Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Operational Best Practices for NIST 800-53 rev 5 Closes #398 #399

Merged
merged 21 commits into from
Jun 2, 2022
Merged

Add Operational Best Practices for NIST 800-53 rev 5 Closes #398 #399

merged 21 commits into from
Jun 2, 2022

Conversation

khushboo9024
Copy link
Contributor

Checklist

  • Issue(s) linked

@khushboo9024 khushboo9024 linked an issue May 26, 2022 that may be closed by this pull request
Add Operational Best Practices for NIST 800-53 rev 5 #398
Closed
@rajlearner17 rajlearner17 self-requested a review May 30, 2022 11:11
rajlearner17
rajlearner17 reviewed Jun 1, 2022
View reviewed changes
query/secretsmanager/secretsmanager_secret_unused_90_day.sql Outdated
case
when last_accessed_date is null then title || ' never accessed.'
else
title || ' last used ' || extract(day from current_timestamp - last_accessed_date) || ' day(s) ago.'
Copy link
Contributor

@rajlearner17 rajlearner17 Jun 1, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@khushboo9024 can you remove extra space

rajlearner17
rajlearner17 reviewed Jun 1, 2022
View reviewed changes
query/secretsmanager/secretsmanager_secret_unused_90_day.sql Outdated
case
when last_accessed_date is null then title || ' never accessed.'
else
title || ' last used ' || extract(day from current_timestamp - last_accessed_date) || ' day(s) ago.'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@khushboo9024 can u remove extra space

misraved
misraved reviewed Jun 1, 2022
View reviewed changes
nist_800_53_rev_5/ac.sp Outdated
control.iam_user_unused_credentials_90,
control.secretsmanager_secret_automatic_rotation_enabled,
control.secretsmanager_secret_rotated_as_scheduled,
control.secretsmanager_secret_unused_90_day,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
control.secretsmanager_secret_unused_90_day,
control.secretsmanager_secret_unused_90_day

misraved
misraved reviewed Jun 1, 2022
View reviewed changes
nist_800_53_rev_5/ac.sp Outdated Show resolved Hide resolved
misraved
misraved reviewed Jun 1, 2022
View reviewed changes
nist_800_53_rev_5/ac.sp Outdated
title = "AC-2(3)(a)"
description = "Disable accounts within [Assignment: organization-defined time period] when the accounts: (a) Have expired;"
children = [
control.iam_user_unused_credentials_90,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The controls need to be sorted.

misraved
misraved reviewed Jun 1, 2022
View reviewed changes
nist_800_53_rev_5/ac.sp Outdated

benchmark "nist_800_53_rev_5_ac_2_3_a" {
title = "AC-2(3)(a)"
description = "Disable accounts within [Assignment: organization-defined time period] when the accounts: (a) Have expired;"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the description correct? Could we end it with a period?

misraved
misraved reviewed Jun 1, 2022
View reviewed changes
nist_800_53_rev_5/ac.sp Outdated
title = "AC-2(3)(d)"
description = "Disable accounts within [Assignment: organization-defined time period] when the accounts: (d) Have been inactive for [Assignment: organization-defined time period]."
children = [
control.iam_user_unused_credentials_90,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please sort the controls.

misraved
misraved reviewed Jun 1, 2022
View reviewed changes
nist_800_53_rev_5/ac.sp Outdated
control.s3_public_access_block_account,
control.s3_public_access_block_bucket,
control.sagemaker_notebook_instance_direct_internet_access_disabled,
control.vpc_subnet_auto_assign_public_ip_disabled,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
control.vpc_subnet_auto_assign_public_ip_disabled,
control.vpc_subnet_auto_assign_public_ip_disabled

misraved
misraved reviewed Jun 1, 2022
View reviewed changes
nist_800_53_rev_5/ac.sp Outdated
control.secretsmanager_secret_automatic_rotation_enabled,
control.secretsmanager_secret_rotated_as_scheduled,
control.secretsmanager_secret_unused_90_day

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

misraved
misraved reviewed Jun 1, 2022
View reviewed changes
nist_800_53_rev_5/ac.sp Outdated
control.secretsmanager_secret_automatic_rotation_enabled,
control.secretsmanager_secret_rotated_as_scheduled,
control.secretsmanager_secret_unused_90_day

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

misraved
misraved reviewed Jun 1, 2022
View reviewed changes
Copy link
Contributor

@misraved misraved left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make changes wherever required.

Minor changes include:

  1. Removal of ',' at the end of controls or benchmarks defined as a part of the children parameter.
  2. Sorting the controls/benchmarks wherever necessary

@misraved misraved merged commit 8131623 into release/v0.34 Jun 2, 2022
@misraved misraved deleted the add-nist-rev-5 branch June 2, 2022 13:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rajlearner17 rajlearner17 rajlearner17 approved these changes

@misraved misraved misraved approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add Operational Best Practices for NIST 800-53 rev 5
3 participants
@khushboo9024 @rajlearner17 @misraved