diff --git a/conformance_pack/apigateway.sp b/conformance_pack/apigateway.sp index 431f29b0..84d322e1 100644 --- a/conformance_pack/apigateway.sp +++ b/conformance_pack/apigateway.sp @@ -46,7 +46,7 @@ control "apigateway_stage_logging_enabled" { control "apigateway_rest_api_stage_use_ssl_certificate" { title = "API Gateway stage should uses SSL certificate" - description = "Ensure if a REST API stage uses a Secure Sockets Layer (SSL) certificate. This rule is complaint if the REST API stage does not have an associated SSL certificate." + description = "Ensure if a REST API stage uses a Secure Sockets Layer (SSL) certificate. This rule is compliant if the REST API stage does not have an associated SSL certificate." sql = query.apigateway_rest_api_stage_use_ssl_certificate.sql tags = merge(local.conformance_pack_apigateway_common_tags, { @@ -62,7 +62,7 @@ control "apigateway_rest_api_stage_use_ssl_certificate" { control "apigateway_stage_use_waf_web_acl" { title = "API Gateway stage should be associated with waf" - description = "Ensure if an Amazon API Gateway API stage is using a WAF Web ACL. This rule is non complaint if an AWS WAF Web ACL is not used." + description = "Ensure if an Amazon API Gateway API stage is using a WAF Web ACL. This rule is non compliant if an AWS WAF Web ACL is not used." sql = query.apigateway_stage_use_waf_web_acl.sql tags = merge(local.conformance_pack_apigateway_common_tags, { diff --git a/conformance_pack/autoscaling.sp b/conformance_pack/autoscaling.sp index 515776af..5cd5d64c 100644 --- a/conformance_pack/autoscaling.sp +++ b/conformance_pack/autoscaling.sp @@ -23,7 +23,7 @@ control "autoscaling_group_with_lb_use_health_check" { control "autoscaling_launch_config_public_ip_disabled" { title = "Auto Scaling launch config public IP should be disabled" - description = "Ensure if Amazon EC2 Auto Scaling groups have public IP addresses enabled through Launch Configurations. This rule is non complaint if the Launch Configuration for an Auto Scaling group has AssociatePublicIpAddress set to 'true'." + description = "Ensure if Amazon EC2 Auto Scaling groups have public IP addresses enabled through Launch Configurations. This rule is non compliant if the Launch Configuration for an Auto Scaling group has AssociatePublicIpAddress set to 'true'." sql = query.autoscaling_launch_config_public_ip_disabled.sql tags = merge(local.conformance_pack_autoscaling_common_tags, { diff --git a/conformance_pack/backup.sp b/conformance_pack/backup.sp index 4f0cd452..1a33fd62 100644 --- a/conformance_pack/backup.sp +++ b/conformance_pack/backup.sp @@ -6,7 +6,7 @@ locals { control "backup_recovery_point_manual_deletion_disabled" { title = "Backup recovery points manual deletion should be disabled" - description = "Checks if a backup vault has an attached resource-based policy which prevents deletion of recovery points. The rule is non complaint if the Backup Vault does not have resource-based policies or has policies without a suitable 'Deny' statement." + description = "Checks if a backup vault has an attached resource-based policy which prevents deletion of recovery points. The rule is non compliant if the Backup Vault does not have resource-based policies or has policies without a suitable 'Deny' statement." sql = query.backup_recovery_point_manual_deletion_disabled.sql tags = merge(local.conformance_pack_backup_common_tags, { @@ -22,7 +22,7 @@ control "backup_recovery_point_manual_deletion_disabled" { control "backup_plan_min_retention_35_days" { title = "Backup plan min frequency and min retention check" - description = "Checks if a backup plan has a backup rule that satisfies the required frequency and retention period(35 Days). The rule is non complaint if recovery points are not created at least as often as the specified frequency or expire before the specified period." + description = "Checks if a backup plan has a backup rule that satisfies the required frequency and retention period(35 Days). The rule is non compliant if recovery points are not created at least as often as the specified frequency or expire before the specified period." sql = query.backup_plan_min_retention_35_days.sql tags = merge(local.conformance_pack_backup_common_tags, { @@ -40,7 +40,7 @@ control "backup_plan_min_retention_35_days" { control "backup_recovery_point_encryption_enabled" { title = "Backup recovery points should be encrypted" - description = "Ensure if a recovery point is encrypted. The rule is non complaint if the recovery point is not encrypted." + description = "Ensure if a recovery point is encrypted. The rule is non compliant if the recovery point is not encrypted." sql = query.backup_recovery_point_encryption_enabled.sql tags = merge(local.conformance_pack_backup_common_tags, { diff --git a/conformance_pack/dynamodb.sp b/conformance_pack/dynamodb.sp index 5ef9e4c9..b275c794 100644 --- a/conformance_pack/dynamodb.sp +++ b/conformance_pack/dynamodb.sp @@ -97,7 +97,7 @@ control "dynamodb_table_encryption_enabled" { control "dynamodb_table_protected_by_backup_plan" { title = "DynamoDB table should be protected by backup plan" - description = "Ensure if Amazon DynamoDB tables are protected by a backup plan. The rule is non complaint if the DynamoDB Table is not covered by a backup plan." + description = "Ensure if Amazon DynamoDB tables are protected by a backup plan. The rule is non compliant if the DynamoDB Table is not covered by a backup plan." sql = query.dynamodb_table_protected_by_backup_plan.sql tags = merge(local.conformance_pack_dynamodb_common_tags, { diff --git a/conformance_pack/ebs.sp b/conformance_pack/ebs.sp index 5eb02150..bbf09e95 100644 --- a/conformance_pack/ebs.sp +++ b/conformance_pack/ebs.sp @@ -98,7 +98,7 @@ control "ebs_attached_volume_delete_on_termination_enabled" { control "ebs_volume_protected_by_backup_plan" { title = "EBS volumes should be protected by a backup plan" - description = "Ensure if Amazon Elastic Block Store (Amazon EBS) volumes are protected by a backup plan. The rule is non complaint if the Amazon EBS volume is not covered by a backup plan." + description = "Ensure if Amazon Elastic Block Store (Amazon EBS) volumes are protected by a backup plan. The rule is non compliant if the Amazon EBS volume is not covered by a backup plan." sql = query.ebs_volume_protected_by_backup_plan.sql tags = merge(local.conformance_pack_ebs_common_tags, { diff --git a/conformance_pack/ec2.sp b/conformance_pack/ec2.sp index 14f8dd27..ebc804f6 100644 --- a/conformance_pack/ec2.sp +++ b/conformance_pack/ec2.sp @@ -130,7 +130,7 @@ control "ec2_instance_uses_imdsv2" { control "ec2_instance_protected_by_backup_plan" { title = "EC2 instances should be protected by backup plan" - description = "Ensure if Amazon Elastic Compute Cloud (Amazon EC2) instances are protected by a backup plan. The rule is non complaint if the Amazon EC2 instance is not covered by a backup plan." + description = "Ensure if Amazon Elastic Compute Cloud (Amazon EC2) instances are protected by a backup plan. The rule is non compliant if the Amazon EC2 instance is not covered by a backup plan." sql = query.ec2_instance_protected_by_backup_plan.sql tags = merge(local.conformance_pack_ec2_common_tags, { diff --git a/conformance_pack/efs.sp b/conformance_pack/efs.sp index e71ef920..bb4b805a 100644 --- a/conformance_pack/efs.sp +++ b/conformance_pack/efs.sp @@ -44,7 +44,7 @@ control "efs_file_system_in_backup_plan" { control "efs_file_system_protected_by_backup_plan" { title = "EFS file systems should be protected by backup plan" - description = "Ensure if Amazon Elastic File System (Amazon EFS) File Systems are protected by a backup plan. The rule is non complaint if the EFS File System is not covered by a backup plan." + description = "Ensure if Amazon Elastic File System (Amazon EFS) File Systems are protected by a backup plan. The rule is non compliant if the EFS File System is not covered by a backup plan." sql = query.efs_file_system_protected_by_backup_plan.sql tags = merge(local.conformance_pack_efs_common_tags, { @@ -61,7 +61,7 @@ control "efs_file_system_protected_by_backup_plan" { control "efs_file_system_encrypted_with_cmk" { title = "EFS file systems should be encrypted with CMK" - description = "Ensure Amazon Elastic File Systems (Amazon EFS) are encrypted using CMK. The rule is non complaint if the EFS File System is not encrypted using CMK." + description = "Ensure Amazon Elastic File Systems (Amazon EFS) are encrypted using CMK. The rule is non compliant if the EFS File System is not encrypted using CMK." sql = query.efs_file_system_encrypted_with_cmk.sql tags = merge(local.conformance_pack_efs_common_tags, { diff --git a/conformance_pack/eks.sp b/conformance_pack/eks.sp index 1694e014..e1241abc 100644 --- a/conformance_pack/eks.sp +++ b/conformance_pack/eks.sp @@ -17,7 +17,7 @@ control "eks_cluster_secrets_encrypted" { control "eks_cluster_endpoint_restrict_public_access" { title = "EKS clusters endpoint should restrict public access" - description = "Ensure whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoint is not publicly accessible. The rule is complaint if the endpoint is publicly accessible." + description = "Ensure whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoint is not publicly accessible. The rule is compliant if the endpoint is publicly accessible." sql = query.eks_cluster_endpoint_restrict_public_access.sql tags = merge(local.conformance_pack_eks_common_tags, { diff --git a/conformance_pack/elb.sp b/conformance_pack/elb.sp index 44bab9c9..9c495565 100644 --- a/conformance_pack/elb.sp +++ b/conformance_pack/elb.sp @@ -160,7 +160,7 @@ control "elb_classic_lb_cross_zone_load_balancing_enabled" { control "elb_application_network_lb_use_ssl_certificate" { title = "ELB application and network load balancers should only use SSL or HTTPS listeners" - description = "Ensure if Application Load Balancers and Network Load Balancers are configured to use certificates from AWS Certificate Manager (ACM). This rule is complaint if at least 1 load balancer is configured without a certificate from ACM." + description = "Ensure if Application Load Balancers and Network Load Balancers are configured to use certificates from AWS Certificate Manager (ACM). This rule is compliant if at least 1 load balancer is configured without a certificate from ACM." sql = query.elb_application_network_lb_use_ssl_certificate.sql tags = merge(local.conformance_pack_elb_common_tags, { diff --git a/conformance_pack/es.sp b/conformance_pack/es.sp index dc3d6b48..fa12be17 100644 --- a/conformance_pack/es.sp +++ b/conformance_pack/es.sp @@ -67,7 +67,7 @@ control "es_domain_node_to_node_encryption_enabled" { control "es_domain_logs_to_cloudwatch" { title = "Elasticsearch domain should send logs to CloudWatch" - description = "Ensure if Amazon OpenSearch Service (OpenSearch Service) domains are configured to send logs to Amazon CloudWatch Logs. The rule is complaint if a log is enabled for an OpenSearch Service domain. This rule is non compliant if logging is not configured." + description = "Ensure if Amazon OpenSearch Service (OpenSearch Service) domains are configured to send logs to Amazon CloudWatch Logs. The rule is compliant if a log is enabled for an OpenSearch Service domain. This rule is non compliant if logging is not configured." sql = query.es_domain_logs_to_cloudwatch.sql tags = merge(local.conformance_pack_es_common_tags, { diff --git a/conformance_pack/fsx.sp b/conformance_pack/fsx.sp index 858613c0..52bcbcc9 100644 --- a/conformance_pack/fsx.sp +++ b/conformance_pack/fsx.sp @@ -6,7 +6,7 @@ locals { control "fsx_file_system_protected_by_backup_plan" { title = "FSx file system should be protected by backup plan" - description = "Checks if Amazon FSx File Systems are protected by a backup plan. The rule is non complaint if the Amazon FSx File System is not covered by a backup plan." + description = "Checks if Amazon FSx File Systems are protected by a backup plan. The rule is non compliant if the Amazon FSx File System is not covered by a backup plan." sql = query.fsx_file_system_protected_by_backup_plan.sql tags = merge(local.conformance_pack_fsx_common_tags, { diff --git a/conformance_pack/iam.sp b/conformance_pack/iam.sp index 6b8a54fd..4b48e0c1 100644 --- a/conformance_pack/iam.sp +++ b/conformance_pack/iam.sp @@ -372,7 +372,7 @@ control "iam_account_password_policy_one_symbol" { control "iam_all_policy_no_service_wild_card" { title = "Ensure IAM policy should not grant full access to service" - description = "Checks if AWS Identity and Access Management (IAM) policies grant permissions to all actions on individual AWS resources. The rule is non complaint if the managed IAM policy allows full access to at least 1 AWS service." + description = "Checks if AWS Identity and Access Management (IAM) policies grant permissions to all actions on individual AWS resources. The rule is non compliant if the managed IAM policy allows full access to at least 1 AWS service." sql = query.iam_policy_custom_no_service_wildcard.sql tags = merge(local.conformance_pack_iam_common_tags, { diff --git a/conformance_pack/lambda.sp b/conformance_pack/lambda.sp index a02607ed..1ef08523 100644 --- a/conformance_pack/lambda.sp +++ b/conformance_pack/lambda.sp @@ -63,7 +63,7 @@ control "lambda_function_restrict_public_access" { control "lambda_function_concurrent_execution_limit_configured" { title = "Lambda functions concurrent execution limit configured" - description = "Checks whether the AWS Lambda function is configured with function-level concurrent execution limit. The control is non complaint if the Lambda function is not configured with function-level concurrent execution limit." + description = "Checks whether the AWS Lambda function is configured with function-level concurrent execution limit. The control is non compliant if the Lambda function is not configured with function-level concurrent execution limit." sql = query.lambda_function_concurrent_execution_limit_configured.sql tags = merge(local.conformance_pack_lambda_common_tags, { diff --git a/conformance_pack/rds.sp b/conformance_pack/rds.sp index e0c4f564..b3ce8e45 100644 --- a/conformance_pack/rds.sp +++ b/conformance_pack/rds.sp @@ -225,7 +225,7 @@ control "rds_db_cluster_iam_authentication_enabled" { control "rds_db_cluster_aurora_protected_by_backup_plan" { title = "RDS Aurora clusters should be protected by backup plan" - description = "Checks if Amazon Aurora DB clusters are protected by a backup plan. The rule is non complaint if the Amazon Relational Database Service (Amazon RDS) Database Cluster is not protected by a backup plan." + description = "Checks if Amazon Aurora DB clusters are protected by a backup plan. The rule is non compliant if the Amazon Relational Database Service (Amazon RDS) Database Cluster is not protected by a backup plan." sql = query.rds_db_cluster_aurora_protected_by_backup_plan.sql tags = merge(local.conformance_pack_rds_common_tags, { @@ -242,7 +242,7 @@ control "rds_db_cluster_aurora_protected_by_backup_plan" { control "rds_db_instance_protected_by_backup_plan" { title = "RDS DB instance should be protected by backup plan" - description = "Ensure if Amazon Relational Database Service (Amazon RDS) instances are protected by a backup plan. The rule is non complaint if the Amazon RDS Database instance is not covered by a backup plan." + description = "Ensure if Amazon Relational Database Service (Amazon RDS) instances are protected by a backup plan. The rule is non compliant if the Amazon RDS Database instance is not covered by a backup plan." sql = query.rds_db_instance_protected_by_backup_plan.sql tags = merge(local.conformance_pack_rds_common_tags, { diff --git a/conformance_pack/redshift.sp b/conformance_pack/redshift.sp index 39857620..f24087df 100644 --- a/conformance_pack/redshift.sp +++ b/conformance_pack/redshift.sp @@ -90,7 +90,7 @@ control "redshift_cluster_automatic_snapshots_min_7_days" { control "redshift_cluster_kms_enabled" { title = "Amazon Redshift clusters should be encrypted with KMS" - description = "Ensure if Amazon Redshift clusters are using a specified AWS Key Management Service (AWS KMS) key for encryption. The rule is complaint if encryption is enabled and the cluster is encrypted with the key provided in the kmsKeyArn parameter. The rule is non complaint if the cluster is not encrypted or encrypted with another key." + description = "Ensure if Amazon Redshift clusters are using a specified AWS Key Management Service (AWS KMS) key for encryption. The rule is compliant if encryption is enabled and the cluster is encrypted with the key provided in the kmsKeyArn parameter. The rule is non compliant if the cluster is not encrypted or encrypted with another key." sql = query.redshift_cluster_kms_enabled.sql tags = merge(local.conformance_pack_redshift_common_tags, { diff --git a/conformance_pack/vpc.sp b/conformance_pack/vpc.sp index 013dc9b3..b52be99c 100644 --- a/conformance_pack/vpc.sp +++ b/conformance_pack/vpc.sp @@ -165,7 +165,7 @@ control "vpc_security_group_associated_to_eni" { control "vpc_subnet_auto_assign_public_ip_disabled" { title = "VPC subnet auto assign public IP should be disabled" - description = "Ensure if Amazon Virtual Private Cloud (Amazon VPC) subnets are assigned a public IP address. The control is complaint if Amazon VPC does not have subnets that are assigned a public IP address. The control. is non complaint if Amazon VPC has subnets that are assigned a public IP address." + description = "Ensure if Amazon Virtual Private Cloud (Amazon VPC) subnets are assigned a public IP address. The control is compliant if Amazon VPC does not have subnets that are assigned a public IP address. The control is non compliant if Amazon VPC has subnets that are assigned a public IP address." sql = query.vpc_subnet_auto_assign_public_ip_disabled.sql tags = merge(local.conformance_pack_vpc_common_tags, { @@ -183,7 +183,7 @@ control "vpc_subnet_auto_assign_public_ip_disabled" { control "vpc_route_table_restrict_public_access_to_igw" { title = "VPC route table should restrict public access to IGW" - description = "Ensure if there are public routes in the route table to an Internet Gateway (IGW). The rule is non complaint if a route to an IGW has a destination CIDR block of '0.0.0.0/0' or '::/0'." + description = "Ensure if there are public routes in the route table to an Internet Gateway (IGW). The rule is non compliant if a route to an IGW has a destination CIDR block of '0.0.0.0/0' or '::/0'." sql = query.vpc_route_table_restrict_public_access_to_igw.sql tags = merge(local.conformance_pack_vpc_common_tags, { diff --git a/soc_2/p_8.sp b/soc_2/p_8.sp index 5b1bd71e..d551cc73 100644 --- a/soc_2/p_8.sp +++ b/soc_2/p_8.sp @@ -16,7 +16,7 @@ benchmark "soc_2_p_8" { } benchmark "soc_2_p_8_1" { - title = "P8.1 The entity implements a process for receiving, addressing, resolving, and communicating the resolution of inquiries,complaints, and disputes from data subjects and others and periodically monitors compliance to meet the entity’s objectives related to privacy" + title = "P8.1 The entity implements a process for receiving, addressing, resolving, and communicating the resolution of inquiries, complaints, and disputes from data subjects and others and periodically monitors compliance to meet the entity’s objectives related to privacy" documentation = file("./soc_2/docs/p_8_1.md") children = [