_is_shiftable = policies[this_policy_id]['policyShiftable'] policy_is_remediable = policies[this_policy_id]['policyRemediable'] - policy_alert_count = policy_counts_from_alerts[this_policy_name]['alertCount'] + policy_alert_count = policy_counts_from_alerts[policy_name]['alertCount'] policy_standards_list = ','.join(map(str, policies[this_policy_id]['complianceStandards'])) - output('%s\t%s\t%s\t%s\t%s\t%s\t"%s"' % (this_policy_name, policy_severity, policy_type, policy_is_remediable, policy_is_remediable, policy_alert_count, policy_standards_list), OUTPUT_FILES['POLICIES-ALL-ALERTS'], NO_STDOUT) - -# Output Summary of Alerts. + rows.append((policy_name, policy_severity, policy_type, policy_is_remediable, policy_is_remediable, policy_alert_count, policy_standards_list)) + rows.append(('')) + rows.append(('')) + rows.append(('Time Range: %s' % TIME_RANGE_LABEL, '')) + write_sheet(panda_writer, 'Open and Closed Alerts by Policy', rows) +output('Saving Alerts Summary Worksheet(s)') output() -output('#################################################################################') -output('# Summary: Open Alerts%s' % VAR_TIME_RANGE, OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output('#################################################################################') -output() -output("Number of Compliance Standards with Open Alerts:\t%s" % count_of_compliance_standards_with_alerts_from_policies, OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output() -output("Number of Policies with Open Alerts: \t%s" % count_of_policies_with_alerts_from_policies, OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output() -output("Open Alerts\t%s" % alert_totals_by_policy['open'], OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output() -output("Open Alerts High-Severity\t%s" % alert_totals_by_policy['open_high'], OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output("Open Alerts Medium-Severity\t%s" % alert_totals_by_policy['open_medium'], OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output("Open Alerts Low-Severity\t%s" % alert_totals_by_policy['open_low'], OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output() -output("Open Anomaly Alerts\t%s" % alert_totals_by_policy['anomaly'], OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output("Open Config Alerts\t%s" % alert_totals_by_policy['config'], OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output("Open Network Alerts\t%s" % alert_totals_by_policy['network'], OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output() -output("Open Alerts with IaC\t%s" % alert_totals_by_policy['shiftable'], OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output() -output("Open Alerts with Remediation\t%s" % alert_totals_by_policy['remediable'], OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output() -output("Open Alerts Generated by Custom Policies\t%s" % alert_totals_by_policy['custom'], OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output("Open Alerts Generated by Default Policies\t%s" % alert_totals_by_policy['default'], OUTPUT_FILES['SUMMARY-OPEN-ALERTS']) -output() +rows = [ + ('Number of Compliance Standards with Open Alerts', count_of_compliance_standards_with_alerts_from_policies), + ('',''), + ('Number of Policies with Open Alerts', count_of_policies_with_alerts_from_policies), + ('',''), + ('Open Alerts', alert_totals_by_policy['open']), + ('',''), + ('Open Alerts High-Severity', alert_totals_by_policy['open_high']), + ('Open Alerts Medium-Severity', alert_totals_by_policy['open_medium']), + ('Open Alerts Low-Severity', alert_totals_by_policy['open_low']), + ('',''), + ('Open Anomaly Alerts', alert_totals_by_policy['anomaly']), + ('Open Config Alerts', alert_totals_by_policy['config']), + ('Open Network Alerts', alert_totals_by_policy['network']), + ('',''), + ('Open Alerts with IaC', alert_totals_by_policy['shiftable']), + ('',''), + ('Open Alerts with Remediation', alert_totals_by_policy['remediable']), + ('',''), + ('Open Alerts Generated by Custom Policies', alert_totals_by_policy['custom']), + ('Open Alerts Generated by Default Policies', alert_totals_by_policy['default']), + ('',''), + ('',''), + ('Time Range: %s' %VAR_TIME_RANGE, ''), +] +write_sheet(panda_writer, 'Open Alerts Summary', rows) if not SUPPORT_API_MODE: - output('#################################################################################') - output('# Summary: Open and Closed Alerts, %s' % TIME_RANGE_LABEL, OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output('#################################################################################') - output() - output("Number of Compliance Standards with Alerts:\t%s" % count_of_compliance_standards_with_alerts_from_alerts, OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output() - output("Number of Policies with Alerts: \t%s" % count_of_policies_with_alerts_from_alerts, OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output() - output("Number of Alerts\t%s" % alert_count, OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output() - output("Open Alerts\t%s" % alert_totals_by_alert['open'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output() - output("Open Alerts High-Severity\t%s" % alert_totals_by_alert['open_high'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output("Open Alerts Medium-Severity\t%s" % alert_totals_by_alert['open_medium'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output("Open Alerts Low-Severity\t%s" % alert_totals_by_alert['open_low'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output() - output("Resolved Alerts\t%s" % alert_totals_by_alert['resolved'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output() - output("Resolved By Delete\t%s" % alert_totals_by_alert['resolved_deleted'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output("Resolved By Update\t%s" % alert_totals_by_alert['resolved_updated'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output() - output("Resolved Alerts High-Severity\t%s" % alert_totals_by_alert['resolved_high'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output("Resolved Alerts Medium-Severity\t%s" % alert_totals_by_alert['resolved_medium'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output("Resolved Alerts Low-Severity\t%s" % alert_totals_by_alert['resolved_low'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output() - output("Anomaly Alerts\t%s" % policy_totals_by_alert['anomaly'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output("Config Alerts\t%s" % policy_totals_by_alert['config'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output("Network Alerts\t%s" % policy_totals_by_alert['network'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output() - output("Alerts with IaC\t%s" % alert_totals_by_alert['shiftable'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output() - output("Alerts with Remediation\t%s" % alert_totals_by_alert['remediable'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output() - output("Alerts Generated by Custom Policies\t%s" % alert_totals_by_alert['custom'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output("Alerts Generated by Default Policies\t%s" % alert_totals_by_alert['default'], OUTPUT_FILES['SUMMARY-ALL-ALERTS']) - output() + rows = [ + ('Number of Compliance Standards with Alerts', count_of_compliance_standards_with_alerts_from_alerts), + ('',''), + ('Number of Policies with Alerts', count_of_policies_with_alerts_from_alerts), + ('',''), + ('Number of Alerts', alert_count), + ('',''), + ('Open Alerts', alert_totals_by_alert['open']), + ('',''), + ('Open Alerts High-Severity', alert_totals_by_alert['open_high']), + ('Open Alerts Medium-Severity', alert_totals_by_alert['open_medium']), + ('Open Alerts Low-Severity', alert_totals_by_alert['open_low']), + ('',''), + ('Resolved Alerts', alert_totals_by_alert['resolved']), + ('',''), + ('Resolved By Delete', alert_totals_by_alert['resolved_deleted']), + ('Resolved By Update', alert_totals_by_alert['resolved_updated']), + ('',''), + ('Resolved Alerts High-Severity', alert_totals_by_alert['resolved_high']), + ('Resolved Alerts Medium-Severity', alert_totals_by_alert['resolved_medium']), + ('Resolved Alerts Low-Severity', alert_totals_by_alert['resolved_low']), + ('',''), + ('Anomaly Alerts', policy_totals_by_alert['anomaly']), + ('Config Alerts', policy_totals_by_alert['config']), + ('Network Alerts', policy_totals_by_alert['network']), + ('',''), + ('Alerts with IaC', alert_totals_by_alert['shiftable']), + ('',''), + ('Alerts with Remediation', alert_totals_by_alert['remediable']), + ('',''), + ('Alerts Generated by Custom Policies', alert_totals_by_alert['custom']), + ('Alerts Generated by Default Policies', alert_totals_by_alert['default']), + ('',''), + ('',''), + ('Time Range: %s' % TIME_RANGE_LABEL, ''), + ] + write_sheet(panda_writer, 'Open and Closed Alerts Summary', rows) + +save_sheet(panda_writer) +output('Results saved as: %s' % OUTPUT_FILE_XLS) diff --git a/requirements.txt b/requirements.txt index f229360..69de461 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ +pandas requests