Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update CIS v8 IG1 benchmark title to stay consistent with other CIS benchmark titles #589

Merged
merged 1 commit into from
Mar 22, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions cis_controls_v8_ig1/cis_controls_v8_ig1_1.sp
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_1" {
}

benchmark "cis_controls_v8_ig1_1_1" {
title = "1.1 - Establish and Maintain Detailed Enterprise Asset Inventory"
title = "1.1 Establish and Maintain Detailed Enterprise Asset Inventory"
description = "Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data, to include: end-user devices (including portable and mobile), network devices, non-computing/IoT devices, and servers. Ensure the inventory records the network address (if static), hardware address, machine name, enterprise asset owner, department for each asset, and whether the asset has been approved to connect to the network. For mobile end-user devices, MDM type tools can support this process, where appropriate. This inventory includes assets connected to the infrastructure physically, virtually, remotely, and those within cloud environments. Additionally, it includes assets that are regularly connected to the enterprise’s network infrastructure, even if they are not under control of the enterprise. Review and update the inventory of all enterprise assets bi-annually, or more frequently."
children = [
control.ec2_stopped_instance_30_days,
Expand All @@ -24,7 +24,7 @@ benchmark "cis_controls_v8_ig1_1_1" {
}

benchmark "cis_controls_v8_ig1_1_2" {
title = "1.2 - Address Unauthorized Assets"
title = "1.2 Address Unauthorized Assets"
description = "Ensure that a process exists to address unauthorized assets on a weekly basis. The enterprise may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset."
children = [
control.guardduty_enabled
Expand Down
4 changes: 2 additions & 2 deletions cis_controls_v8_ig1/cis_controls_v8_ig1_10.sp
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_10" {
}

benchmark "cis_controls_v8_ig1_10_1" {
title = "10.1 - Deploy and Maintain Anti-Malware Software"
title = "10.1 Deploy and Maintain Anti-Malware Software"
description = "Deploy and maintain anti-malware software on all enterprise assets."
children = [
control.guardduty_enabled
Expand All @@ -20,7 +20,7 @@ benchmark "cis_controls_v8_ig1_10_1" {
}

benchmark "cis_controls_v8_ig1_10_2" {
title = "10.2 - Configure Automatic Anti-Malware Signature Updates"
title = "10.2 Configure Automatic Anti-Malware Signature Updates"
description = "Configure automatic updates for anti-malware signature files on all enterprise assets."
children = [
control.guardduty_enabled
Expand Down
6 changes: 3 additions & 3 deletions cis_controls_v8_ig1/cis_controls_v8_ig1_11.sp
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ benchmark "cis_controls_v8_ig1_11" {
}

benchmark "cis_controls_v8_ig1_11_2" {
title = "11.2 - Perform Automated Backups"
title = "11.2 Perform Automated Backups"
description = "Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data."
children = [
control.dynamodb_table_in_backup_plan,
Expand All @@ -32,7 +32,7 @@ benchmark "cis_controls_v8_ig1_11_2" {
}

benchmark "cis_controls_v8_ig1_11_3" {
title = "11.3 - Protect Recovery Data"
title = "11.3 Protect Recovery Data"
description = "Protect recovery data with equivalent controls to the original data. Reference encryption or data separation, based on requirements."
children = [
control.ebs_volume_encryption_at_rest_enabled,
Expand All @@ -44,7 +44,7 @@ benchmark "cis_controls_v8_ig1_11_3" {
}

benchmark "cis_controls_v8_ig1_11_4" {
title = "11.4 - Establish and Maintain an Isolated Instance of Recovery Data"
title = "11.4 Establish and Maintain an Isolated Instance of Recovery Data"
description = "Establish and maintain an isolated instance of recovery data. Example implementations include, version controlling backup destinations through offline, cloud, or off-site systems or services."
children = [
control.dynamodb_table_in_backup_plan,
Expand Down
2 changes: 1 addition & 1 deletion cis_controls_v8_ig1/cis_controls_v8_ig1_12.sp
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ benchmark "cis_controls_v8_ig1_12" {
}

benchmark "cis_controls_v8_ig1_12_1" {
title = "12.1 - Ensure Network Infrastructure is Up-to-Date"
title = "12.1 Ensure Network Infrastructure is Up-to-Date"
description = "Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support."
children = [
control.ec2_instance_ssm_managed,
Expand Down
6 changes: 3 additions & 3 deletions cis_controls_v8_ig1/cis_controls_v8_ig1_13.sp
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ benchmark "cis_controls_v8_ig1_13" {
}

benchmark "cis_controls_v8_ig1_13_1" {
title = "13.1 - Perform Application Layer Filtering"
title = "13.1 Perform Application Layer Filtering"
children = [
control.apigateway_stage_use_waf_web_acl,
control.guardduty_enabled,
Expand All @@ -22,7 +22,7 @@ benchmark "cis_controls_v8_ig1_13_1" {
}

benchmark "cis_controls_v8_ig1_13_3" {
title = "13.3 - Ensure Network Infrastructure is Up-to-Date"
title = "13.3 Ensure Network Infrastructure is Up-to-Date"
children = [
control.guardduty_enabled
]
Expand All @@ -31,7 +31,7 @@ benchmark "cis_controls_v8_ig1_13_3" {
}

benchmark "cis_controls_v8_ig1_13_6" {
title = "13.6 - Collect Network Traffic Flow Logs"
title = "13.6 Collect Network Traffic Flow Logs"
children = [
control.vpc_flow_logs_enabled,
control.wafv2_web_acl_logging_enabled
Expand Down
4 changes: 2 additions & 2 deletions cis_controls_v8_ig1/cis_controls_v8_ig1_16.sp
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_16" {
}

benchmark "cis_controls_v8_ig1_16_1" {
title = "16.1 - Establish and Maintain a Secure Application Development Process"
title = "16.1 Establish and Maintain a Secure Application Development Process"
description = "Deploy and maintain anti-malware software on all enterprise assets."
children = [
control.codebuild_project_artifact_encryption_enabled,
Expand All @@ -24,7 +24,7 @@ benchmark "cis_controls_v8_ig1_16_1" {
}

benchmark "cis_controls_v8_ig1_16_12" {
title = "16.12 - Implement Code-Level Security Checks"
title = "16.12 Implement Code-Level Security Checks"
children = [
control.codebuild_project_artifact_encryption_enabled,
control.codebuild_project_environment_privileged_mode_disabled,
Expand Down
4 changes: 2 additions & 2 deletions cis_controls_v8_ig1/cis_controls_v8_ig1_3.sp
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_3" {
}

benchmark "cis_controls_v8_ig1_3_3" {
title = "3.3 - Configure Data Access Control Lists"
title = "3.3 Configure Data Access Control Lists"
description = "Configure data access control lists based on a user’s need to know. Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications."
children = [
control.autoscaling_launch_config_public_ip_disabled,
Expand Down Expand Up @@ -53,7 +53,7 @@ benchmark "cis_controls_v8_ig1_3_3" {
}

benchmark "cis_controls_v8_ig1_3_4" {
title = "3.4 - Enforce Data Retention"
title = "3.4 Enforce Data Retention"
description = "Retain data according to the enterprise’s data management process. Data retention must include both minimum and maximum timelines."
children = [
control.cloudwatch_log_group_retention_period_365
Expand Down
6 changes: 3 additions & 3 deletions cis_controls_v8_ig1/cis_controls_v8_ig1_4.sp
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ benchmark "cis_controls_v8_ig1_4" {
}

benchmark "cis_controls_v8_ig1_4_1" {
title = "4.1 - Establish and Maintain a Secure Configuration Process"
title = "4.1 Establish and Maintain a Secure Configuration Process"
description = "Establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile, non-computing/IoT devices, and servers) and software (operating systems and applications). Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard."
children = [
control.account_part_of_organizations,
Expand All @@ -26,7 +26,7 @@ benchmark "cis_controls_v8_ig1_4_1" {
}

benchmark "cis_controls_v8_ig1_4_6" {
title = "4.6 - Securely Manage Enterprise Assets and Software"
title = "4.6 Securely Manage Enterprise Assets and Software"
description = "Securely manage enterprise assets and software. Example implementations include managing configuration through version-controlled-infrastructure-as-code and accessing administrative interfaces over secure network protocols, such as Secure Shell (SSH) and Hypertext Transfer Protocol Secure (HTTPS). Do not use insecure management protocols, such as Telnet (Teletype Network) and HTTP, unless operationally essential."
children = [
control.account_part_of_organizations,
Expand Down Expand Up @@ -65,7 +65,7 @@ benchmark "cis_controls_v8_ig1_4_6" {
}

benchmark "cis_controls_v8_ig1_4_7" {
title = "4.7 - Manage Default Accounts on Enterprise Assets and Software"
title = "4.7 Manage Default Accounts on Enterprise Assets and Software"
description = "Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable."
children = [
control.iam_root_user_mfa_enabled,
Expand Down
6 changes: 3 additions & 3 deletions cis_controls_v8_ig1/cis_controls_v8_ig1_5.sp
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ benchmark "cis_controls_v8_ig1_5" {
}

benchmark "cis_controls_v8_ig1_5_2" {
title = "5.2 - Use Unique Passwords"
title = "5.2 Use Unique Passwords"
description = "Use unique passwords for all enterprise assets. Best practice implementation includes, at a minimum, an 8-character password for accounts using MFA and a 14-character password for accounts not using MFA."
children = [
control.iam_account_password_policy_min_length_14,
Expand All @@ -24,7 +24,7 @@ benchmark "cis_controls_v8_ig1_5_2" {
}

benchmark "cis_controls_v8_ig1_5_3" {
title = "5.3 - Disable Dormant Accounts"
title = "5.3 Disable Dormant Accounts"
description = "Delete or disable any dormant accounts after a period of 45 days of inactivity, where supported."
children = [
control.iam_user_unused_credentials_90
Expand All @@ -34,7 +34,7 @@ benchmark "cis_controls_v8_ig1_5_3" {
}

benchmark "cis_controls_v8_ig1_5_4" {
title = "5.4 - Restrict Administrator Privileges to Dedicated Administrator Accounts"
title = "5.4 Restrict Administrator Privileges to Dedicated Administrator Accounts"
description = "Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user's primary, non-privileged account."
children = [
control.iam_policy_no_star_star,
Expand Down
2 changes: 1 addition & 1 deletion cis_controls_v8_ig1/cis_controls_v8_ig1_6.sp
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ benchmark "cis_controls_v8_ig1_6" {
}

benchmark "cis_controls_v8_ig1_6_5" {
title = "6.5 - Require MFA for Administrative Access"
title = "6.5 Require MFA for Administrative Access"
description = "Require MFA for all administrative access accounts, where supported, on all enterprise assets, whether managed on-site or through a third-party provider."
children = [
control.iam_root_user_mfa_enabled,
Expand Down
4 changes: 2 additions & 2 deletions cis_controls_v8_ig1/cis_controls_v8_ig1_7.sp
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_7" {
}

benchmark "cis_controls_v8_ig1_7_1" {
title = "7.1 - Establish and Maintain a Vulnerability Management Process"
title = "7.1 Establish and Maintain a Vulnerability Management Process"
description = "Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard."
children = [
control.guardduty_enabled,
Expand All @@ -22,7 +22,7 @@ benchmark "cis_controls_v8_ig1_7_1" {
}

benchmark "cis_controls_v8_ig1_7_3" {
title = "7.3 - Perform Automated Operating System Patch Management"
title = "7.3 Perform Automated Operating System Patch Management"
description = "Perform operating system updates on enterprise assets through automated patch management on a monthly, or more frequent, basis."
children = [
control.redshift_cluster_maintenance_settings_check,
Expand Down
4 changes: 2 additions & 2 deletions cis_controls_v8_ig1/cis_controls_v8_ig1_8.sp
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ benchmark "cis_controls_v8_ig1_8" {
}

benchmark "cis_controls_v8_ig1_8_1" {
title = "8.1 - Establish and Maintain an Audit Log Management Process"
title = "8.1 Establish and Maintain an Audit Log Management Process"
description = "Establish and maintain an audit log management process that defines the enterprise’s logging requirements. At a minimum, address the collection, review, and retention of audit logs for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard."
children = [
control.cloudwatch_log_group_retention_period_365
Expand All @@ -20,7 +20,7 @@ benchmark "cis_controls_v8_ig1_8_1" {
}

benchmark "cis_controls_v8_ig1_8_2" {
title = "8.2 - Collect Audit Logs"
title = "8.2 Collect Audit Logs"
description = "Collect audit logs. Ensure that logging, per the enterprise’s audit log management process, has been enabled across enterprise assets."
children = [
control.apigateway_stage_logging_enabled,
Expand Down