Skip to content

Commit

Permalink
feat: Included 1.x rules for aws cis 1.3.0
Browse files Browse the repository at this point in the history
  • Loading branch information
m-pizarro committed May 6, 2022
1 parent 33cb620 commit 15c00a0
Showing 1 changed file with 18 additions and 8 deletions.
26 changes: 18 additions & 8 deletions src/aws/cis-1.3.0/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,11 +53,21 @@ Policy Pack based on the [AWS Foundations 1.3.0](https://docs.aws.amazon.com/aud
}
```

<!--
TODO: Uncomment table when rules available
## Available Ruleset
| Rule | Description |
| ------------ | ------------------------------------------------------------------------------------------------------ |
| - | - |
-->
| Rule | Description |
| ------------- | --------------------------------------------------------------------------------------------------------------------------- |
| AWS CIS 1.4 | Ensure no 'root' user account access key exists |
| AWS CIS 1.5 | Ensure MFA is enabled for the 'root user' account |
| AWS CIS 1.6 | Ensure hardware MFA is enabled for the 'root' user account |
| AWS CIS 1.7 | Eliminate use of the root user for administrative and daily tasks |
| AWS CIS 1.8 | Ensure IAM password policy requires minimum length of 14 or greater |
| AWS CIS 1.9 | Ensure IAM password policy prevents password reuse |
| AWS CIS 1.10 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password |
| AWS CIS 1.12 | Ensure credentials unused for 90 days or greater are disabled |
| AWS CIS 1.13 | Ensure there is only one active access key available for any single IAM user |
| AWS CIS 1.14 | Ensure access keys are rotated every 90 days or less |
| AWS CIS 1.15 | Ensure IAM Users Receive Permissions Only Through Groups |
| AWS CIS 1.16 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached |
| AWS CIS 1.17 | Ensure a support role has been created to manage incidents with AWS Support |
| AWS CIS 1.19 | Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed |
| AWS CIS 1.20 | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' |
| AWS CIS 1.21 | Ensure that IAM Access analyzer is enabled |

0 comments on commit 15c00a0

Please sign in to comment.