Skip to content

Commit

Permalink
Add NIST SP 800-171 Rev. 2 benchmark Closes #435 (#453)
Browse files Browse the repository at this point in the history 
Co-authored-by: vkumbha <venu@turbot.com>
Co-authored-by: Ved misra <47312748+misraved@users.noreply.github.com>
  • Loading branch information
@rajlearner17 @vkumbha @misraved
3 people authored Jul 14, 2022
1 parent 1137cf6 commit bbf1687
Show file tree
Hide file tree
Showing 42 changed files with 1,305 additions and 36 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ Institutions Examination Council (FFIEC)](https://hub.steampipe.io/mods/turbot/a
* [HIPAA](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.hipaa)
* [NIST 800-53 Revision 4](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.nist_800_53_rev_4)
* [NIST 800-53 Revision 5](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.nist_800_53_rev_5)
* [NIST 800-171 Revision 2](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.nist_800_171_rev_2) 🚀 New!
* [NIST Cybersecurity Framework (CSF)](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.nist_csf)
* [Other Compliance Checks](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.other) 🚀 New!
* [PCI DSS v3.2.1](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.pci_v321)
Expand Down
1 change: 1 addition & 0 deletions conformance_pack/acm.sp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ control "acm_certificate_expires_30_days" {
ffiec = "true"
gdpr = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand Down
2 changes: 2 additions & 0 deletions conformance_pack/apigateway.sp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ control "apigateway_stage_logging_enabled" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -49,6 +50,7 @@ control "apigateway_rest_api_stage_use_ssl_certificate" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
gxp_21_cfr_part_11 = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
rbi_cyber_security = "true"
})
Expand Down
1 change: 1 addition & 0 deletions conformance_pack/autoscaling.sp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ control "autoscaling_group_with_lb_use_health_check" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand Down
22 changes: 13 additions & 9 deletions conformance_pack/backup.sp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,11 @@ control "backup_recovery_point_manual_deletion_disabled" {
sql = query.backup_recovery_point_manual_deletion_disabled.sql

tags = merge(local.conformance_pack_backup_common_tags, {
ffiec = "true"
hipaa = "true"
nist_csf = "true"
soc_2 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
}

Expand All @@ -27,6 +28,7 @@ control "backup_plan_min_retention_35_days" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
Expand All @@ -38,10 +40,11 @@ control "backup_recovery_point_encryption_enabled" {
sql = query.backup_recovery_point_encryption_enabled.sql

tags = merge(local.conformance_pack_backup_common_tags, {
ffiec = "true"
hipaa = "true"
nist_csf = "true"
soc_2 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
}

Expand All @@ -51,6 +54,7 @@ control "backup_recovery_point_min_retention_35_days" {
sql = query.backup_recovery_point_min_retention_35_days.sql

tags = merge(local.conformance_pack_backup_common_tags, {
ffiec = "true"
ffiec = "true"
nist_800_171_rev_2 = "true"
})
}
13 changes: 10 additions & 3 deletions conformance_pack/cloudtrail.sp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ control "cloudtrail_trail_integrated_with_logs" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -36,6 +37,7 @@ control "cloudtrail_s3_data_events_enabled" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -55,6 +57,7 @@ control "cloudtrail_trail_logs_encrypted_with_kms_cmk" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -73,6 +76,7 @@ control "cloudtrail_multi_region_trail_enabled" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -92,6 +96,7 @@ control "cloudtrail_trail_validation_enabled" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
soc_2 = "true"
Expand All @@ -109,6 +114,7 @@ control "cloudtrail_trail_enabled" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -123,9 +129,10 @@ control "cloudtrail_security_trail_enabled" {
sql = query.cloudtrail_security_trail_enabled.sql

tags = merge(local.conformance_pack_cloudtrail_common_tags, {
gdpr = "true"
nist_800_53_rev_4 = "true"
soc_2 = "true"
gdpr = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
soc_2 = "true"
})
}

Expand Down
3 changes: 3 additions & 0 deletions conformance_pack/cloudwatch.sp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ control "cloudwatch_alarm_action_enabled" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -32,6 +33,7 @@ control "log_group_encryption_at_rest_enabled" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -51,6 +53,7 @@ control "cloudwatch_log_group_retention_period_365" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
rbi_cyber_security = "true"
Expand Down
1 change: 1 addition & 0 deletions conformance_pack/dms.sp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ control "dms_replication_instance_not_publicly_accessible" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand Down
5 changes: 5 additions & 0 deletions conformance_pack/dynamodb.sp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ control "dynamodb_table_auto_scaling_enabled" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -32,6 +33,7 @@ control "dynamodb_table_point_in_time_recovery_enabled" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -49,6 +51,7 @@ control "dynamodb_table_encrypted_with_kms_cmk" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
rbi_cyber_security = "true"
Expand All @@ -64,6 +67,7 @@ control "dynamodb_table_in_backup_plan" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand Down Expand Up @@ -92,6 +96,7 @@ control "dynamodb_table_protected_by_backup_plan" {
fedramp_low_rev_4 = "true"
fedramp_moderate_rev_4 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
Expand Down
6 changes: 6 additions & 0 deletions conformance_pack/ebs.sp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ control "ebs_snapshot_not_publicly_restorable" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -31,6 +32,7 @@ control "ebs_volume_encryption_at_rest_enabled" {
fedramp_moderate_rev_4 = "true"
gdpr = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
rbi_cyber_security = "true"
})
Expand All @@ -48,6 +50,7 @@ control "ebs_attached_volume_encryption_enabled" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -64,6 +67,7 @@ control "ebs_volume_in_backup_plan" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand Down Expand Up @@ -97,6 +101,7 @@ control "ebs_volume_protected_by_backup_plan" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
Expand All @@ -112,6 +117,7 @@ control "ebs_volume_unused" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
gxp_21_cfr_part_11 = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
})
}
10 changes: 9 additions & 1 deletion conformance_pack/ec2.sp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ control "ec2_ebs_default_encryption_enabled" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
})
}
Expand All @@ -25,6 +26,7 @@ control "ec2_instance_detailed_monitoring_enabled" {
tags = merge(local.conformance_pack_ec2_common_tags, {
fedramp_low_rev_4 = "true"
fedramp_moderate_rev_4 = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_csf = "true"
soc_2 = "true"
Expand All @@ -42,6 +44,7 @@ control "ec2_instance_in_vpc" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -60,6 +63,7 @@ control "ec2_instance_not_publicly_accessible" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -79,6 +83,7 @@ control "ec2_stopped_instance_30_days" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
})
Expand All @@ -95,6 +100,7 @@ control "ec2_instance_ebs_optimized" {
fedramp_moderate_rev_4 = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
soc_2 = "true"
Expand Down Expand Up @@ -125,6 +131,7 @@ control "ec2_instance_protected_by_backup_plan" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
Expand All @@ -138,6 +145,7 @@ control "ec2_instance_iam_profile_attached" {
tags = merge(local.conformance_pack_ec2_common_tags, {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
})
}
Expand Down Expand Up @@ -180,4 +188,4 @@ control "ec2_instance_no_launch_wizard_security_group" {
tags = merge(local.conformance_pack_ec2_common_tags, {
other_checks = "true"
})
}
}
1 change: 1 addition & 0 deletions conformance_pack/ecs.sp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ control "ecs_task_definition_user_for_host_mode_check" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
gxp_21_cfr_part_11 = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
})
}
Expand Down
3 changes: 3 additions & 0 deletions conformance_pack/efs.sp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ control "efs_file_system_encrypt_data_at_rest" {
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
nist_800_171_rev_2 = "true"
rbi_cyber_security = "true"
})
}
Expand All @@ -30,6 +31,7 @@ control "efs_file_system_in_backup_plan" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -47,6 +49,7 @@ control "efs_file_system_protected_by_backup_plan" {
fedramp_low_rev_4 = "true"
fedramp_moderate_rev_4 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
Expand Down
3 changes: 2 additions & 1 deletion conformance_pack/eks.sp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ control "eks_cluster_endpoint_restrict_public_access" {
sql = query.eks_cluster_endpoint_restrict_public_access.sql

tags = merge(local.conformance_pack_eks_common_tags, {
nist_csf = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
})
}

Expand Down
Loading

0 comments on commit bbf1687

Please sign in to comment.