Add Operational Best Practices for FDA Title 21 CFR Part 11 benchmark. Closes #419

README.md

@@ -1,6 +1,6 @@
 # AWS Compliance Mod for Steampipe
 
-475+ checks covering industry defined security best practices across all AWS regions. Includes full support for multiple best practice benchmarks including PCI DSS, AWS Foundational Security, FedRAMP, FFIEC, HIPAA, NIST 800-53, NIST CSF, Reserve Bank of India, Audit Manager Control Tower **and the latest (v1.4.0) CIS benchmarks**.
+475+ checks covering industry defined security best practices across all AWS regions. Includes full support for multiple best practice benchmarks including PCI DSS, AWS Foundational Security, FedRAMP, FFIEC, GxP 21 CFR Part 11, HIPAA, NIST 800-53, NIST CSF, Reserve Bank of India, Audit Manager Control Tower **and the latest (v1.4.0) CIS benchmarks**.
 
 Run checks in a dashboard:
 ![image](https://raw.githubusercontent.com/turbot/steampipe-mod-aws-compliance/main/docs/aws_cis_v140_dashboard.png)
@@ -15,9 +15,10 @@ Includes support for:
 * [FedRAMP Low Revision 4](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.fedramp_low_rev_4)
 * [FedRAMP Moderate Revision 4](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.fedramp_moderate_rev_4)
 * [Federal Financial
-Institutions Examination Council (FFIEC)](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.ffiec) 🚀 New!
-* [HIPAA](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.hipaa)
+Institutions Examination Council (FFIEC)](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.ffiec)
 * [General Data Protection Regulation (GDPR)](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.gdpr)
+* [GxP 21 CFR Part 11](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.gxp_21_cfr_part_11) 🚀 New!
+* [HIPAA](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.hipaa)
 * [NIST 800-53 Revision 4](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.nist_800_53_rev_4)
 * [NIST 800-53 Revision 5](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.nist_800_53_rev_5)
 * [NIST Cybersecurity Framework (CSF)](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.nist_csf)

conformance_pack/apigateway.sp

@@ -12,6 +12,7 @@ control "apigateway_stage_cache_encryption_at_rest_enabled" {
   tags = merge(local.conformance_pack_apigateway_common_tags, {
     fedramp_moderate_rev_4 = "true"
     gdpr                   = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -29,6 +30,7 @@ control "apigateway_stage_logging_enabled" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -46,6 +48,7 @@ control "apigateway_rest_api_stage_use_ssl_certificate" {
   tags = merge(local.conformance_pack_apigateway_common_tags, {
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     nist_800_53_rev_5      = "true"
     rbi_cyber_security     = "true"
   })

conformance_pack/cloudtrail.sp

@@ -14,6 +14,7 @@ control "cloudtrail_trail_integrated_with_logs" {
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
     gdpr                   = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -33,6 +34,7 @@ control "cloudtrail_s3_data_events_enabled" {
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
     gdpr                   = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -51,6 +53,7 @@ control "cloudtrail_trail_logs_encrypted_with_kms_cmk" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     gdpr                   = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -68,6 +71,7 @@ control "cloudtrail_multi_region_trail_enabled" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -86,6 +90,7 @@ control "cloudtrail_trail_validation_enabled" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     gdpr                   = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -102,6 +107,7 @@ control "cloudtrail_trail_enabled" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -151,4 +157,4 @@ control "cloudtrail_bucket_not_public" {
   tags = merge(local.conformance_pack_cloudtrail_common_tags, {
     gdpr = "true"
   })
-}
+}

conformance_pack/cloudwatch.sp

@@ -30,6 +30,7 @@ control "log_group_encryption_at_rest_enabled" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     gdpr                   = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -48,6 +49,7 @@ control "cloudwatch_log_group_retention_period_365" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"

conformance_pack/dms.sp

@@ -13,6 +13,7 @@ control "dms_replication_instance_not_publicly_accessible" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"

conformance_pack/dynamodb.sp

@@ -13,6 +13,7 @@ control "dynamodb_table_auto_scaling_enabled" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -29,6 +30,7 @@ control "dynamodb_table_point_in_time_recovery_enabled" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -45,6 +47,7 @@ control "dynamodb_table_encrypted_with_kms_cmk" {
 
   tags = merge(local.conformance_pack_dynamodb_common_tags, {
     gdpr               = "true"
+    gxp_21_cfr_part_11 = "true"
     hipaa              = "true"
     nist_800_53_rev_4  = "true"
     nist_800_53_rev_5  = "true"
@@ -59,6 +62,7 @@ control "dynamodb_table_in_backup_plan" {
 
   tags = merge(local.conformance_pack_dynamodb_common_tags, {
     ffiec              = "true"
+    gxp_21_cfr_part_11 = "true"
     hipaa              = "true"
     nist_800_53_rev_4  = "true"
     nist_800_53_rev_5  = "true"

conformance_pack/ebs.sp

@@ -13,6 +13,7 @@ control "ebs_snapshot_not_publicly_restorable" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -45,6 +46,7 @@ control "ebs_attached_volume_encryption_enabled" {
     fedramp_moderate_rev_4      = "true"
     ffiec                       = "true"
     gdpr                        = "true"
+    gxp_21_cfr_part_11          = "true"
     hipaa                       = "true"
     nist_800_53_rev_4           = "true"
     nist_800_53_rev_5           = "true"
@@ -60,6 +62,7 @@ control "ebs_volume_in_backup_plan" {
 
   tags = merge(local.conformance_pack_ebs_common_tags, {
     ffiec              = "true"
+    gxp_21_cfr_part_11 = "true"
     hipaa              = "true"
     nist_800_53_rev_4  = "true"
     nist_800_53_rev_5  = "true"
@@ -108,6 +111,7 @@ control "ebs_volume_unused" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     nist_800_53_rev_5      = "true"
   })
 }

conformance_pack/ec2.sp

@@ -10,9 +10,10 @@ control "ec2_ebs_default_encryption_enabled" {
   sql         = query.ec2_ebs_default_encryption_enabled.sql
 
   tags = merge(local.conformance_pack_ec2_common_tags, {
-    ffiec             = "true"
-    hipaa             = "true"
-    nist_800_53_rev_5 = "true"
+    ffiec              = "true"
+    gxp_21_cfr_part_11 = "true"
+    hipaa              = "true"
+    nist_800_53_rev_5  = "true"
   })
 }
 
@@ -39,6 +40,7 @@ control "ec2_instance_in_vpc" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -56,6 +58,7 @@ control "ec2_instance_not_publicly_accessible" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -74,6 +77,7 @@ control "ec2_stopped_instance_30_days" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -89,9 +93,10 @@ control "ec2_instance_ebs_optimized" {
     audit_manager_control_tower = "true"
     fedramp_low_rev_4           = "true"
     fedramp_moderate_rev_4      = "true"
+    gxp_21_cfr_part_11          = "true"
     hipaa                       = "true"
-    nist_csf                    = "true"
     nist_800_53_rev_5           = "true"
+    nist_csf                    = "true"
     soc_2                       = "true"
   })
 }
@@ -104,6 +109,7 @@ control "ec2_instance_uses_imdsv2" {
   tags = merge(local.conformance_pack_ec2_common_tags, {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
+    gxp_21_cfr_part_11     = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
   })
@@ -130,8 +136,9 @@ control "ec2_instance_iam_profile_attached" {
   sql         = query.ec2_instance_iam_profile_attached.sql
 
   tags = merge(local.conformance_pack_ec2_common_tags, {
-    ffiec             = "true"
-    nist_800_53_rev_5 = "true"
+    ffiec              = "true"
+    gxp_21_cfr_part_11 = "true"
+    nist_800_53_rev_5  = "true"
   })
 }
 

conformance_pack/ecs.sp

@@ -13,6 +13,7 @@ control "ecs_task_definition_user_for_host_mode_check" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     nist_800_53_rev_5      = "true"
   })
 }

conformance_pack/efs.sp

@@ -12,6 +12,7 @@ control "efs_file_system_encrypt_data_at_rest" {
   tags = merge(local.conformance_pack_efs_common_tags, {
     ffiec              = "true"
     gdpr               = "true"
+    gxp_21_cfr_part_11 = "true"
     hipaa              = "true"
     nist_800_53_rev_4  = "true"
     nist_800_53_rev_5  = "true"
@@ -27,6 +28,7 @@ control "efs_file_system_in_backup_plan" {
 
   tags = merge(local.conformance_pack_efs_common_tags, {
     ffiec              = "true"
+    gxp_21_cfr_part_11 = "true"
     hipaa              = "true"
     nist_800_53_rev_4  = "true"
     nist_800_53_rev_5  = "true"

conformance_pack/elasticache.sp

@@ -13,6 +13,7 @@ control "elasticache_redis_cluster_automatic_backup_retention_15_days" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"

conformance_pack/elb.sp

@@ -14,6 +14,7 @@ control "elb_application_classic_lb_logging_enabled" {
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
     gdpr                   = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -32,6 +33,7 @@ control "elb_application_lb_deletion_protection_enabled" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_5      = "true"
     nist_csf               = "true"
@@ -48,6 +50,7 @@ control "elb_application_lb_redirect_http_request_to_https" {
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
     gdpr                   = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -82,6 +85,7 @@ control "elb_classic_lb_use_ssl_certificate" {
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
     gdpr                   = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -114,6 +118,7 @@ control "elb_classic_lb_use_tls_https_listeners" {
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
     gdpr                   = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
@@ -130,6 +135,7 @@ control "elb_classic_lb_cross_zone_load_balancing_enabled" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"
     nist_csf               = "true"
@@ -144,6 +150,7 @@ control "elb_application_network_lb_use_ssl_certificate" {
   tags = merge(local.conformance_pack_elb_common_tags, {
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     nist_800_53_rev_5      = "true"
     rbi_cyber_security     = "true"
   })

conformance_pack/emr.sp

@@ -10,10 +10,11 @@ control "emr_cluster_kerberos_enabled" {
   sql         = query.emr_cluster_kerberos_enabled.sql
 
   tags = merge(local.conformance_pack_emr_common_tags, {
-    ffiec             = "true"
-    hipaa             = "true"
-    nist_800_53_rev_4 = "true"
-    nist_csf          = "true"
+    ffiec              = "true"
+    gxp_21_cfr_part_11 = "true"
+    hipaa              = "true"
+    nist_800_53_rev_4  = "true"
+    nist_csf           = "true"
   })
 }
 
@@ -26,6 +27,7 @@ control "emr_cluster_master_nodes_no_public_ip" {
     fedramp_low_rev_4      = "true"
     fedramp_moderate_rev_4 = "true"
     ffiec                  = "true"
+    gxp_21_cfr_part_11     = "true"
     hipaa                  = "true"
     nist_800_53_rev_4      = "true"
     nist_800_53_rev_5      = "true"