Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add NIST SP 800-171 Rev. 2 benchmark Closes #435 #453

Merged
merged 18 commits into from
Jul 14, 2022
Merged

Add NIST SP 800-171 Rev. 2 benchmark Closes #435 #453

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
d0d1925
Add nist-800-172-rev2 controls
rajlearner17 Jul 5, 2022
a8fbe72
Additional controls
rajlearner17 Jul 8, 2022
63e3c47
updates
rajlearner17 Jul 8, 2022
45675d9
Merge branch 'release/v0.39' of github.com:turbot/steampipe-mod-aws-c…
rajlearner17 Jul 8, 2022
c1f8657
updates
rajlearner17 Jul 8, 2022
2b316f2
Updates with doc changes
rajlearner17 Jul 11, 2022
b288d28
Formatting update
rajlearner17 Jul 11, 2022
cfcf970
Controls with updated tags
rajlearner17 Jul 12, 2022
83ef604
Updated title for 3.1.1 & description
rajlearner17 Jul 13, 2022
398419c
Update titles
vkumbha Jul 13, 2022
73068a7
Update control tags
vkumbha Jul 13, 2022
4ebc3b6
Updates to the tag
rajlearner17 Jul 13, 2022
2880764
Updated doc
rajlearner17 Jul 13, 2022
791cc5a
Tidy up tags
rajlearner17 Jul 14, 2022
759bc98
updates
rajlearner17 Jul 14, 2022
c3b6638
Updates
rajlearner17 Jul 14, 2022
4e2726f
Update ca.sp
misraved Jul 14, 2022
71b7762
Update au.sp
misraved Jul 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ Institutions Examination Council (FFIEC)](https://hub.steampipe.io/mods/turbot/a
* [HIPAA](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.hipaa)
* [NIST 800-53 Revision 4](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.nist_800_53_rev_4)
* [NIST 800-53 Revision 5](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.nist_800_53_rev_5)
* [NIST 800-171 Revision 2](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.nist_800_171_rev_2) 🚀 New!
* [NIST Cybersecurity Framework (CSF)](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.nist_csf)
* [Other Compliance Checks](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.other) 🚀 New!
* [PCI DSS v3.2.1](https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.pci_v321)
Expand Down
1 change: 1 addition & 0 deletions conformance_pack/acm.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ control "acm_certificate_expires_30_days" {
ffiec = "true"
gdpr = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand Down
2 changes: 2 additions & 0 deletions conformance_pack/apigateway.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ control "apigateway_stage_logging_enabled" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -49,6 +50,7 @@ control "apigateway_rest_api_stage_use_ssl_certificate" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
gxp_21_cfr_part_11 = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
rbi_cyber_security = "true"
})
Expand Down
1 change: 1 addition & 0 deletions conformance_pack/autoscaling.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ control "autoscaling_group_with_lb_use_health_check" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand Down
22 changes: 13 additions & 9 deletions conformance_pack/backup.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,11 @@ control "backup_recovery_point_manual_deletion_disabled" {
sql = query.backup_recovery_point_manual_deletion_disabled.sql

tags = merge(local.conformance_pack_backup_common_tags, {
ffiec = "true"
hipaa = "true"
nist_csf = "true"
soc_2 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
}

Expand All @@ -27,6 +28,7 @@ control "backup_plan_min_retention_35_days" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
Expand All @@ -38,10 +40,11 @@ control "backup_recovery_point_encryption_enabled" {
sql = query.backup_recovery_point_encryption_enabled.sql

tags = merge(local.conformance_pack_backup_common_tags, {
ffiec = "true"
hipaa = "true"
nist_csf = "true"
soc_2 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
}

Expand All @@ -51,6 +54,7 @@ control "backup_recovery_point_min_retention_35_days" {
sql = query.backup_recovery_point_min_retention_35_days.sql

tags = merge(local.conformance_pack_backup_common_tags, {
ffiec = "true"
ffiec = "true"
nist_800_171_rev_2 = "true"
})
}
13 changes: 10 additions & 3 deletions conformance_pack/cloudtrail.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ control "cloudtrail_trail_integrated_with_logs" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -36,6 +37,7 @@ control "cloudtrail_s3_data_events_enabled" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -55,6 +57,7 @@ control "cloudtrail_trail_logs_encrypted_with_kms_cmk" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -73,6 +76,7 @@ control "cloudtrail_multi_region_trail_enabled" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -92,6 +96,7 @@ control "cloudtrail_trail_validation_enabled" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
soc_2 = "true"
Expand All @@ -109,6 +114,7 @@ control "cloudtrail_trail_enabled" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -123,9 +129,10 @@ control "cloudtrail_security_trail_enabled" {
sql = query.cloudtrail_security_trail_enabled.sql

tags = merge(local.conformance_pack_cloudtrail_common_tags, {
gdpr = "true"
nist_800_53_rev_4 = "true"
soc_2 = "true"
gdpr = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
soc_2 = "true"
})
}

Expand Down
3 changes: 3 additions & 0 deletions conformance_pack/cloudwatch.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ control "cloudwatch_alarm_action_enabled" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -32,6 +33,7 @@ control "log_group_encryption_at_rest_enabled" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -51,6 +53,7 @@ control "cloudwatch_log_group_retention_period_365" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
rbi_cyber_security = "true"
Expand Down
1 change: 1 addition & 0 deletions conformance_pack/dms.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ control "dms_replication_instance_not_publicly_accessible" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand Down
5 changes: 5 additions & 0 deletions conformance_pack/dynamodb.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ control "dynamodb_table_auto_scaling_enabled" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -32,6 +33,7 @@ control "dynamodb_table_point_in_time_recovery_enabled" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -49,6 +51,7 @@ control "dynamodb_table_encrypted_with_kms_cmk" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
rbi_cyber_security = "true"
Expand All @@ -64,6 +67,7 @@ control "dynamodb_table_in_backup_plan" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand Down Expand Up @@ -92,6 +96,7 @@ control "dynamodb_table_protected_by_backup_plan" {
fedramp_low_rev_4 = "true"
fedramp_moderate_rev_4 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
Expand Down
6 changes: 6 additions & 0 deletions conformance_pack/ebs.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ control "ebs_snapshot_not_publicly_restorable" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -31,6 +32,7 @@ control "ebs_volume_encryption_at_rest_enabled" {
fedramp_moderate_rev_4 = "true"
gdpr = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
rbi_cyber_security = "true"
})
Expand All @@ -48,6 +50,7 @@ control "ebs_attached_volume_encryption_enabled" {
gdpr = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -64,6 +67,7 @@ control "ebs_volume_in_backup_plan" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand Down Expand Up @@ -97,6 +101,7 @@ control "ebs_volume_protected_by_backup_plan" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
Expand All @@ -112,6 +117,7 @@ control "ebs_volume_unused" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
gxp_21_cfr_part_11 = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
})
}
10 changes: 9 additions & 1 deletion conformance_pack/ec2.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ control "ec2_ebs_default_encryption_enabled" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
})
}
Expand All @@ -25,6 +26,7 @@ control "ec2_instance_detailed_monitoring_enabled" {
tags = merge(local.conformance_pack_ec2_common_tags, {
fedramp_low_rev_4 = "true"
fedramp_moderate_rev_4 = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_csf = "true"
soc_2 = "true"
Expand All @@ -42,6 +44,7 @@ control "ec2_instance_in_vpc" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -60,6 +63,7 @@ control "ec2_instance_not_publicly_accessible" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -79,6 +83,7 @@ control "ec2_stopped_instance_30_days" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
})
Expand All @@ -95,6 +100,7 @@ control "ec2_instance_ebs_optimized" {
fedramp_moderate_rev_4 = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
soc_2 = "true"
Expand Down Expand Up @@ -125,6 +131,7 @@ control "ec2_instance_protected_by_backup_plan" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
Expand All @@ -138,6 +145,7 @@ control "ec2_instance_iam_profile_attached" {
tags = merge(local.conformance_pack_ec2_common_tags, {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
})
}
Expand Down Expand Up @@ -180,4 +188,4 @@ control "ec2_instance_no_launch_wizard_security_group" {
tags = merge(local.conformance_pack_ec2_common_tags, {
other_checks = "true"
})
}
}
1 change: 1 addition & 0 deletions conformance_pack/ecs.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ control "ecs_task_definition_user_for_host_mode_check" {
fedramp_moderate_rev_4 = "true"
ffiec = "true"
gxp_21_cfr_part_11 = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_5 = "true"
})
}
Expand Down
3 changes: 3 additions & 0 deletions conformance_pack/efs.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ control "efs_file_system_encrypt_data_at_rest" {
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
nist_800_171_rev_2 = "true"
rbi_cyber_security = "true"
})
}
Expand All @@ -30,6 +31,7 @@ control "efs_file_system_in_backup_plan" {
ffiec = "true"
gxp_21_cfr_part_11 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_800_53_rev_4 = "true"
nist_800_53_rev_5 = "true"
nist_csf = "true"
Expand All @@ -47,6 +49,7 @@ control "efs_file_system_protected_by_backup_plan" {
fedramp_low_rev_4 = "true"
fedramp_moderate_rev_4 = "true"
hipaa = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
soc_2 = "true"
})
Expand Down
3 changes: 2 additions & 1 deletion conformance_pack/eks.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ control "eks_cluster_endpoint_restrict_public_access" {
sql = query.eks_cluster_endpoint_restrict_public_access.sql

tags = merge(local.conformance_pack_eks_common_tags, {
nist_csf = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
})
}

Expand Down
Loading