本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
合并对 ASFF 字段和值的影响
Security Hub 提供两种类型的整合:
-
整合的控件视图(始终开启;无法关闭)——每个控件在各类标准中都有一个标识符。Security Hub 控制台的控件页面会显示您各类标准的所有控件。
-
整合的控件调查发现(可以开启或关闭)——开启整合的控件调查发现后,即使在多个标准之间共享检查,Security Hub 也会为安全检查生成单个调查发现。这旨在减少调查发现中的噪音。如果您在 2023 年 2 月 23 日当天或之后启用 Security Hub,则默认情况下会为您启用整合控制结果。否则,它会默认关闭。但是,只有在管理员账户中启用整合的控件调查发现后,Security Hub 成员账户才会启用该功能。如果该功能在管理员账户中关闭,则在成员账户中也会关闭。有关开启此功能的说明,请参阅 开启整合的控件调查发现。
这两个功能都对 Amazon 安全调查结果格式 (ASFF) 中的控件调查发现字段和值进行了更改。本部分汇总了这些更改。
整合的控件视图——ASFF 变更
合并控件视图功能引入了以下更改来控制 ASFF 中的查找字段和值。
如果工作流程不依赖这些控件调查发现字段的值,则无需执行任何操作。
如果您的工作流程依赖于这些控制查找字段的特定值,请更新您的工作流程以使用当前值。
| ASFF 字段 | 整合的控件视图之前的样本值 | 整合的控件视图后的样本值,以及变更描述 |
|---|---|---|
|
合规。 SecurityControlId |
不适用(新字段) |
EC2.2 引入各类标准的单一控件 ID。 |
|
合规。 AssociatedStandards |
不适用(新字段) |
[{” StandardsId “: “standards/ aws-foundational-security-best-practices/v/1.0.0"}] 显示启用控件的标准。 |
|
ProductFields。 ArchivalReasons:0/描述 |
不适用(新字段) |
“调查发现处于已存档状态,因为整合的控件调查发现已开启或关闭。这会导致在生成新调查发现时存档先前状态的调查发现。” 描述 Security Hub 为何对现有调查发现进行存档。 |
|
ProductFields。 ArchivalReasons:0/ ReasonCode |
不适用(新字段) |
"CONSOLIDATED_CONTROL_FINDINGS_UPDATE" 提供了 Security Hub 存档现有调查发现的原因。 |
|
ProductFields.RecommendationUrl |
https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation |
https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此字段不再引用标准。 |
|
Remediation.Recommendation.Text |
“有关如何解决此问题的说明,请参阅 Sec Amazon urity Hub PCI DSS 文档。” |
“有关如何更正此问题的说明,请参阅 S Amazon ecurity Hub 控制文档。” 此字段不再引用标准。 |
|
Remediation.Recommendation.Url |
https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation |
https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此字段不再引用标准。 |
整合的控件调查发现——ASFF 的变化
如果您启用整合的控件调查发现,则可能会受到 ASFF 中控件调查发现字段和值的以下更改的影响。这些更改是对之前描述的整合控件视图更改的补充。
如果工作流程不依赖这些控件调查发现字段的值,则无需执行任何操作。
如果您的工作流程依赖于这些控制查找字段的特定值,请更新您的工作流程以使用当前值。
注意
Amazon v2.0.0 上的自动安全响应
| ASFF 字段 | 开启整合的控件调查发现之前的示例值 | 开启整合的控件调查发现后的示例值和变更描述 |
|---|---|---|
| GeneratorId | aws-foundational-security-best-练习/v/1.0.0/config.1 | security-control/Config.1 此字段不再引用标准。 |
| Title | 应该启用 pci.config.1 Amazon Config | Amazon Config 应该启用 此字段不再引用特定于标准的信息。 |
| Id |
arn:aws:securityhub:eu-central-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.IAM.5/finding/ab6d6a26-a156-48f0-9403-115983e5a956 |
arn:aws:securityhub:eu-central-1:123456789012:security-control/iam.9/finding/ab6d6a26-a156-48f0-9403-115983e5a956 此字段不再引用标准。 |
| ProductFields.ControlId | PCI.EC2.2 | 已删除。请改而参阅 Compliance.SecurityControlId。该字段已被删除,取而代之的是单一的、与标准无关的控制 ID。 |
| ProductFields.RuleId | 1.3 | 已删除。请改而参阅 Compliance.SecurityControlId。该字段已被删除,取而代之的是单一的、与标准无关的控制 ID。 |
| 描述 | 此 PCI DSS 控制检查当前账户和地区 Amazon Config 是否已启用。 | 此 Amazon 控件检查当前账户和区域中 Amazon Config 是否已启用。 此字段不再引用标准。 |
| 严重性 |
"Severity": { “产品”:90, “标签”:“重大”, “标准化”:90, “原始”:“重大” } |
"Severity": { “标签”:“重大”, “标准化”:90, “原始”:“重大” } Security Hub 不再使用 “产品” 字段来描述发现的严重性。 |
| 类型 | [“软件和配置检查/行业和监管标准/PCI-DSS”] | [“软件和配置检查/行业和监管标准”] 此字段不再引用标准。 |
| 合规。 RelatedRequirements |
["PCI DSS 10.5.2", "PCI DSS 11.5"] |
["PCI DSS v3.2.1/10.5.2", "PCI DSS v3.2.1/11.5", “独联体 Amazon 基金会基准测试 v1.2.0/2.5"] 此字段显示所有已启用标准中的相关要求。 |
| CreatedAt | 2022-05-05T08:18:13.138Z | 2022-09-25T08:18:13.138Z 格式保持不变,但是当您打开合并控制结果时,值会重置。 |
| FirstObservedAt | 2022-05-07T08:18:13.138Z | 2022-09-28T08:18:13.138Z 格式保持不变,但是当您打开合并控制结果时,值会重置。 |
| ProductFields.RecommendationUrl | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation | 已删除。请改而参阅 Remediation.Recommendation.Url。 |
| ProductFields.StandardsArn |
arn: aws: securityhub::: standards/-practices/v/1.0.0 aws-foundational-security-best |
已删除。请改而参阅 Compliance.AssociatedStandards。 |
| ProductFields.StandardsControlArn |
arn: aws: securityhub: us-east-1:123456789012: control/-practices/v/1.0.0/config.1 aws-foundational-security-best |
已删除。Security Hub 生成一项调查结果,用于跨标准的安全检查。 |
| ProductFields.StandardsGuideArn | arn: aws: securityhub::: ruleset/ /v/1.2.0 cis-aws-foundations-benchmark | 已删除。请改而参阅 Compliance.AssociatedStandards。 |
| ProductFields.StandardsGuideSubscriptionArn | arn: aws: securityhub: us-east-2:123456789012: subscription/ /v/1.2.0 cis-aws-foundations-benchmark | 已删除。Security Hub 生成一项调查结果,用于跨标准的安全检查。 |
| ProductFields.StandardsSubscriptionArn | arn: aws: securityhub: us-east-1:123456789012: subscription/-practices/v/1.0.0 aws-foundational-security-best | 已删除。Security Hub 生成一项调查结果,用于跨标准的安全检查。 |
| ProductFields.aws/securityhub/ FindingId | arn: aws: securityhub: us-east-1:: product/aws/securityhub/arn: aws: securityhub: us-east-1:123456789012: 订阅/-practices/v/1.0.0/config.1/finding/751c2173-7372-4e12-8656-a5210dfb1d67 aws-foundational-security-best | arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:security-control/Config.1/finding/751c2173-7372-4e12-8656-a5210dfb1d67 此字段不再引用标准。 |
启用合并控制结果后客户提供的 ASFF 字段的值
如果您启用整合的控件调查发现,Security Hub 会生成一个各类标准的调查发现并存档原始调查发现(每个标准都有单独的调查发现)。要查看已存档的调查发现,您可以访问 Security Hub 控制台的调查发现页面,并将记录状态筛选条件设置为已存档,或者使用 GetFindings API 操作。您在 Security Hub 控制台中或使用 BatchUpdateFindingsAPI 对原始发现所做的更新不会保留在新发现中(如果需要,您可以通过参考存档的发现来恢复这些数据)。
| 客户提供的 ASFF 字段 | 开启整合的控件调查发现后的变更描述 |
|---|---|
| 置信度 | 重置为空状态。 |
| 严重性 | 重置为空状态。 |
| 备注 | 重置为空状态。 |
| RelatedFindings | 重置为空状态。 |
| 严重性 | 调查发现的默认严重性(与控件的严重性相匹配)。 |
| 类型 | 重置为与标准无关的值。 |
| UserDefinedFields | 重置为空状态。 |
| VerificationState | 重置为空状态。 |
| 工作流 | 新的失败调查发现的默认值为 NEW。新通过的调查发现的默认值为 RESOLVED。 |
开启整合的控件调查发现之前和之后的生成器 ID
以下是开启整合的控件调查发现时控件的生成器 ID 更改列表。这些适用于自 2023 年 2 月 15 日起 Security Hub 支持的控件。
| 开启整合的控件调查发现之前的生成器 ID | 开启整合的控件调查发现后的生成器 ID |
|---|---|
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.1 cis-aws-foundations-benchmark |
安全控制/ .1 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.1 cis-aws-foundations-benchmark |
security-control/IAM.20 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.10 cis-aws-foundations-benchmark |
security-control/IAM.16 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.11 cis-aws-foundations-benchmark |
security-control/IAM.17 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.12 cis-aws-foundations-benchmark |
security-control/IAM.4 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.13 cis-aws-foundations-benchmark |
security-control/IAM.9 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.14 cis-aws-foundations-benchmark |
security-control/IAM.6 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.16 cis-aws-foundations-benchmark |
security-control/IAM.2 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.2 cis-aws-foundations-benchmark |
security-control/IAM.5 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.20 cis-aws-foundations-benchmark |
security-control/IAM.18 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.22 cis-aws-foundations-benchmark |
security-control/IAM.1 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.3 cis-aws-foundations-benchmark |
security-control/IAM.8 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.4 cis-aws-foundations-benchmark |
security-control/IAM.3 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.5 cis-aws-foundations-benchmark |
security-control/IAM.11 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.6 cis-aws-foundations-benchmark |
security-control/IAM.12 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.7 cis-aws-foundations-benchmark |
security-control/IAM.13 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.8 cis-aws-foundations-benchmark |
security-control/IAM.14 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/1.9 cis-aws-foundations-benchmark |
security-control/IAM.15 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/2.1 cis-aws-foundations-benchmark |
安全控制/ .1 CloudTrail |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/2.2 cis-aws-foundations-benchmark |
安全控制/ .4 CloudTrail |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/2.3 cis-aws-foundations-benchmark |
安全控制/ .6 CloudTrail |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/2.4 cis-aws-foundations-benchmark |
安全控制/ .5 CloudTrail |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/2.5 cis-aws-foundations-benchmark |
security-control/Config.1 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/2.6 cis-aws-foundations-benchmark |
安全控制/ .7 CloudTrail |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/2.7 cis-aws-foundations-benchmark |
安全控制/ .2 CloudTrail |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/2.8 cis-aws-foundations-benchmark |
security-control/KMS.4 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/2.9 cis-aws-foundations-benchmark |
security-control/EC2.6 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.1 cis-aws-foundations-benchmark |
安全控制/ .2 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.2 cis-aws-foundations-benchmark |
安全控制/ .3 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.3 cis-aws-foundations-benchmark |
安全控制/ .1 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.4 cis-aws-foundations-benchmark |
安全控制/ .4 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.5 cis-aws-foundations-benchmark |
安全控制/ .5 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.6 cis-aws-foundations-benchmark |
安全控制/ .6 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.7 cis-aws-foundations-benchmark |
安全控制/ .7 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.8 cis-aws-foundations-benchmark |
安全控制/ .8 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.9 cis-aws-foundations-benchmark |
安全控制/ .9 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.10 cis-aws-foundations-benchmark |
安全控制/ .10 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.11 cis-aws-foundations-benchmark |
安全控制/ .11 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.12 cis-aws-foundations-benchmark |
安全控制/ .12 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.13 cis-aws-foundations-benchmark |
安全控制/ .13 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/3.14 cis-aws-foundations-benchmark |
安全控制/ .14 CloudWatch |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/4.1 cis-aws-foundations-benchmark |
security-control/EC2.13 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/4.2 cis-aws-foundations-benchmark |
security-control/EC2.14 |
|
arn: aws: securityhub:: ruleset/ /v/1.2.0/rule/4.3 cis-aws-foundations-benchmark |
security-control/EC2.2 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.10 |
security-control/IAM.5 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.14 |
security-control/IAM.3 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.16 |
security-control/IAM.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.17 |
security-control/IAM.18 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.4 |
security-control/IAM.4 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.5 |
security-control/IAM.9 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.6 |
security-control/IAM.6 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.7 |
安全控制/ .1 CloudWatch |
|
cis-aws-foundations-benchmark/v/1.4.0/1.8 |
security-control/IAM.15 |
|
cis-aws-foundations-benchmark/v/1.4.0/1.9 |
security-control/IAM.16 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.1.2 |
security-control/S3.5 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.1.5.1 |
security-control/S3.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.1.5.2 |
security-control/S3.8 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.2.1 |
security-control/EC2.7 |
|
cis-aws-foundations-benchmark/v/1.4.0/2.3.1 |
security-control/RDS.3 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.1 |
安全控制/ .1 CloudTrail |
|
cis-aws-foundations-benchmark/v/1.4.0/3.2 |
安全控制/ .4 CloudTrail |
|
cis-aws-foundations-benchmark/v/1.4.0/3.4 |
安全控制/ .5 CloudTrail |
|
cis-aws-foundations-benchmark/v/1.4.0/3.5 |
security-control/Config.1 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.6 |
security-control/S3.9 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.7 |
安全控制/ .2 CloudTrail |
|
cis-aws-foundations-benchmark/v/1.4.0/3.8 |
security-control/KMS.4 |
|
cis-aws-foundations-benchmark/v/1.4.0/3.9 |
security-control/EC2.6 |
|
cis-aws-foundations-benchmark/v/1.4.0/4.3 |
安全控制/ .1 CloudWatch |
|
cis-aws-foundations-benchmark/v/1.4.0/4.4 |
安全控制/ .4 CloudWatch |
|
cis-aws-foundations-benchmark/v/1.4.0/4.5 |
安全控制/ .5 CloudWatch |
|
cis-aws-foundations-benchmark/v/1.4.0/4.6 |
安全控制/ .6 CloudWatch |
|
cis-aws-foundations-benchmark/v/1.4.0/4.7 |
安全控制/ .7 CloudWatch |
|
cis-aws-foundations-benchmark/v/1.4.0/4.8 |
安全控制/ .8 CloudWatch |
|
cis-aws-foundations-benchmark/v/1.4.0/4.9 |
安全控制/ .9 CloudWatch |
|
cis-aws-foundations-benchmark/v/1.4.0/4.10 |
安全控制/ .10 CloudWatch |
|
cis-aws-foundations-benchmark/v/1.4.0/4.11 |
安全控制/ .11 CloudWatch |
|
cis-aws-foundations-benchmark/v/1.4.0/4.12 |
安全控制/ .12 CloudWatch |
|
cis-aws-foundations-benchmark/v/1.4.0/4.13 |
安全控制/ .13 CloudWatch |
|
cis-aws-foundations-benchmark/v/1.4.0/4.14 |
安全控制/ .14 CloudWatch |
|
cis-aws-foundations-benchmark/v/1.4.0/5.1 |
security-control/EC2.21 |
|
cis-aws-foundations-benchmark/v/1.4.0/5.3 |
security-control/EC2.2 |
|
aws-foundational-security-best-练习/v/1.0.0/Account.1 |
security-control/Account.1 |
|
aws-foundational-security-best-practices/v/1.0.0/acm.1 |
security-control/ACM.1 |
|
aws-foundational-security-best-practices/v/1.0.0/apiGateway.1 |
security-control/APIGateway.1 |
|
aws-foundational-security-best-practices/v/1.0.0/apiGateway.2 |
security-control/APIGateway.2 |
|
aws-foundational-security-best-practices/v/1.0.0/apiGateway.3 |
security-control/APIGateway.3 |
|
aws-foundational-security-best-practices/v/1.0.0/apiGateway.4 |
security-control/APIGateway.4 |
|
aws-foundational-security-best-practices/v/1.0.0/apiGateway.5 |
security-control/APIGateway.5 |
|
aws-foundational-security-best-practices/v/1.0.0/apiGateway.8 |
security-control/APIGateway.8 |
|
aws-foundational-security-best-practices/v/1.0.0/apiGateway.9 |
security-control/APIGateway.9 |
|
aws-foundational-security-best-practices/v/1.0.0/ .1 AutoScaling |
安全控制/ .1 AutoScaling |
|
aws-foundational-security-best-practices/v/1.0.0/ .2 AutoScaling |
安全控制/ .2 AutoScaling |
|
aws-foundational-security-best-practices/v/1.0.0/ .3 AutoScaling |
安全控制/ .3 AutoScaling |
|
aws-foundational-security-best-practices/v/1.0.0/ .4 AutoScaling |
安全控制/ .4 AutoScaling |
|
aws-foundational-security-best-Practices/v/1.0.0/autoscaling.5 |
security-control/Autoscaling.5 |
|
aws-foundational-security-best-practices/v/1.0.0/ .6 AutoScaling |
安全控制/ .6 AutoScaling |
|
aws-foundational-security-best-practices/v/1.0.0/ .9 AutoScaling |
安全控制/ .9 AutoScaling |
|
aws-foundational-security-best-practices/v/1.0.0/ .1 CloudFormation |
安全控制/ .1 CloudFormation |
|
aws-foundational-security-best-practices/v/1.0.0/ .1 CloudFront |
安全控制/ .1 CloudFront |
|
aws-foundational-security-best-practices/v/1.0.0/ .2 CloudFront |
安全控制/ .2 CloudFront |
|
aws-foundational-security-best-practices/v/1.0.0/ .3 CloudFront |
安全控制/ .3 CloudFront |
|
aws-foundational-security-best-practices/v/1.0.0/ .4 CloudFront |
安全控制/ .4 CloudFront |
|
aws-foundational-security-best-practices/v/1.0.0/ .5 CloudFront |
安全控制/ .5 CloudFront |
|
aws-foundational-security-best-practices/v/1.0.0/ .6 CloudFront |
安全控制/ .6 CloudFront |
|
aws-foundational-security-best-practices/v/1.0.0/ .7 CloudFront |
安全控制/ .7 CloudFront |
|
aws-foundational-security-best-practices/v/1.0.0/ .8 CloudFront |
安全控制/ .8 CloudFront |
|
aws-foundational-security-best-practices/v/1.0.0/ .9 CloudFront |
安全控制/ .9 CloudFront |
|
aws-foundational-security-best-practices/v/1.0.0/ .10 CloudFront |
安全控制/ .10 CloudFront |
|
aws-foundational-security-best-practices/v/1.0.0/ .12 CloudFront |
安全控制/ .12 CloudFront |
|
aws-foundational-security-best-practices/v/1.0.0/ .1 CloudTrail |
安全控制/ .1 CloudTrail |
|
aws-foundational-security-best-practices/v/1.0.0/ .2 CloudTrail |
安全控制/ .2 CloudTrail |
|
aws-foundational-security-best-practices/v/1.0.0/ .4 CloudTrail |
安全控制/ .4 CloudTrail |
|
aws-foundational-security-best-practices/v/1.0.0/ .5 CloudTrail |
安全控制/ .5 CloudTrail |
|
aws-foundational-security-best-practices/v/1.0.0/ .1 CodeBuild |
安全控制/ .1 CodeBuild |
|
aws-foundational-security-best-practices/v/1.0.0/ .2 CodeBuild |
安全控制/ .2 CodeBuild |
|
aws-foundational-security-best-practices/v/1.0.0/ .3 CodeBuild |
安全控制/ .3 CodeBuild |
|
aws-foundational-security-best-practices/v/1.0.0/ .4 CodeBuild |
安全控制/ .4 CodeBuild |
|
aws-foundational-security-best-practices/v/1.0.0/ .5 CodeBuild |
安全控制/ .5 CodeBuild |
|
aws-foundational-security-best-练习/v/1.0.0/config.1 |
security-control/Config.1 |
|
aws-foundational-security-best-practices/v/1.0.0/dms.1 |
security-control/DMS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/dynamoDB.1 |
security-control/DynamoDB.1 |
|
aws-foundational-security-best-practices/v/1.0.0/DynamoDB.2 |
security-control/DynamoDB.2 |
|
aws-foundational-security-best-practices/v/1.0.0/dynamodB.3 |
security-control/DynamoDB.3 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.1 |
security-control/EC2.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.3 |
security-control/EC2.3 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.4 |
security-control/EC2.4 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.6 |
security-control/EC2.6 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.7 |
security-control/EC2.7 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.8 |
security-control/EC2.8 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.9 |
security-control/EC2.9 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.10 |
security-control/EC2.10 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.15 |
security-control/EC2.15 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.16 |
security-control/EC2.16 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.17 |
security-control/EC2.17 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.18 |
security-control/EC2.18 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.19 |
security-control/EC2.19 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.2 |
security-control/EC2.2 |
|
aws-foundational-security-best-练习/v/1.0.0/ec2.20 |
security-control/EC2.20 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.21 |
security-control/EC2.21 |
|
aws-foundational-security-best-练习/v/1.0.0/ec2.22 |
security-control/EC2.22 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.23 |
security-control/EC2.23 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.24 |
security-control/EC2.24 |
|
aws-foundational-security-best-practices/v/1.0.0/ec2.25 |
security-control/EC2.25 |
|
aws-foundational-security-best-practices/v/1.0.0/ecr.1 |
security-control/ECR.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ecr.2 |
security-control/ECR.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ecr.3 |
security-control/ECR.3 |
|
aws-foundational-security-best-practices/v/1.0.0/ecs.1 |
security-control/ECS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ecs.10 |
security-control/ECS.10 |
|
aws-foundational-security-best-practices/v/1.0.0/ecs.12 |
security-control/ECS.12 |
|
aws-foundational-security-best-practices/v/1.0.0/ecs.2 |
security-control/ECS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ecs.3 |
security-control/ECS.3 |
|
aws-foundational-security-best-practices/v/1.0.0/ecs.4 |
security-control/ECS.4 |
|
aws-foundational-security-best-practices/v/1.0.0/ecs.5 |
security-control/ECS.5 |
|
aws-foundational-security-best-practices/v/1.0.0/ecs.8 |
security-control/ECS.8 |
|
aws-foundational-security-best-practices/v/1.0.0/efs.1 |
security-control/EFS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/efs.2 |
security-control/EFS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/efs.3 |
security-control/EFS.3 |
|
aws-foundational-security-best-practices/v/1.0.0/efs.4 |
security-control/EFS.4 |
|
aws-foundational-security-best-practices/v/1.0.0/eks.2 |
security-control/EKS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ .1 ElasticBeanstalk |
安全控制/ .1 ElasticBeanstalk |
|
aws-foundational-security-best-practices/v/1.0.0/ .2 ElasticBeanstalk |
安全控制/ .2 ElasticBeanstalk |
|
aws-foundational-security-best-练习/v/1.0.0/elbv2.1 |
security-control/ELB.1 |
|
aws-foundational-security-best-练习/v/1.0.0/elb.2 |
security-control/ELB.2 |
|
aws-foundational-security-best-practices/v/1.0.0/elb.3 |
security-control/ELB.3 |
|
aws-foundational-security-best-practices/v/1.0.0/elb.4 |
security-control/ELB.4 |
|
aws-foundational-security-best-practices/v/1.0.0/elb.5 |
security-control/ELB.5 |
|
aws-foundational-security-best-practices/v/1.0.0/elb.6 |
security-control/ELB.6 |
|
aws-foundational-security-best-practices/v/1.0.0/elb.7 |
security-control/ELB.7 |
|
aws-foundational-security-best-practices/v/1.0.0/elb.8 |
security-control/ELB.8 |
|
aws-foundational-security-best-practices/v/1.0.0/elb.9 |
security-control/ELB.9 |
|
aws-foundational-security-best-practices/v/1.0.0/elb.10 |
security-control/ELB.10 |
|
aws-foundational-security-best-practices/v/1.0.0/elb.11 |
security-control/ELB.11 |
|
aws-foundational-security-best-practices/v/1.0.0/elb.12 |
security-control/ELB.12 |
|
aws-foundational-security-best-practices/v/1.0.0/elb.13 |
security-control/ELB.13 |
|
aws-foundational-security-best-practices/v/1.0.0/elb.14 |
security-control/ELB.14 |
|
aws-foundational-security-best-practices/v/1.0.0/emr.1 |
security-control/EMR.1 |
|
aws-foundational-security-best-练习/v/1.0.0/es.1 |
security-control/ES.1 |
|
aws-foundational-security-best-练习/v/1.0.0/es.2 |
security-control/ES.2 |
|
aws-foundational-security-best-练习/v/1.0.0/es.3 |
security-control/ES.3 |
|
aws-foundational-security-best-practices/v/1.0.0/es.4 |
security-control/ES.4 |
|
aws-foundational-security-best-练习/v/1.0.0/es.5 |
security-control/ES.5 |
|
aws-foundational-security-best-practices/v/1.0.0/es.6 |
security-control/ES.6 |
|
aws-foundational-security-best-practices/v/1.0.0/es.7 |
security-control/ES.7 |
|
aws-foundational-security-best-practices/v/1.0.0/es.8 |
security-control/ES.8 |
|
aws-foundational-security-best-practices/v/1.0.0/ .1 GuardDuty |
安全控制/ .1 GuardDuty |
|
aws-foundational-security-best-practices/v/1.0.0/iam.1 |
security-control/IAM.1 |
|
aws-foundational-security-best-practices/v/1.0.0/iam.2 |
security-control/IAM.2 |
|
aws-foundational-security-best-practices/v/1.0.0/iam.21 |
security-control/IAM.21 |
|
aws-foundational-security-best-practices/v/1.0.0/iam.3 |
security-control/IAM.3 |
|
aws-foundational-security-best-practices/v/1.0.0/iam.4 |
security-control/IAM.4 |
|
aws-foundational-security-best-practices/v/1.0.0/iam.5 |
security-control/IAM.5 |
|
aws-foundational-security-best-practices/v/1.0.0/iam.6 |
security-control/IAM.6 |
|
aws-foundational-security-best-practices/v/1.0.0/iam.7 |
security-control/IAM.7 |
|
aws-foundational-security-best-practices/v/1.0.0/iam.8 |
security-control/IAM.8 |
|
aws-foundational-security-best-练习/v/1.0.0/kinesis.1 |
security-control/Kinesis.1 |
|
aws-foundational-security-best-练习/v/1.0.0/kms.1 |
security-control/KMS.1 |
|
aws-foundational-security-best-练习/v/1.0.0/kms.2 |
security-control/KMS.2 |
|
aws-foundational-security-best-练习/v/1.0.0/kms.3 |
security-control/KMS.3 |
|
aws-foundational-security-best-练习/v/1.0.0/Lambda.1 |
security-control/Lambda.1 |
|
aws-foundational-security-best-练习/v/1.0.0/Lambda.2 |
security-control/Lambda.2 |
|
aws-foundational-security-best-练习/v/1.0.0/Lambda.5 |
security-control/Lambda.5 |
|
aws-foundational-security-best-practices/v/1.0.0/ .3 NetworkFirewall |
安全控制/ .3 NetworkFirewall |
|
aws-foundational-security-best-practices/v/1.0.0/ .4 NetworkFirewall |
安全控制/ .4 NetworkFirewall |
|
aws-foundational-security-best-practices/v/1.0.0/ .5 NetworkFirewall |
安全控制/ .5 NetworkFirewall |
|
aws-foundational-security-best-practices/v/1.0.0/ .6 NetworkFirewall |
安全控制/ .6 NetworkFirewall |
|
aws-foundational-security-best-练习/v/1.0.0/openSearch.1 |
security-control/Opensearch.1 |
|
aws-foundational-security-best-练习/v/1.0.0/openSearch.2 |
security-control/Opensearch.2 |
|
aws-foundational-security-best-练习/v/1.0.0/openSearch.3 |
security-control/Opensearch.3 |
|
aws-foundational-security-best-practices/v/1.0.0/openSearch.4 |
security-control/Opensearch.4 |
|
aws-foundational-security-best-practices/v/1.0.0/openSearch.5 |
security-control/Opensearch.5 |
|
aws-foundational-security-best-practices/v/1.0.0/openSearch.6 |
security-control/Opensearch.6 |
|
aws-foundational-security-best-practices/v/1.0.0/openSearch.7 |
security-control/Opensearch.7 |
|
aws-foundational-security-best-practices/v/1.0.0/openSearch.8 |
security-control/Opensearch.8 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.1 |
security-control/RDS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.10 |
security-control/RDS.10 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.11 |
security-control/RDS.11 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.12 |
security-control/RDS.12 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.13 |
security-control/RDS.13 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.14 |
security-control/RDS.14 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.15 |
security-control/RDS.15 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.16 |
security-control/RDS.16 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.17 |
security-control/RDS.17 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.18 |
security-control/RDS.18 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.19 |
security-control/RDS.19 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.2 |
security-control/RDS.2 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.20 |
security-control/RDS.20 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.21 |
security-control/RDS.21 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.22 |
security-control/RDS.22 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.23 |
security-control/RDS.23 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.24 |
security-control/RDS.24 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.25 |
security-control/RDS.25 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.3 |
security-control/RDS.3 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.4 |
security-control/RDS.4 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.5 |
security-control/RDS.5 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.6 |
security-control/RDS.6 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.7 |
security-control/RDS.7 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.8 |
security-control/RDS.8 |
|
aws-foundational-security-best-practices/v/1.0.0/rds.9 |
security-control/RDS.9 |
|
aws-foundational-security-best-practices/v/1.0.0/redshift.1 |
security-control/Redshift.1 |
|
aws-foundational-security-best-practices/v/1.0.0/redshift.2 |
security-control/Redshift.2 |
|
aws-foundational-security-best-practices/v/1.0.0/redshift.3 |
security-control/Redshift.3 |
|
aws-foundational-security-best-practices/v/1.0.0/redshift.4 |
security-control/Redshift.4 |
|
aws-foundational-security-best-practices/v/1.0.0/redshift.6 |
security-control/Redshift.6 |
|
aws-foundational-security-best-practices/v/1.0.0/redshift.7 |
security-control/Redshift.7 |
|
aws-foundational-security-best-practices/v/1.0.0/redshift.8 |
security-control/Redshift.8 |
|
aws-foundational-security-best-practices/v/1.0.0/redshift.9 |
security-control/Redshift.9 |
|
aws-foundational-security-best-练习/v/1.0.0/s3.1 |
security-control/S3.1 |
|
aws-foundational-security-best-practices/v/1.0.0/s3.10 |
security-control/S3.10 |
|
aws-foundational-security-best-practices/v/1.0.0/s3.11 |
security-control/S3.11 |
|
aws-foundational-security-best-practices/v/1.0.0/s3.12 |
security-control/S3.12 |
|
aws-foundational-security-best-practices/v/1.0.0/s3.13 |
security-control/S3.13 |
|
aws-foundational-security-best-练习/v/1.0.0/s3.2 |
security-control/S3.2 |
|
aws-foundational-security-best-练习/v/1.0.0/s3.3 |
security-control/S3.3 |
|
aws-foundational-security-best-练习/v/1.0.0/s3.5 |
security-control/S3.5 |
|
aws-foundational-security-best-练习/v/1.0.0/s3.6 |
security-control/S3.6 |
|
aws-foundational-security-best-练习/v/1.0.0/s3.8 |
security-control/S3.8 |
|
aws-foundational-security-best-练习/v/1.0.0/s3.9 |
security-control/S3.9 |
|
aws-foundational-security-best-practices/v/1.0.0/ .1 SageMaker |
安全控制/ .1 SageMaker |
|
aws-foundational-security-best-practices/v/1.0.0/ .2 SageMaker |
安全控制/ .2 SageMaker |
|
aws-foundational-security-best-practices/v/1.0.0/ .3 SageMaker |
安全控制/ .3 SageMaker |
|
aws-foundational-security-best-practices/v/1.0.0/ .1 SecretsManager |
安全控制/ .1 SecretsManager |
|
aws-foundational-security-best-practices/v/1.0.0/ .2 SecretsManager |
安全控制/ .2 SecretsManager |
|
aws-foundational-security-best-practices/v/1.0.0/ .3 SecretsManager |
安全控制/ .3 SecretsManager |
|
aws-foundational-security-best-practices/v/1.0.0/ .4 SecretsManager |
安全控制/ .4 SecretsManager |
|
aws-foundational-security-best-practices/v/1.0.0/sns.1 |
security-control/SNS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/sns.2 |
security-control/SNS.2 |
|
aws-foundational-security-best-练习/v/1.0.0/sqs.1 |
security-control/SQS.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ssm.1 |
security-control/SSM.1 |
|
aws-foundational-security-best-practices/v/1.0.0/ssm.2 |
security-control/SSM.2 |
|
aws-foundational-security-best-practices/v/1.0.0/ssm.3 |
security-control/SSM.3 |
|
aws-foundational-security-best-practices/v/1.0.0/ssm.4 |
security-control/SSM.4 |
|
aws-foundational-security-best-练习/v/1.0.0/waf.1 |
security-control/WAF.1 |
|
aws-foundational-security-best-练习/v/1.0.0/waf.2 |
security-control/WAF.2 |
|
aws-foundational-security-best-练习/v/1.0.0/waf.3 |
security-control/WAF.3 |
|
aws-foundational-security-best-练习/v/1.0.0/waf.4 |
security-control/WAF.4 |
|
aws-foundational-security-best-practices/v/1.0.0/waf.6 |
security-control/WAF.6 |
|
aws-foundational-security-best-practices/v/1.0.0/waf.7 |
security-control/WAF.7 |
|
aws-foundational-security-best-练习/v/1.0.0/waf.8 |
security-control/WAF.8 |
|
aws-foundational-security-best-练习/v/1.0.0/waf.10 |
security-control/WAF.10 |
|
pci-dss/v/3.2.1/PCI。 AutoScaling.1 |
安全控制/ .1 AutoScaling |
|
pci-dss/v/3.2.1/PCI。 CloudTrail.1 |
安全控制/ .2 CloudTrail |
|
pci-dss/v/3.2.1/PCI。 CloudTrail.2 |
安全控制/ .3 CloudTrail |
|
pci-dss/v/3.2.1/PCI。 CloudTrail.3 |
安全控制/ .4 CloudTrail |
|
pci-dss/v/3.2.1/PCI。 CloudTrail.4 |
安全控制/ .5 CloudTrail |
|
pci-dss/v/3.2.1/PCI。 CodeBuild.1 |
安全控制/ .1 CodeBuild |
|
pci-dss/v/3.2.1/PCI。 CodeBuild.2 |
安全控制/ .2 CodeBuild |
|
pci-dss/v/3.2.1/PCI.Config.1 |
security-control/Config.1 |
|
pci-dss/v/3.2.1/PCI.CW.1 |
安全控制/ .1 CloudWatch |
|
pci-dss/v/3.2.1/PCI.DMS.1 |
security-control/DMS.1 |
|
pci-dss/v/3.2.1/PCI.EC2.1 |
security-control/EC2.1 |
|
pci-dss/v/3.2.1/PCI.EC2.2 |
security-control/EC2.2 |
|
pci-dss/v/3.2.1/PCI.EC2.4 |
security-control/EC2.12 |
|
pci-dss/v/3.2.1/PCI.EC2.5 |
security-control/EC2.13 |
|
pci-dss/v/3.2.1/PCI.EC2.6 |
security-control/EC2.6 |
|
pci-dss/v/3.2.1/PCI.ELBv2.1 |
security-control/ELB.1 |
|
pci-dss/v/3.2.1/PCI.ES.1 |
security-control/ES.2 |
|
pci-dss/v/3.2.1/PCI.ES.2 |
security-control/ES.1 |
|
pci-dss/v/3.2.1/PCI。 GuardDuty.1 |
安全控制/ .1 GuardDuty |
|
pci-dss/v/3.2.1/PCI.IAM.1 |
security-control/IAM.4 |
|
pci-dss/v/3.2.1/PCI.IAM.2 |
security-control/IAM.2 |
|
pci-dss/v/3.2.1/PCI.IAM.3 |
security-control/IAM.1 |
|
pci-dss/v/3.2.1/PCI.IAM.4 |
security-control/IAM.6 |
|
pci-dss/v/3.2.1/PCI.IAM.5 |
security-control/IAM.9 |
|
pci-dss/v/3.2.1/PCI.IAM.6 |
security-control/IAM.19 |
|
pci-dss/v/3.2.1/PCI.IAM.7 |
security-control/IAM.8 |
|
pci-dss/v/3.2.1/PCI.IAM.8 |
security-control/IAM.10 |
|
pci-dss/v/3.2.1/PCI.KMS.1 |
security-control/KMS.4 |
|
pci-dss/v/3.2.1/PCI.Lambda.1 |
security-control/Lambda.1 |
|
pci-dss/v/3.2.1/PCI.Lambda.2 |
security-control/Lambda.3 |
|
pci-dss/v/3.2.1/PCI.Opensearch.1 |
security-control/Opensearch.2 |
|
pci-dss/v/3.2.1/PCI.Opensearch.2 |
security-control/Opensearch.1 |
|
pci-dss/v/3.2.1/PCI.RDS.1 |
security-control/RDS.1 |
|
pci-dss/v/3.2.1/PCI.RDS.2 |
security-control/RDS.2 |
|
pci-dss/v/3.2.1/PCI.Redshift.1 |
security-control/Redshift.1 |
|
pci-dss/v/3.2.1/PCI.S3.1 |
security-control/S3.3 |
|
pci-dss/v/3.2.1/PCI.S3.2 |
security-control/S3.2 |
|
pci-dss/v/3.2.1/PCI.S3.3 |
security-control/S3.7 |
|
pci-dss/v/3.2.1/PCI.S3.5 |
security-control/S3.5 |
|
pci-dss/v/3.2.1/PCI.S3.6 |
security-control/S3.1 |
|
pci-dss/v/3.2.1/PCI。 SageMaker.1 |
安全控制/ .1 SageMaker |
|
pci-dss/v/3.2.1/PCI.SSM.1 |
security-control/SSM.2 |
|
pci-dss/v/3.2.1/PCI.SSM.2 |
security-control/SSM.3 |
|
pci-dss/v/3.2.1/PCI.SSM.3 |
security-control/SSM.1 |
|
service-managed-aws-control-Tower/v/1.0.0/acm.1 |
security-control/ACM.1 |
|
service-managed-aws-control-Tower/v/1.0.0/apiGateway.1 |
security-control/APIGateway.1 |
|
service-managed-aws-control-Tower/v/1.0.0/Apigateway.2 |
security-control/APIGateway.2 |
|
service-managed-aws-control-Tower/v/1.0.0/apiGateway.3 |
security-control/APIGateway.3 |
|
service-managed-aws-control-Tower/v/1.0.0/apigateway.4 |
security-control/APIGateway.4 |
|
service-managed-aws-control-Tower/v/1.0.0/apigateway.5 |
security-control/APIGateway.5 |
|
service-managed-aws-control-tower/v/1.0.0/ .1 AutoScaling |
安全控制/ .1 AutoScaling |
|
service-managed-aws-control-tower/v/1.0.0/ .2 AutoScaling |
安全控制/ .2 AutoScaling |
|
service-managed-aws-control-tower/v/1.0.0/ .3 AutoScaling |
安全控制/ .3 AutoScaling |
|
service-managed-aws-control-tower/v/1.0.0/ .4 AutoScaling |
安全控制/ .4 AutoScaling |
|
service-managed-aws-control-Tower/V/1.0.0/Autoscaling.5 |
security-control/Autoscaling.5 |
|
service-managed-aws-control-tower/v/1.0.0/ .6 AutoScaling |
安全控制/ .6 AutoScaling |
|
service-managed-aws-control-tower/v/1.0.0/ .9 AutoScaling |
安全控制/ .9 AutoScaling |
|
service-managed-aws-control-tower/v/1.0.0/ .1 CloudTrail |
安全控制/ .1 CloudTrail |
|
service-managed-aws-control-tower/v/1.0.0/ .2 CloudTrail |
安全控制/ .2 CloudTrail |
|
service-managed-aws-control-tower/v/1.0.0/ .4 CloudTrail |
安全控制/ .4 CloudTrail |
|
service-managed-aws-control-tower/v/1.0.0/ .5 CloudTrail |
安全控制/ .5 CloudTrail |
|
service-managed-aws-control-tower/v/1.0.0/ .1 CodeBuild |
安全控制/ .1 CodeBuild |
|
service-managed-aws-control-tower/v/1.0.0/ .2 CodeBuild |
安全控制/ .2 CodeBuild |
|
service-managed-aws-control-tower/v/1.0.0/ .4 CodeBuild |
安全控制/ .4 CodeBuild |
|
service-managed-aws-control-tower/v/1.0.0/ .5 CodeBuild |
安全控制/ .5 CodeBuild |
|
service-managed-aws-control-Tower/v/1.0.0/dms.1 |
security-control/DMS.1 |
|
service-managed-aws-control-Tower/v/1.0.0/dynamoDB.1 |
security-control/DynamoDB.1 |
|
service-managed-aws-control-Tower/v/1.0.0/DynamoDB.2 |
security-control/DynamoDB.2 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.1 |
security-control/EC2.1 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.2 |
security-control/EC2.2 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.3 |
security-control/EC2.3 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.4 |
security-control/EC2.4 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.6 |
security-control/EC2.6 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.7 |
security-control/EC2.7 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.8 |
security-control/EC2.8 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.9 |
security-control/EC2.9 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.10 |
security-control/EC2.10 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.15 |
security-control/EC2.15 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.16 |
security-control/EC2.16 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.17 |
security-control/EC2.17 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.18 |
security-control/EC2.18 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.19 |
security-control/EC2.19 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.20 |
security-control/EC2.20 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.21 |
security-control/EC2.21 |
|
service-managed-aws-control-Tower/v/1.0.0/ec2.22 |
security-control/EC2.22 |
|
service-managed-aws-control-Tower/v/1.0.0/ecr.1 |
security-control/ECR.1 |
|
service-managed-aws-control-Tower/v/1.0.0/ecr.2 |
security-control/ECR.2 |
|
service-managed-aws-control-Tower/v/1.0.0/ecr.3 |
security-control/ECR.3 |
|
service-managed-aws-control-Tower/v/1.0.0/ecs.1 |
security-control/ECS.1 |
|
service-managed-aws-control-Tower/v/1.0.0/ecs.2 |
security-control/ECS.2 |
|
service-managed-aws-control-Tower/v/1.0.0/ecs.3 |
security-control/ECS.3 |
|
service-managed-aws-control-Tower/v/1.0.0/ecs.4 |
security-control/ECS.4 |
|
service-managed-aws-control-Tower/v/1.0.0/ecs.5 |
security-control/ECS.5 |
|
service-managed-aws-control-Tower/v/1.0.0/ecs.8 |
security-control/ECS.8 |
|
service-managed-aws-control-Tower/v/1.0.0/ecs.10 |
security-control/ECS.10 |
|
service-managed-aws-control-Tower/v/1.0.0/ecs.12 |
security-control/ECS.12 |
|
service-managed-aws-control-Tower/v/1.0.0/efs.1 |
security-control/EFS.1 |
|
service-managed-aws-control-Tower/v/1.0.0/efs.2 |
security-control/EFS.2 |
|
service-managed-aws-control-Tower/v/1.0.0/efs.3 |
security-control/EFS.3 |
|
service-managed-aws-control-Tower/v/1.0.0/efs.4 |
security-control/EFS.4 |
|
service-managed-aws-control-Tower/v/1.0.0/eks.2 |
security-control/EKS.2 |
|
service-managed-aws-control-Tower/v/1.0.0/elb.2 |
security-control/ELB.2 |
|
service-managed-aws-control-Tower/v/1.0.0/elb.3 |
security-control/ELB.3 |
|
service-managed-aws-control-Tower/v/1.0.0/elb.4 |
security-control/ELB.4 |
|
service-managed-aws-control-Tower/v/1.0.0/elb.5 |
security-control/ELB.5 |
|
service-managed-aws-control-Tower/v/1.0.0/elb.6 |
security-control/ELB.6 |
|
service-managed-aws-control-Tower/v/1.0.0/elb.7 |
security-control/ELB.7 |
|
service-managed-aws-control-Tower/v/1.0.0/elb.8 |
security-control/ELB.8 |
|
service-managed-aws-control-Tower/v/1.0.0/elb.9 |
security-control/ELB.9 |
|
service-managed-aws-control-Tower/v/1.0.0/elb.10 |
security-control/ELB.10 |
|
service-managed-aws-control-Tower/v/1.0.0/elb.12 |
security-control/ELB.12 |
|
service-managed-aws-control-Tower/v/1.0.0/elb.13 |
security-control/ELB.13 |
|
service-managed-aws-control-Tower/v/1.0.0/elb.14 |
security-control/ELB.14 |
|
service-managed-aws-control-Tower/v/1.0.0/elbv2.1 |
security-control/ELBv2.1 |
|
service-managed-aws-control-Tower/v/1.0.0/emr.1 |
security-control/EMR.1 |
|
service-managed-aws-control-Tower/v/1.0.0/es.1 |
security-control/ES.1 |
|
service-managed-aws-control-Tower/v/1.0.0/es.2 |
security-control/ES.2 |
|
service-managed-aws-control-Tower/v/1.0.0/es.3 |
security-control/ES.3 |
|
service-managed-aws-control-Tower/v/1.0.0/es.4 |
security-control/ES.4 |
|
service-managed-aws-control-Tower/v/1.0.0/es.5 |
security-control/ES.5 |
|
service-managed-aws-control-Tower/v/1.0.0/es.6 |
security-control/ES.6 |
|
service-managed-aws-control-Tower/v/1.0.0/es.7 |
security-control/ES.7 |
|
service-managed-aws-control-Tower/v/1.0.0/es.8 |
security-control/ES.8 |
|
service-managed-aws-control-tower/v/1.0.0/ .1 ElasticBeanstalk |
安全控制/ .1 ElasticBeanstalk |
|
service-managed-aws-control-tower/v/1.0.0/ .2 ElasticBeanstalk |
安全控制/ .2 ElasticBeanstalk |
|
service-managed-aws-control-tower/v/1.0.0/ .1 GuardDuty |
安全控制/ .1 GuardDuty |
|
service-managed-aws-control-Tower/v/1.0.0/iam.1 |
security-control/IAM.1 |
|
service-managed-aws-control-Tower/v/1.0.0/iam.2 |
security-control/IAM.2 |
|
service-managed-aws-control-Tower/v/1.0.0/iam.3 |
security-control/IAM.3 |
|
service-managed-aws-control-Tower/v/1.0.0/iam.4 |
security-control/IAM.4 |
|
service-managed-aws-control-Tower/v/1.0.0/iam.5 |
security-control/IAM.5 |
|
service-managed-aws-control-Tower/v/1.0.0/iam.6 |
security-control/IAM.6 |
|
service-managed-aws-control-Tower/v/1.0.0/iam.7 |
security-control/IAM.7 |
|
service-managed-aws-control-Tower/v/1.0.0/iam.8 |
security-control/IAM.8 |
|
service-managed-aws-control-Tower/v/1.0.0/iam.21 |
security-control/IAM.21 |
|
service-managed-aws-control-Tower/v/1.0.0/kinesis.1 |
security-control/Kinesis.1 |
|
service-managed-aws-control-Tower/v/1.0.0/kms.1 |
security-control/KMS.1 |
|
service-managed-aws-control-Tower/v/1.0.0/kms.2 |
security-control/KMS.2 |
|
service-managed-aws-control-Tower/v/1.0.0/kms.3 |
security-control/KMS.3 |
|
service-managed-aws-control-Tower/v/1.0.0/Lambda.1 |
security-control/Lambda.1 |
|
service-managed-aws-control-Tower/v/1.0.0/Lambda.2 |
security-control/Lambda.2 |
|
service-managed-aws-control-Tower/v/1.0.0/Lambda.5 |
security-control/Lambda.5 |
|
service-managed-aws-control-tower/v/1.0.0/ .3 NetworkFirewall |
安全控制/ .3 NetworkFirewall |
|
service-managed-aws-control-tower/v/1.0.0/ .4 NetworkFirewall |
安全控制/ .4 NetworkFirewall |
|
service-managed-aws-control-tower/v/1.0.0/ .5 NetworkFirewall |
安全控制/ .5 NetworkFirewall |
|
service-managed-aws-control-tower/v/1.0.0/ .6 NetworkFirewall |
安全控制/ .6 NetworkFirewall |
|
service-managed-aws-control-Tower/v/1.0.0/OpenSearch. |
security-control/Opensearch.1 |
|
service-managed-aws-control-塔/v/1.0.0/OpenSearch.2 |
security-control/Opensearch.2 |
|
service-managed-aws-control-塔/v/1.0.0/OpenSearch.3 |
security-control/Opensearch.3 |
|
service-managed-aws-control-Tower/v/1.0.0/OpenSearch.4 |
security-control/Opensearch.4 |
|
service-managed-aws-control-Tower/v/1.0.0/OpenSearch.5 |
security-control/Opensearch.5 |
|
service-managed-aws-control-Tower/v/1.0.0/OpenSearch.6 |
security-control/Opensearch.6 |
|
service-managed-aws-control-Tower/v/1.0.0/OpenSearch.7 |
security-control/Opensearch.7 |
|
service-managed-aws-control-Tower/v/1.0.0/OpenSearch.8 |
security-control/Opensearch.8 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.1 |
security-control/RDS.1 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.2 |
security-control/RDS.2 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.3 |
security-control/RDS.3 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.4 |
security-control/RDS.4 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.5 |
security-control/RDS.5 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.6 |
security-control/RDS.6 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.8 |
security-control/RDS.8 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.9 |
security-control/RDS.9 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.10 |
security-control/RDS.10 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.11 |
security-control/RDS.11 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.13 |
security-control/RDS.13 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.17 |
security-control/RDS.17 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.18 |
security-control/RDS.18 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.19 |
security-control/RDS.19 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.20 |
security-control/RDS.20 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.21 |
security-control/RDS.21 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.22 |
security-control/RDS.22 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.23 |
security-control/RDS.23 |
|
service-managed-aws-control-Tower/v/1.0.0/rds.25 |
security-control/RDS.25 |
|
service-managed-aws-control-Tower/v/1.0.0/redshift.1 |
security-control/Redshift.1 |
|
service-managed-aws-control-Tower/v/1.0.0/redshift.2 |
security-control/Redshift.2 |
|
service-managed-aws-control-Tower/v/1.0.0/redshift.4 |
security-control/Redshift.4 |
|
service-managed-aws-control-Tower/v/1.0.0/redshift.6 |
security-control/Redshift.6 |
|
service-managed-aws-control-Tower/v/1.0.0/redshift.7 |
security-control/Redshift.7 |
|
service-managed-aws-control-Tower/v/1.0.0/redshift.8 |
security-control/Redshift.8 |
|
service-managed-aws-control-Tower/v/1.0.0/redshift.9 |
security-control/Redshift.9 |
|
service-managed-aws-control-Tower/v/1.0.0/s3.1 |
security-control/S3.1 |
|
service-managed-aws-control-Tower/v/1.0.0/s3.2 |
security-control/S3.2 |
|
service-managed-aws-control-Tower/v/1.0.0/s3.3 |
security-control/S3.3 |
|
service-managed-aws-control-Tower/v/1.0.0/s3.5 |
security-control/S3.5 |
|
service-managed-aws-control-Tower/v/1.0.0/s3.6 |
security-control/S3.6 |
|
service-managed-aws-control-Tower/v/1.0.0/s3.8 |
security-control/S3.8 |
|
service-managed-aws-control-Tower/v/1.0.0/s3.9 |
security-control/S3.9 |
|
service-managed-aws-control-Tower/v/1.0.0/s3.10 |
security-control/S3.10 |
|
service-managed-aws-control-Tower/v/1.0.0/s3.11 |
security-control/S3.11 |
|
service-managed-aws-control-Tower/v/1.0.0/s3.12 |
security-control/S3.12 |
|
service-managed-aws-control-Tower/v/1.0.0/s3.13 |
security-control/S3.13 |
|
service-managed-aws-control-tower/v/1.0.0/ .1 SageMaker |
安全控制/ .1 SageMaker |
|
service-managed-aws-control-tower/v/1.0.0/ .1 SecretsManager |
安全控制/ .1 SecretsManager |
|
service-managed-aws-control-tower/v/1.0.0/ .2 SecretsManager |
安全控制/ .2 SecretsManager |
|
service-managed-aws-control-tower/v/1.0.0/ .3 SecretsManager |
安全控制/ .3 SecretsManager |
|
service-managed-aws-control-tower/v/1.0.0/ .4 SecretsManager |
安全控制/ .4 SecretsManager |
|
service-managed-aws-control-Tower/v/1.0.0/sns.1 |
security-control/SNS.1 |
|
service-managed-aws-control-Tower/v/1.0.0/sns.2 |
security-control/SNS.2 |
|
service-managed-aws-control-Tower/v/1.0.0/sqs.1 |
security-control/SQS.1 |
|
service-managed-aws-control-Tower/v/1.0.0/ssm.1 |
security-control/SSM.1 |
|
service-managed-aws-control-Tower/v/1.0.0/ssm.2 |
security-control/SSM.2 |
|
service-managed-aws-control-Tower/v/1.0.0/ssm.3 |
security-control/SSM.3 |
|
service-managed-aws-control-Tower/v/1.0.0/ssm.4 |
security-control/SSM.4 |
|
service-managed-aws-control-Tower/v/1.0.0/waf.2 |
security-control/WAF.2 |
|
service-managed-aws-control-Tower/v/1.0.0/waf.3 |
security-control/WAF.3 |
|
service-managed-aws-control-Tower/v/1.0.0/waf.4 |
security-control/WAF.4 |
整合如何影响控件 ID 和标题
整合的控件视图和整合的控件调查发现标准化了各类标准的控件 ID 和标题。安全控件 ID 和安全控件标题这两个术语是指这些与标准无关的值。下表显示了安全控件 ID 和标题与特定标准的控件 ID 和标题的映射。属于 Amazon 基础安全最佳实践 (FSBP) 标准的控件的 ID 和标题不变。
无论账户中开启还是关闭了整合的控件调查发现,Security Hub 控制台都会显示安全控件 ID 和安全控件标题。但是,只有在账户中启用了整合的控件调查发现后,Security Hub 的调查发现才会包含安全控件 ID 和安全控件标题。如果在账户中关闭了整合的控件调查发现,Security Hub 的调查发现将包含特定于标准的控件 ID 和标题。有关整合如何影响控件检查调查发现的更多信息,请参阅 控件调查发现样本。
对于属于服务管理标准:一部分的控件 Amazon Control Tower,启用整合控制结果后,将从查找结果中的控件 ID 和标题中删除前缀CT.。
要在此表上运行您自己的脚本,将其下载为.csv 文件。
| Standard | 标准控件 ID 和标题 | 安全控制 ID 和标题 |
|---|---|---|
|
CIS v1.2.0 |
1.1 避免使用根用户 |
|
|
CIS v1.2.0 |
1.1 避免使用根用户 |
|
|
CIS v1.2.0 |
1.10 确保 IAM 密码策略阻止重复使用密码 |
|
|
CIS v1.2.0 |
1.11 确保 IAM 密码策略使密码在 90 天或更短时间内失效 |
|
|
CIS v1.2.0 |
1.12 确保不存在根用户访问密钥 |
|
|
CIS v1.2.0 |
1.13 确保为根用户启用 MFA |
|
|
CIS v1.2.0 |
1.14 确保为根用户启用硬件 MFA |
|
|
CIS v1.2.0 |
1.16 确保 IAM policy 仅附加到组或角色 |
|
|
CIS v1.2.0 |
1.2 确保为拥有控制台密码的所有 IAM 用户启用多重身份验证(MFA) |
|
|
CIS v1.2.0 |
1.20 确保已创建支持角色来管理事件 Amazon Web Services Support |
|
|
CIS v1.2.0 |
1.22 确保未创建允许完全“*.*”管理权限的 IAM policy |
|
|
CIS v1.2.0 |
1.3 确保禁用 90 天或更长时间未使用的凭证 |
|
|
CIS v1.2.0 |
1.4 确保访问密钥每 90 天或更短时间轮换一次 |
|
|
CIS v1.2.0 |
1.5 确保 IAM 密码策略要求包含至少一个大写字母 |
|
|
CIS v1.2.0 |
1.6 确保 IAM 密码策略要求包含至少一个小写字母 |
|
|
CIS v1.2.0 |
1.7 确保 IAM 密码策略要求包含至少一个符号 |
|
|
CIS v1.2.0 |
1.8 确保 IAM 密码策略要求包含至少一个数字 |
|
|
CIS v1.2.0 |
1.9 确保 IAM 密码策略要求最短密码长度不低于 14 |
|
|
CIS v1.2.0 |
2.1 确保 CloudTrail 在所有地区都已启用 |
|
|
CIS v1.2.0 |
2.2 确保已启用 CloudTrail 日志文件验证 |
|
|
CIS v1.2.0 |
2.3 确保用于存储 CloudTrail 日志的 S3 存储桶不可公开访问 |
|
|
CIS v1.2.0 |
2.4 确保 CloudTrail 跟踪与 CloudWatch 日志集成 |
|
|
CIS v1.2.0 |
2.5 确保 Amazon Config 已启用 |
|
|
CIS v1.2.0 |
2.6 确保在 S3 存储桶上启用 CloudTrail S3 存储桶访问日志记录 |
|
|
CIS v1.2.0 |
2.7 确保使用 KMS CMK 对 CloudTrail 日志进行静态加密 |
|
|
CIS v1.2.0 |
2.8 确保为客户创建的 CMK 启用轮换 |
|
|
CIS v1.2.0 |
2.9 确保在所有 VPC 中启用 VPC 流日志记录 |
|
|
CIS v1.2.0 |
3.1 确保存在关于未经授权的 API 调用的日志指标筛选条件和警报 |
|
|
CIS v1.2.0 |
3.10 确保存在关于安全组更改的日志指标筛选条件和警报 |
|
|
CIS v1.2.0 |
3.11 确保存在关于网络访问控制列表 (NACL) 更改的日志指标筛选条件和警报 |
|
|
CIS v1.2.0 |
3.12 确保存在关于网络网关更改的日志指标筛选条件和警报 |
|
|
CIS v1.2.0 |
3.13 确保存在关于路由表更改的日志指标筛选条件和警报 |
|
|
CIS v1.2.0 |
3.14 确保存在关于 VPC 更改的日志指标筛选条件和警报 |
|
|
CIS v1.2.0 |
3.2 确保存在关于无 MFA 的管理控制台登录的日志指标筛选条件和警报 |
|
|
CIS v1.2.0 |
3.3 确保存在关于使用根用户的日志指标筛选条件和警报 |
|
|
CIS v1.2.0 |
3.4 确保存在关于 IAM policy 更改的日志指标筛选条件和警报 |
|
|
CIS v1.2.0 |
3.5 确保存在 CloudTrail 配置更改的日志指标筛选器和警报 |
[CloudWatch.5] 确保存在针对 CloudTrail Amazon Config持续时间变化的日志指标筛选器和警报 |
|
CIS v1.2.0 |
3.6 确保存在针对 Amazon Web Services Management Console 身份验证失败的日志指标筛选器和警报 |
[CloudWatch.6] 确保存在针对 Amazon Web Services Management Console 身份验证失败的日志指标筛选器和警报 |
|
CIS v1.2.0 |
3.7 确保存在关于禁用或计划删除客户创建的 CMK 的日志指标筛选条件和警报 |
|
|
CIS v1.2.0 |
3.8 确保存在关于 S3 存储桶策略更改的日志指标筛选条件和警报 |
|
|
CIS v1.2.0 |
3.9 确保存在 Amazon Config 配置更改的日志指标筛选器和警报 |
|
|
CIS v1.2.0 |
4.1 确保没有安全组允许从 0.0.0.0/0 到端口 22 的传入流量 |
|
|
CIS v1.2.0 |
4.2 确保没有安全组允许从 0.0.0.0/0 到端口 3389 的传入流量 |
|
|
CIS v1.2.0 |
4.3 确保每个 VPC 的默认安全组限制所有流量 |
|
|
CIS v1.4.0 |
1.10 确保为拥有控制台密码的所有 IAM 用户启用多重身份验证(MFA) |
|
|
CIS v1.4.0 |
1.14 确保访问密钥每 90 天或更短时间轮换一次 |
|
|
CIS v1.4.0 |
1.16 确保未附加的允许完全“*.*”管理权限的 IAM policy |
|
|
CIS v1.4.0 |
1.17 确保已创建支持角色来管理事件 Amazon Web Services Support |
|
|
CIS v1.4.0 |
1.4 确保不存在根用户账户访问密钥 |
|
|
CIS v1.4.0 |
1.5 确保为根用户账户启用 MFA |
|
|
CIS v1.4.0 |
1.6 确保为根用户账户启用硬件 MFA |
|
|
CIS v1.4.0 |
1.7 避免使用根用户执行管理和日常任务 |
|
|
CIS v1.4.0 |
1.8 确保 IAM 密码策略要求最短长度不低于 14 |
|
|
CIS v1.4.0 |
1.9 确保 IAM 密码策略阻止重复使用密码 |
|
|
CIS v1.4.0 |
2.1.2 确保 S3 存储桶策略设置为拒绝 HTTP 请求 |
|
|
CIS v1.4.0 |
2.1.5.1 应启用 S3 阻止公有访问设置 |
|
|
CIS v1.4.0 |
2.1.5.2 应在存储桶级别启用 S3 阻止公有访问设置 |
|
|
CIS v1.4.0 |
2.2.1 确保启用 EBS 卷加密 |
|
|
CIS v1.4.0 |
2.3.1 确保已为 RDS 实例启用加密 |
|
|
CIS v1.4.0 |
3.1 确保 CloudTrail 在所有地区都已启用 |
|
|
CIS v1.4.0 |
3.2 确保已启用 CloudTrail 日志文件验证 |
|
|
CIS v1.4.0 |
3.4 确保 CloudTrail 跟踪与 CloudWatch 日志集成 |
|
|
CIS v1.4.0 |
3.5 确保 Amazon Config 在所有地区都已启用 |
|
|
CIS v1.4.0 |
3.6 确保在 S3 存储桶上启用 CloudTrail S3 存储桶访问日志记录 |
|
|
CIS v1.4.0 |
3.7 确保使用 KMS CMK 对 CloudTrail 日志进行静态加密 |
|
|
CIS v1.4.0 |
3.8 确保为客户创建的 CMK 启用轮换 |
|
|
CIS v1.4.0 |
3.9 确保在所有 VPC 中启用 VPC 流日志记录 |
|
|
CIS v1.4.0 |
4.4 确保存在关于 IAM policy 更改的日志指标筛选条件和警报 |
|
|
CIS v1.4.0 |
4.5 确保存在 CloudTrail 配置更改的日志指标筛选器和警报 |
[CloudWatch.5] 确保存在针对 CloudTrail Amazon Config持续时间变化的日志指标筛选器和警报 |
|
CIS v1.4.0 |
4.6 确保存在针对 Amazon Web Services Management Console 身份验证失败的日志指标筛选器和警报 |
[CloudWatch.6] 确保存在针对 Amazon Web Services Management Console 身份验证失败的日志指标筛选器和警报 |
|
CIS v1.4.0 |
4.7 确保存在关于禁用或计划删除客户创建的 CMK 的日志指标筛选条件和警报 |
|
|
CIS v1.4.0 |
4.8 确保存在关于 S3 存储桶策略更改的日志指标筛选条件和警报 |
|
|
CIS v1.4.0 |
4.9 确保存在 Amazon Config 配置更改的日志指标筛选器和警报 |
|
|
CIS v1.4.0 |
4.10 确保存在关于安全组更改的日志指标筛选条件和警报 |
|
|
CIS v1.4.0 |
4.11 确保存在关于网络访问控制列表 (NACL) 更改的日志指标筛选条件和警报 |
|
|
CIS v1.4.0 |
4.12 确保存在关于网络网关更改的日志指标筛选条件和警报 |
|
|
CIS v1.4.0 |
4.13 确保存在关于路由表更改的日志指标筛选条件和警报 |
|
|
CIS v1.4.0 |
4.14 确保存在关于 VPC 更改的日志指标筛选条件和警报 |
|
|
CIS v1.4.0 |
5.1 确保网络 ACL 不允许从 0.0.0.0/0 进入远程服务器管理端口 |
|
|
CIS v1.4.0 |
5.3 确保每个 VPC 的默认安全组限制所有流量 |
|
|
PCI DSS v3.2.1 |
PCI。 AutoScaling.1 与负载均衡器关联的自动扩展组应使用负载均衡器运行状况检查 |
[AutoScaling.1] 与 Classic Load Balancer 关联的 Auto Scaling 组应使用负载均衡器运行状况检查 |
|
PCI DSS v3.2.1 |
PCI。 CloudTrail.1 CloudTrail 日志应使用 Amazon KMS CMK 进行静态加密 |
|
|
PCI DSS v3.2.1 |
PCI。 CloudTrail CloudTrail 应该启用 .2 |
|
|
PCI DSS v3.2.1 |
PCI。 CloudTrail.3 应启用 CloudTrail 日志文件验证 |
|
|
PCI DSS v3.2.1 |
PCI。 CloudTrail.4 CloudTrail 路径应与 Amazon CloudWatch 日志集成 |
|
|
PCI DSS v3.2.1 |
PCI。 CodeBuild.1 CodeBuild GitHub 或 Bitbucket 源存储库网址应使用 OAuth |
|
|
PCI DSS v3.2.1 |
PCI。 CodeBuild.2 CodeBuild 项目环境变量不应包含明文凭证 |
|
|
PCI DSS v3.2.1 |
应该启用 pci.config.1 Amazon Config |
|
|
PCI DSS v3.2.1 |
PCI.CW.1 应具有有关“根”用户使用的日志指标筛选条件和警报 |
|
|
PCI DSS v3.2.1 |
PCI.DMS.1 Database Migration Service 复制实例不应公开 |
|
|
PCI DSS v3.2.1 |
PCI.EC2.1 不应公开还原 EBS 快照 |
|
|
PCI DSS v3.2.1 |
PCI.EC2.2 VPC 默认安全组应禁止入站和出站流量 |
|
|
PCI DSS v3.2.1 |
PCI.EC2.4 应删除未使用的 EC2 EIP |
|
|
PCI DSS v3.2.1 |
PCI.EC2.5 不允许安全组从 0.0.0.0/0 到端口 22 的入站流量 |
|
|
PCI DSS v3.2.1 |
应在所有 VPC 中启用 PCI.EC2.6 VPC 流日志记录 |
|
|
PCI DSS v3.2.1 |
PCI.ELBv2.1 应用程序负载均衡器应配置为将所有 HTTP 请求重定向到 HTTPS |
|
|
PCI DSS v3.2.1 |
PCI.ES.1 Elasticsearch 域应位于 VPC 中 |
|
|
PCI DSS v3.2.1 |
PCI.ES.2 Elasticsearch 域应启用静态加密 |
|
|
PCI DSS v3.2.1 |
PCI。 GuardDuty.1 GuardDuty 应该启用 |
|
|
PCI DSS v3.2.1 |
PCI.IAM.1 IAM 根用户访问密钥不应存在 |
|
|
PCI DSS v3.2.1 |
PCI.IAM.2 IAM 用户不应附加 IAM policy |
|
|
PCI DSS v3.2.1 |
PCI.IAM.3 IAM policy 不应允许完全“*”管理权限 |
|
|
PCI DSS v3.2.1 |
PCI.IAM.4 应该为根用户启用硬件 MFA |
|
|
PCI DSS v3.2.1 |
PCI.IAM.5 应该为根用户启用虚拟 MFA |
|
|
PCI DSS v3.2.1 |
PCI.IAM.6 应该为所有 IAM 用户启用 MFA |
|
|
PCI DSS v3.2.1 |
如果未在预定义的天数内使用 PCI.IAM.7 IAM 用户凭证,则应禁用 |
|
|
PCI DSS v3.2.1 |
PCI.IAM.8 IAM 用户的密码策略应具有可靠的配置 |
|
|
PCI DSS v3.2.1 |
PCI.KMS.1 应启用客户主密钥 (CMK) 轮换 |
|
|
PCI DSS v3.2.1 |
PCI.Lambda.1 Lambda 函数应禁止公开访问 |
|
|
PCI DSS v3.2.1 |
PCI.Lambda.2 Lambda 函数应位于 VPC 中 |
|
|
PCI DSS v3.2.1 |
PCI.openSearch.1 OpenSearch 域名应该在 VPC 中 |
|
|
PCI DSS v3.2.1 |
PCI.Opensearch.2 不应公开还原 EBS 快照 |
|
|
PCI DSS v3.2.1 |
PCI.RDS.1 RDS 快照应为私有快照 |
|
|
PCI DSS v3.2.1 |
PCI.RDS.2 RDS 数据库实例应禁止公开访问 |
[RDS.2] RDS 数据库实例应禁止公共访问,具体取决于持续时间 PubliclyAccessible Amazon Config |
|
PCI DSS v3.2.1 |
PCI.Redshift.1 Amazon Redshift 集群应禁止公共访问 |
|
|
PCI DSS v3.2.1 |
PCI.S3.1 S3 存储桶应禁止公开写入访问 |
|
|
PCI DSS v3.2.1 |
PCI.S3.2 S3 存储桶应禁止公开读取访问 |
|
|
PCI DSS v3.2.1 |
PCI.S3.3 S3 存储桶应启用跨区域复制 |
|
|
PCI DSS v3.2.1 |
PCI.S3.5 S3 存储桶应要求请求才能使用安全套接字层 |
|
|
PCI DSS v3.2.1 |
PCI.S3.6 应启用 S3 阻止公有访问设置 |
|
|
PCI DSS v3.2.1 |
PCI。 SageMaker.1 Amazon SageMaker 笔记本实例不应直接访问互联网 |
|
|
PCI DSS v3.2.1 |
PCI.SSM.1 由 Systems Manager 管理的 EC2 实例在安装补丁后应具有 COMPLIANT 的补丁合规性状态 |
[SSM.2] 由 Systems Manager 管理的 Amazon EC2 实例在安装补丁后应具有 COMPLIANT 的补丁合规性状态 |
|
PCI DSS v3.2.1 |
由 Systems Manager 管理的 PCI.SSM.2 EC2 实例的关联合规性的状态应为 COMPLIANT |
[SSM.3] 由 Systems Manager 管理的 Amazon EC2 实例的关联合规状态应为 COMPLIANT |
|
PCI DSS v3.2.1 |
PCI.SSM.3 EC2 实例应由以下人员管理 Amazon Systems Manager |
更新工作流以进行整合。
如果工作流程不依赖于任何控件调查发现字段的特定格式,则无需执行任何操作。
如果您的工作流程依赖于表格中注明的任何控制查找字段的特定格式,则应更新工作流程。例如,如果您创建的 Amazon Events 规则触发了针对特定控 CloudWatch 件 ID 的操作(例如,如果控件 ID 等于 CIS 2.7,则调用 Amazon Lambda 函数),请将该规则更新为使用 CloudTrail .2(该控件的Compliance.SecurityControlId字段)。
如果您使用任何已更改的控件查找字段或值创建了自定义见解,请更新这些见解以使用当前字段或值。