Update CIS v8 IG1 benchmark title to stay consistent with other CIS b…

…enchmark titles (#589)

cis_controls_v8_ig1/cis_controls_v8_ig1_1.sp

@@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_1" {
 }
 
 benchmark "cis_controls_v8_ig1_1_1" {
-  title       = "1.1 - Establish and Maintain Detailed Enterprise Asset Inventory"
+  title       = "1.1 Establish and Maintain Detailed Enterprise Asset Inventory"
   description = "Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data, to include: end-user devices (including portable and mobile), network devices, non-computing/IoT devices, and servers. Ensure the inventory records the network address (if static), hardware address, machine name, enterprise asset owner, department for each asset, and whether the asset has been approved to connect to the network. For mobile end-user devices, MDM type tools can support this process, where appropriate. This inventory includes assets connected to the infrastructure physically, virtually, remotely, and those within cloud environments. Additionally, it includes assets that are regularly connected to the enterprise’s network infrastructure, even if they are not under control of the enterprise. Review and update the inventory of all enterprise assets bi-annually, or more frequently."
   children = [
     control.ec2_stopped_instance_30_days,
@@ -24,7 +24,7 @@ benchmark "cis_controls_v8_ig1_1_1" {
 }
 
 benchmark "cis_controls_v8_ig1_1_2" {
-  title       = "1.2 - Address Unauthorized Assets"
+  title       = "1.2 Address Unauthorized Assets"
   description = "Ensure that a process exists to address unauthorized assets on a weekly basis. The enterprise may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset."
   children = [
     control.guardduty_enabled

cis_controls_v8_ig1/cis_controls_v8_ig1_10.sp

@@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_10" {
 }
 
 benchmark "cis_controls_v8_ig1_10_1" {
-  title       = "10.1 - Deploy and Maintain Anti-Malware Software"
+  title       = "10.1 Deploy and Maintain Anti-Malware Software"
   description = "Deploy and maintain anti-malware software on all enterprise assets."
   children = [
     control.guardduty_enabled
@@ -20,7 +20,7 @@ benchmark "cis_controls_v8_ig1_10_1" {
 }
 
 benchmark "cis_controls_v8_ig1_10_2" {
-  title       = "10.2 - Configure Automatic Anti-Malware Signature Updates"
+  title       = "10.2 Configure Automatic Anti-Malware Signature Updates"
   description = "Configure automatic updates for anti-malware signature files on all enterprise assets."
   children = [
     control.guardduty_enabled

cis_controls_v8_ig1/cis_controls_v8_ig1_11.sp

@@ -11,7 +11,7 @@ benchmark "cis_controls_v8_ig1_11" {
 }
 
 benchmark "cis_controls_v8_ig1_11_2" {
-  title       = "11.2 - Perform Automated Backups"
+  title       = "11.2 Perform Automated Backups"
   description = "Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data."
   children = [
     control.dynamodb_table_in_backup_plan,
@@ -32,7 +32,7 @@ benchmark "cis_controls_v8_ig1_11_2" {
 }
 
 benchmark "cis_controls_v8_ig1_11_3" {
-  title       = "11.3 - Protect Recovery Data"
+  title       = "11.3 Protect Recovery Data"
   description = "Protect recovery data with equivalent controls to the original data. Reference encryption or data separation, based on requirements."
   children = [
     control.ebs_volume_encryption_at_rest_enabled,
@@ -44,7 +44,7 @@ benchmark "cis_controls_v8_ig1_11_3" {
 }
 
 benchmark "cis_controls_v8_ig1_11_4" {
-  title       = "11.4 - Establish and Maintain an Isolated Instance of Recovery Data"
+  title       = "11.4 Establish and Maintain an Isolated Instance of Recovery Data"
   description = "Establish and maintain an isolated instance of recovery data. Example implementations include, version controlling backup destinations through offline, cloud, or off-site systems or services."
   children = [
     control.dynamodb_table_in_backup_plan,

cis_controls_v8_ig1/cis_controls_v8_ig1_12.sp

@@ -9,7 +9,7 @@ benchmark "cis_controls_v8_ig1_12" {
 }
 
 benchmark "cis_controls_v8_ig1_12_1" {
-  title       = "12.1 - Ensure Network Infrastructure is Up-to-Date"
+  title       = "12.1 Ensure Network Infrastructure is Up-to-Date"
   description = "Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support."
   children = [
     control.ec2_instance_ssm_managed,

cis_controls_v8_ig1/cis_controls_v8_ig1_13.sp

@@ -11,7 +11,7 @@ benchmark "cis_controls_v8_ig1_13" {
 }
 
 benchmark "cis_controls_v8_ig1_13_1" {
-  title       = "13.1 - Perform Application Layer Filtering"
+  title       = "13.1 Perform Application Layer Filtering"
   children = [
     control.apigateway_stage_use_waf_web_acl,
     control.guardduty_enabled,
@@ -22,7 +22,7 @@ benchmark "cis_controls_v8_ig1_13_1" {
 }
 
 benchmark "cis_controls_v8_ig1_13_3" {
-  title       = "13.3 - Ensure Network Infrastructure is Up-to-Date"
+  title       = "13.3 Ensure Network Infrastructure is Up-to-Date"
   children = [
     control.guardduty_enabled
   ]
@@ -31,7 +31,7 @@ benchmark "cis_controls_v8_ig1_13_3" {
 }
 
 benchmark "cis_controls_v8_ig1_13_6" {
-  title       = "13.6 - Collect Network Traffic Flow Logs"
+  title       = "13.6 Collect Network Traffic Flow Logs"
   children = [
     control.vpc_flow_logs_enabled,
     control.wafv2_web_acl_logging_enabled

cis_controls_v8_ig1/cis_controls_v8_ig1_16.sp

@@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_16" {
 }
 
 benchmark "cis_controls_v8_ig1_16_1" {
-  title       = "16.1 - Establish and Maintain a Secure Application Development Process"
+  title       = "16.1 Establish and Maintain a Secure Application Development Process"
   description = "Deploy and maintain anti-malware software on all enterprise assets."
   children = [
     control.codebuild_project_artifact_encryption_enabled,
@@ -24,7 +24,7 @@ benchmark "cis_controls_v8_ig1_16_1" {
 }
 
 benchmark "cis_controls_v8_ig1_16_12" {
-  title       = "16.12 - Implement Code-Level Security Checks"
+  title       = "16.12 Implement Code-Level Security Checks"
   children = [
     control.codebuild_project_artifact_encryption_enabled,
     control.codebuild_project_environment_privileged_mode_disabled,

cis_controls_v8_ig1/cis_controls_v8_ig1_3.sp

@@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_3" {
 }
 
 benchmark "cis_controls_v8_ig1_3_3" {
-  title       = "3.3 - Configure Data Access Control Lists"
+  title       = "3.3 Configure Data Access Control Lists"
   description = "Configure data access control lists based on a user’s need to know. Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications."
   children = [
     control.autoscaling_launch_config_public_ip_disabled,
@@ -53,7 +53,7 @@ benchmark "cis_controls_v8_ig1_3_3" {
 }
 
 benchmark "cis_controls_v8_ig1_3_4" {
-  title       = "3.4 - Enforce Data Retention"
+  title       = "3.4 Enforce Data Retention"
   description = "Retain data according to the enterprise’s data management process. Data retention must include both minimum and maximum timelines."
   children = [
     control.cloudwatch_log_group_retention_period_365

cis_controls_v8_ig1/cis_controls_v8_ig1_4.sp

@@ -11,7 +11,7 @@ benchmark "cis_controls_v8_ig1_4" {
 }
 
 benchmark "cis_controls_v8_ig1_4_1" {
-  title       = "4.1 - Establish and Maintain a Secure Configuration Process"
+  title       = "4.1 Establish and Maintain a Secure Configuration Process"
   description = "Establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile, non-computing/IoT devices, and servers) and software (operating systems and applications). Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard."
   children = [
     control.account_part_of_organizations,
@@ -26,7 +26,7 @@ benchmark "cis_controls_v8_ig1_4_1" {
 }
 
 benchmark "cis_controls_v8_ig1_4_6" {
-  title       = "4.6 - Securely Manage Enterprise Assets and Software"
+  title       = "4.6 Securely Manage Enterprise Assets and Software"
   description = "Securely manage enterprise assets and software. Example implementations include managing configuration through version-controlled-infrastructure-as-code and accessing administrative interfaces over secure network protocols, such as Secure Shell (SSH) and Hypertext Transfer Protocol Secure (HTTPS). Do not use insecure management protocols, such as Telnet (Teletype Network) and HTTP, unless operationally essential."
   children = [
     control.account_part_of_organizations,
@@ -65,7 +65,7 @@ benchmark "cis_controls_v8_ig1_4_6" {
 }
 
 benchmark "cis_controls_v8_ig1_4_7" {
-  title       = "4.7 - Manage Default Accounts on Enterprise Assets and Software"
+  title       = "4.7 Manage Default Accounts on Enterprise Assets and Software"
   description = "Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable."
   children = [
     control.iam_root_user_mfa_enabled,

cis_controls_v8_ig1/cis_controls_v8_ig1_5.sp

@@ -11,7 +11,7 @@ benchmark "cis_controls_v8_ig1_5" {
 }
 
 benchmark "cis_controls_v8_ig1_5_2" {
-  title       = "5.2 - Use Unique Passwords"
+  title       = "5.2 Use Unique Passwords"
   description = "Use unique passwords for all enterprise assets. Best practice implementation includes, at a minimum, an 8-character password for accounts using MFA and a 14-character password for accounts not using MFA."
   children = [
     control.iam_account_password_policy_min_length_14,
@@ -24,7 +24,7 @@ benchmark "cis_controls_v8_ig1_5_2" {
 }
 
 benchmark "cis_controls_v8_ig1_5_3" {
-  title       = "5.3 - Disable Dormant Accounts"
+  title       = "5.3 Disable Dormant Accounts"
   description = "Delete or disable any dormant accounts after a period of 45 days of inactivity, where supported."
   children = [
     control.iam_user_unused_credentials_90
@@ -34,7 +34,7 @@ benchmark "cis_controls_v8_ig1_5_3" {
 }
 
 benchmark "cis_controls_v8_ig1_5_4" {
-  title       = "5.4 - Restrict Administrator Privileges to Dedicated Administrator Accounts"
+  title       = "5.4 Restrict Administrator Privileges to Dedicated Administrator Accounts"
   description = "Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user's primary, non-privileged account."
   children = [
     control.iam_policy_no_star_star,

cis_controls_v8_ig1/cis_controls_v8_ig1_6.sp

@@ -9,7 +9,7 @@ benchmark "cis_controls_v8_ig1_6" {
 }
 
 benchmark "cis_controls_v8_ig1_6_5" {
-  title       = "6.5 - Require MFA for Administrative Access"
+  title       = "6.5 Require MFA for Administrative Access"
   description = "Require MFA for all administrative access accounts, where supported, on all enterprise assets, whether managed on-site or through a third-party provider."
   children = [
     control.iam_root_user_mfa_enabled,

cis_controls_v8_ig1/cis_controls_v8_ig1_7.sp

@@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_7" {
 }
 
 benchmark "cis_controls_v8_ig1_7_1" {
-  title       = "7.1 - Establish and Maintain a Vulnerability Management Process"
+  title       = "7.1 Establish and Maintain a Vulnerability Management Process"
   description = "Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard."
   children = [
     control.guardduty_enabled,
@@ -22,7 +22,7 @@ benchmark "cis_controls_v8_ig1_7_1" {
 }
 
 benchmark "cis_controls_v8_ig1_7_3" {
-  title       = "7.3 - Perform Automated Operating System Patch Management"
+  title       = "7.3 Perform Automated Operating System Patch Management"
   description = "Perform operating system updates on enterprise assets through automated patch management on a monthly, or more frequent, basis."
   children = [
     control.redshift_cluster_maintenance_settings_check,

cis_controls_v8_ig1/cis_controls_v8_ig1_8.sp

@@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_8" {
 }
 
 benchmark "cis_controls_v8_ig1_8_1" {
-  title       = "8.1 - Establish and Maintain an Audit Log Management Process"
+  title       = "8.1 Establish and Maintain an Audit Log Management Process"
   description = "Establish and maintain an audit log management process that defines the enterprise’s logging requirements. At a minimum, address the collection, review, and retention of audit logs for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard."
   children = [
     control.cloudwatch_log_group_retention_period_365
@@ -20,7 +20,7 @@ benchmark "cis_controls_v8_ig1_8_1" {
 }
 
 benchmark "cis_controls_v8_ig1_8_2" {
-  title       = "8.2 - Collect Audit Logs"
+  title       = "8.2 Collect Audit Logs"
   description = "Collect audit logs. Ensure that logging, per the enterprise’s audit log management process, has been enabled across enterprise assets."
   children = [
     control.apigateway_stage_logging_enabled,