From 3dc999ff0c37c70c7ddd35db3fae4e0d75c5c050 Mon Sep 17 00:00:00 2001 From: Raj Date: Wed, 22 Mar 2023 19:01:40 +0530 Subject: [PATCH] Update CIS v8 IG1 benchmark title to stay consistent with other CIS benchmark titles (#589) --- cis_controls_v8_ig1/cis_controls_v8_ig1_1.sp | 4 ++-- cis_controls_v8_ig1/cis_controls_v8_ig1_10.sp | 4 ++-- cis_controls_v8_ig1/cis_controls_v8_ig1_11.sp | 6 +++--- cis_controls_v8_ig1/cis_controls_v8_ig1_12.sp | 2 +- cis_controls_v8_ig1/cis_controls_v8_ig1_13.sp | 6 +++--- cis_controls_v8_ig1/cis_controls_v8_ig1_16.sp | 4 ++-- cis_controls_v8_ig1/cis_controls_v8_ig1_3.sp | 4 ++-- cis_controls_v8_ig1/cis_controls_v8_ig1_4.sp | 6 +++--- cis_controls_v8_ig1/cis_controls_v8_ig1_5.sp | 6 +++--- cis_controls_v8_ig1/cis_controls_v8_ig1_6.sp | 2 +- cis_controls_v8_ig1/cis_controls_v8_ig1_7.sp | 4 ++-- cis_controls_v8_ig1/cis_controls_v8_ig1_8.sp | 4 ++-- 12 files changed, 26 insertions(+), 26 deletions(-) diff --git a/cis_controls_v8_ig1/cis_controls_v8_ig1_1.sp b/cis_controls_v8_ig1/cis_controls_v8_ig1_1.sp index 43799827..a0477a21 100644 --- a/cis_controls_v8_ig1/cis_controls_v8_ig1_1.sp +++ b/cis_controls_v8_ig1/cis_controls_v8_ig1_1.sp @@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_1" { } benchmark "cis_controls_v8_ig1_1_1" { - title = "1.1 - Establish and Maintain Detailed Enterprise Asset Inventory" + title = "1.1 Establish and Maintain Detailed Enterprise Asset Inventory" description = "Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data, to include: end-user devices (including portable and mobile), network devices, non-computing/IoT devices, and servers. Ensure the inventory records the network address (if static), hardware address, machine name, enterprise asset owner, department for each asset, and whether the asset has been approved to connect to the network. For mobile end-user devices, MDM type tools can support this process, where appropriate. This inventory includes assets connected to the infrastructure physically, virtually, remotely, and those within cloud environments. Additionally, it includes assets that are regularly connected to the enterprise’s network infrastructure, even if they are not under control of the enterprise. Review and update the inventory of all enterprise assets bi-annually, or more frequently." children = [ control.ec2_stopped_instance_30_days, @@ -24,7 +24,7 @@ benchmark "cis_controls_v8_ig1_1_1" { } benchmark "cis_controls_v8_ig1_1_2" { - title = "1.2 - Address Unauthorized Assets" + title = "1.2 Address Unauthorized Assets" description = "Ensure that a process exists to address unauthorized assets on a weekly basis. The enterprise may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset." children = [ control.guardduty_enabled diff --git a/cis_controls_v8_ig1/cis_controls_v8_ig1_10.sp b/cis_controls_v8_ig1/cis_controls_v8_ig1_10.sp index 30e3449d..ff494848 100644 --- a/cis_controls_v8_ig1/cis_controls_v8_ig1_10.sp +++ b/cis_controls_v8_ig1/cis_controls_v8_ig1_10.sp @@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_10" { } benchmark "cis_controls_v8_ig1_10_1" { - title = "10.1 - Deploy and Maintain Anti-Malware Software" + title = "10.1 Deploy and Maintain Anti-Malware Software" description = "Deploy and maintain anti-malware software on all enterprise assets." children = [ control.guardduty_enabled @@ -20,7 +20,7 @@ benchmark "cis_controls_v8_ig1_10_1" { } benchmark "cis_controls_v8_ig1_10_2" { - title = "10.2 - Configure Automatic Anti-Malware Signature Updates" + title = "10.2 Configure Automatic Anti-Malware Signature Updates" description = "Configure automatic updates for anti-malware signature files on all enterprise assets." children = [ control.guardduty_enabled diff --git a/cis_controls_v8_ig1/cis_controls_v8_ig1_11.sp b/cis_controls_v8_ig1/cis_controls_v8_ig1_11.sp index c7f17f61..ae27ed2b 100644 --- a/cis_controls_v8_ig1/cis_controls_v8_ig1_11.sp +++ b/cis_controls_v8_ig1/cis_controls_v8_ig1_11.sp @@ -11,7 +11,7 @@ benchmark "cis_controls_v8_ig1_11" { } benchmark "cis_controls_v8_ig1_11_2" { - title = "11.2 - Perform Automated Backups" + title = "11.2 Perform Automated Backups" description = "Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data." children = [ control.dynamodb_table_in_backup_plan, @@ -32,7 +32,7 @@ benchmark "cis_controls_v8_ig1_11_2" { } benchmark "cis_controls_v8_ig1_11_3" { - title = "11.3 - Protect Recovery Data" + title = "11.3 Protect Recovery Data" description = "Protect recovery data with equivalent controls to the original data. Reference encryption or data separation, based on requirements." children = [ control.ebs_volume_encryption_at_rest_enabled, @@ -44,7 +44,7 @@ benchmark "cis_controls_v8_ig1_11_3" { } benchmark "cis_controls_v8_ig1_11_4" { - title = "11.4 - Establish and Maintain an Isolated Instance of Recovery Data" + title = "11.4 Establish and Maintain an Isolated Instance of Recovery Data" description = "Establish and maintain an isolated instance of recovery data. Example implementations include, version controlling backup destinations through offline, cloud, or off-site systems or services." children = [ control.dynamodb_table_in_backup_plan, diff --git a/cis_controls_v8_ig1/cis_controls_v8_ig1_12.sp b/cis_controls_v8_ig1/cis_controls_v8_ig1_12.sp index b52ff0d9..eb31801f 100644 --- a/cis_controls_v8_ig1/cis_controls_v8_ig1_12.sp +++ b/cis_controls_v8_ig1/cis_controls_v8_ig1_12.sp @@ -9,7 +9,7 @@ benchmark "cis_controls_v8_ig1_12" { } benchmark "cis_controls_v8_ig1_12_1" { - title = "12.1 - Ensure Network Infrastructure is Up-to-Date" + title = "12.1 Ensure Network Infrastructure is Up-to-Date" description = "Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support." children = [ control.ec2_instance_ssm_managed, diff --git a/cis_controls_v8_ig1/cis_controls_v8_ig1_13.sp b/cis_controls_v8_ig1/cis_controls_v8_ig1_13.sp index 7640c382..941994bb 100644 --- a/cis_controls_v8_ig1/cis_controls_v8_ig1_13.sp +++ b/cis_controls_v8_ig1/cis_controls_v8_ig1_13.sp @@ -11,7 +11,7 @@ benchmark "cis_controls_v8_ig1_13" { } benchmark "cis_controls_v8_ig1_13_1" { - title = "13.1 - Perform Application Layer Filtering" + title = "13.1 Perform Application Layer Filtering" children = [ control.apigateway_stage_use_waf_web_acl, control.guardduty_enabled, @@ -22,7 +22,7 @@ benchmark "cis_controls_v8_ig1_13_1" { } benchmark "cis_controls_v8_ig1_13_3" { - title = "13.3 - Ensure Network Infrastructure is Up-to-Date" + title = "13.3 Ensure Network Infrastructure is Up-to-Date" children = [ control.guardduty_enabled ] @@ -31,7 +31,7 @@ benchmark "cis_controls_v8_ig1_13_3" { } benchmark "cis_controls_v8_ig1_13_6" { - title = "13.6 - Collect Network Traffic Flow Logs" + title = "13.6 Collect Network Traffic Flow Logs" children = [ control.vpc_flow_logs_enabled, control.wafv2_web_acl_logging_enabled diff --git a/cis_controls_v8_ig1/cis_controls_v8_ig1_16.sp b/cis_controls_v8_ig1/cis_controls_v8_ig1_16.sp index d7337931..bda2fd02 100644 --- a/cis_controls_v8_ig1/cis_controls_v8_ig1_16.sp +++ b/cis_controls_v8_ig1/cis_controls_v8_ig1_16.sp @@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_16" { } benchmark "cis_controls_v8_ig1_16_1" { - title = "16.1 - Establish and Maintain a Secure Application Development Process" + title = "16.1 Establish and Maintain a Secure Application Development Process" description = "Deploy and maintain anti-malware software on all enterprise assets." children = [ control.codebuild_project_artifact_encryption_enabled, @@ -24,7 +24,7 @@ benchmark "cis_controls_v8_ig1_16_1" { } benchmark "cis_controls_v8_ig1_16_12" { - title = "16.12 - Implement Code-Level Security Checks" + title = "16.12 Implement Code-Level Security Checks" children = [ control.codebuild_project_artifact_encryption_enabled, control.codebuild_project_environment_privileged_mode_disabled, diff --git a/cis_controls_v8_ig1/cis_controls_v8_ig1_3.sp b/cis_controls_v8_ig1/cis_controls_v8_ig1_3.sp index 3e19a3cc..98115f83 100644 --- a/cis_controls_v8_ig1/cis_controls_v8_ig1_3.sp +++ b/cis_controls_v8_ig1/cis_controls_v8_ig1_3.sp @@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_3" { } benchmark "cis_controls_v8_ig1_3_3" { - title = "3.3 - Configure Data Access Control Lists" + title = "3.3 Configure Data Access Control Lists" description = "Configure data access control lists based on a user’s need to know. Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications." children = [ control.autoscaling_launch_config_public_ip_disabled, @@ -53,7 +53,7 @@ benchmark "cis_controls_v8_ig1_3_3" { } benchmark "cis_controls_v8_ig1_3_4" { - title = "3.4 - Enforce Data Retention" + title = "3.4 Enforce Data Retention" description = "Retain data according to the enterprise’s data management process. Data retention must include both minimum and maximum timelines." children = [ control.cloudwatch_log_group_retention_period_365 diff --git a/cis_controls_v8_ig1/cis_controls_v8_ig1_4.sp b/cis_controls_v8_ig1/cis_controls_v8_ig1_4.sp index 9ccc2a99..ae3a3b5b 100644 --- a/cis_controls_v8_ig1/cis_controls_v8_ig1_4.sp +++ b/cis_controls_v8_ig1/cis_controls_v8_ig1_4.sp @@ -11,7 +11,7 @@ benchmark "cis_controls_v8_ig1_4" { } benchmark "cis_controls_v8_ig1_4_1" { - title = "4.1 - Establish and Maintain a Secure Configuration Process" + title = "4.1 Establish and Maintain a Secure Configuration Process" description = "Establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile, non-computing/IoT devices, and servers) and software (operating systems and applications). Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard." children = [ control.account_part_of_organizations, @@ -26,7 +26,7 @@ benchmark "cis_controls_v8_ig1_4_1" { } benchmark "cis_controls_v8_ig1_4_6" { - title = "4.6 - Securely Manage Enterprise Assets and Software" + title = "4.6 Securely Manage Enterprise Assets and Software" description = "Securely manage enterprise assets and software. Example implementations include managing configuration through version-controlled-infrastructure-as-code and accessing administrative interfaces over secure network protocols, such as Secure Shell (SSH) and Hypertext Transfer Protocol Secure (HTTPS). Do not use insecure management protocols, such as Telnet (Teletype Network) and HTTP, unless operationally essential." children = [ control.account_part_of_organizations, @@ -65,7 +65,7 @@ benchmark "cis_controls_v8_ig1_4_6" { } benchmark "cis_controls_v8_ig1_4_7" { - title = "4.7 - Manage Default Accounts on Enterprise Assets and Software" + title = "4.7 Manage Default Accounts on Enterprise Assets and Software" description = "Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable." children = [ control.iam_root_user_mfa_enabled, diff --git a/cis_controls_v8_ig1/cis_controls_v8_ig1_5.sp b/cis_controls_v8_ig1/cis_controls_v8_ig1_5.sp index 8b67ad71..3e1dc1b3 100644 --- a/cis_controls_v8_ig1/cis_controls_v8_ig1_5.sp +++ b/cis_controls_v8_ig1/cis_controls_v8_ig1_5.sp @@ -11,7 +11,7 @@ benchmark "cis_controls_v8_ig1_5" { } benchmark "cis_controls_v8_ig1_5_2" { - title = "5.2 - Use Unique Passwords" + title = "5.2 Use Unique Passwords" description = "Use unique passwords for all enterprise assets. Best practice implementation includes, at a minimum, an 8-character password for accounts using MFA and a 14-character password for accounts not using MFA." children = [ control.iam_account_password_policy_min_length_14, @@ -24,7 +24,7 @@ benchmark "cis_controls_v8_ig1_5_2" { } benchmark "cis_controls_v8_ig1_5_3" { - title = "5.3 - Disable Dormant Accounts" + title = "5.3 Disable Dormant Accounts" description = "Delete or disable any dormant accounts after a period of 45 days of inactivity, where supported." children = [ control.iam_user_unused_credentials_90 @@ -34,7 +34,7 @@ benchmark "cis_controls_v8_ig1_5_3" { } benchmark "cis_controls_v8_ig1_5_4" { - title = "5.4 - Restrict Administrator Privileges to Dedicated Administrator Accounts" + title = "5.4 Restrict Administrator Privileges to Dedicated Administrator Accounts" description = "Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user's primary, non-privileged account." children = [ control.iam_policy_no_star_star, diff --git a/cis_controls_v8_ig1/cis_controls_v8_ig1_6.sp b/cis_controls_v8_ig1/cis_controls_v8_ig1_6.sp index 38bdd83f..73fc5b08 100644 --- a/cis_controls_v8_ig1/cis_controls_v8_ig1_6.sp +++ b/cis_controls_v8_ig1/cis_controls_v8_ig1_6.sp @@ -9,7 +9,7 @@ benchmark "cis_controls_v8_ig1_6" { } benchmark "cis_controls_v8_ig1_6_5" { - title = "6.5 - Require MFA for Administrative Access" + title = "6.5 Require MFA for Administrative Access" description = "Require MFA for all administrative access accounts, where supported, on all enterprise assets, whether managed on-site or through a third-party provider." children = [ control.iam_root_user_mfa_enabled, diff --git a/cis_controls_v8_ig1/cis_controls_v8_ig1_7.sp b/cis_controls_v8_ig1/cis_controls_v8_ig1_7.sp index 592ebbb5..6041cdd6 100644 --- a/cis_controls_v8_ig1/cis_controls_v8_ig1_7.sp +++ b/cis_controls_v8_ig1/cis_controls_v8_ig1_7.sp @@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_7" { } benchmark "cis_controls_v8_ig1_7_1" { - title = "7.1 - Establish and Maintain a Vulnerability Management Process" + title = "7.1 Establish and Maintain a Vulnerability Management Process" description = "Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard." children = [ control.guardduty_enabled, @@ -22,7 +22,7 @@ benchmark "cis_controls_v8_ig1_7_1" { } benchmark "cis_controls_v8_ig1_7_3" { - title = "7.3 - Perform Automated Operating System Patch Management" + title = "7.3 Perform Automated Operating System Patch Management" description = "Perform operating system updates on enterprise assets through automated patch management on a monthly, or more frequent, basis." children = [ control.redshift_cluster_maintenance_settings_check, diff --git a/cis_controls_v8_ig1/cis_controls_v8_ig1_8.sp b/cis_controls_v8_ig1/cis_controls_v8_ig1_8.sp index aa7ca966..5b52a449 100644 --- a/cis_controls_v8_ig1/cis_controls_v8_ig1_8.sp +++ b/cis_controls_v8_ig1/cis_controls_v8_ig1_8.sp @@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_8" { } benchmark "cis_controls_v8_ig1_8_1" { - title = "8.1 - Establish and Maintain an Audit Log Management Process" + title = "8.1 Establish and Maintain an Audit Log Management Process" description = "Establish and maintain an audit log management process that defines the enterprise’s logging requirements. At a minimum, address the collection, review, and retention of audit logs for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard." children = [ control.cloudwatch_log_group_retention_period_365 @@ -20,7 +20,7 @@ benchmark "cis_controls_v8_ig1_8_1" { } benchmark "cis_controls_v8_ig1_8_2" { - title = "8.2 - Collect Audit Logs" + title = "8.2 Collect Audit Logs" description = "Collect audit logs. Ensure that logging, per the enterprise’s audit log management process, has been enabled across enterprise assets." children = [ control.apigateway_stage_logging_enabled,