iCompaas Support
Welcome
Login
Sign up
Home
Solutions
How can we help you today?
Enter your search term here...
Search
New support ticket
Check ticket status
+17103337010
Knowledge base
General
IAM policy
5
How to add additional aws accounts to your plan ?
How do i check my existing subscription plan ?
How does good Cybersecurity operate?
What are the costs of a Cybersecurity attack?
EC2 Approved AMIs Check (by AMI Tag)
Policy Updates
137
Ensure any of the Elastic or Public IP are in Shodan
Ensure Amazon Sage Maker Notebook instances have root access disabled
Ensure Amazon SageMaker Notebook instances have VPC settings configured
Ensure Amazon SageMaker Models have network isolation enabled
Ensure Amazon SageMaker Models have VPC settings configured
View all 137
Azure_compliance/control/check
100
Ensure Trusted Locations Are Defined In Conditional Access Policies
Ensure that an exclusionary Geographic Access Policy is considered
Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
Ensure that A Multi-factor Authentication Policy Exists for All Users
Ensure Multi-factor Authentication is Required for Risky Sign-ins
View all 100
Process Documents
5
CloudFlare Vs AWS Route 53
Google Workspace Integration with iCompaas
Cloudflare Implementation & Security Guide
Steps to Update Default Region in AWS
Retrieving Snapshots and Deploying AWS Stack with CISOBot
Security Controls
IAM Policies
42
Ensure there are no EC2 AMIs set as Public
Ensure users of groups with AdministratorAccess policy have MFA tokens enabled
Ensure there are no EBS Snapshots set as Public
Ensure there are no S3 buckets open to the Everyone or Any AWS user
Ensure there are no Security Groups without ingress filtering being used
View all 42
AWS Services
131
Ensure there are no ECR repositories set as Public
Ensure there are no Public Accessible RDS instances
Ensure there are no internet facing Elastic Load Balancers
Ensure there are no internet facing EC2 Instances
Ensure Redshift Cluster is not publicly accessible
View all 131
VPC Policies
20
Ensure Security Groups do not allow unrestricted ingress access to any port
Ensure Security Groups do not allow unrestricted ingress access to Oracle Ports 1521 or 2483
Ensure Security Groups do not allow unrestricted ingress access to MySQL port 3306
Ensure Security Groups do not allow unrestricted ingress access to Postgres port 5432
Ensure Security Groups do not allow unrestricted ingress access to Redis port 6379
View all 20
Automation Policies
18
Ensure Lambda Dead Letter Queue(DLQ) is enabled
Ensure Lambda Concurrency Limit is Configured
Ensure CloudFormation Stack Drift Detection Check
Ensure EC2 Instances Managed by Systems Manager (SSM)
Ensure Elastic Beanstalk Enhanced Health Reporting Enabled
View all 18
Amazon Lightsail
8
Ensure LightSail Disk have Automatic Backup Enabled
Ensure Lightsail IPv4 Firewall will not allow traffic from any port
Ensure Alarm exist for CPU Utilization for Lightsail instances
Ensure Amazon LightSail Bucket is not publicly accessible
Ensure alarm exist for Lightsail bucket storage
View all 8
AWS CIS Benchmark Level 1
CIS Control 1
1
Ensure a support role has been created to manage incidents with AWS Support
CIS Control 1.4
1
Ensure AWS Config is enabled in all regions
CIS Control 4
1
Ensure IAM policies that allow full "*:*" administrative privileges are not created
CIS Control 4.3
2
Ensure root account user is not used
Ensure no root account access key exists
CIS Control 4.4
1
Ensure IAM password policy prevents password reuse
CIS Control 4.5
2
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
Ensure MFA is enabled for the "root" account
CIS Control 4.9
1
Ensure a log metric filter and alarm exist for usage of "root" account
CIS Control 5.5
1
Ensure a log metric filter and alarm exist for VPC changes
CIS Control 6
1
Ensure a log metric filter and alarm exist for CloudTrail configuration changes
CIS Control 6.2
6
Ensure CloudTrail is enabled in all regions
Ensure CloudTrail trails are integrated with CloudWatch Logs
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
Ensure a log metric filter and alarm exist for S3 bucket policy changes
Ensure a log metric filter and alarm exist for changes to network gateways
View all 6
CIS Control 6.3
1
Maintain current contact details
CIS Control 6.5
1
Ensure a log metric filter and alarm exist for unauthorized API calls
CIS Control 6.7
0
CIS Control 9.2
2
Ensure no security groups allow ingress from all IPs(0.0.0.0/0) to SSH (Port 22)
Ensure no security groups allow ingress from all IPs to RDP Port(3389)
CIS Control 11.3
0
CIS Control 14
0
CIS Control 14.6
1
Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
CIS Control 14.9
0
CIS Control 16
11
Ensure IAM password policy requires at least one uppercase letter
Ensure IAM password policy require at least one lowercase letter
Ensure IAM password policy require at least one symbol
Ensure IAM password policy require at least one number
Ensure IAM password policy requires minimum length of 14 or greater
View all 11
CIS Control 16.9
2
Ensure credentials unused for 90 days or greater are disabled
Ensure access keys are rotated every 90 days or less
CIS Control 19
2
Ensure security contact information is registered
Ensure a log metric filter and alarm exist for AWS Management Console Authentication failures
AWS CIS Benchmark Level 2
CIS Control 1.4
1
Ensure a log metric filter and alarm exist for AWS Config configuration changes
CIS Control 4.5
1
Ensure hardware MFA is enabled for the "root" account
CIS Control 4.8
1
Ensure a log metric filter and alarm exist for security group changes
CIS Control 6
3
Ensure CloudTrail log file validation is enabled
Ensure CloudTrail logs are encrypted at rest using KMS CMKs
Ensure rotation for customer created CMKs is enabled
CIS Control 6.2
1
Ensure VPC flow logging is enabled in all VPCs
CIS Control 11.3
1
Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)
CIS Control 14.6
2
Ensure the default security group of every VPC restricts all traffic
Ensure routing tables for VPC peering are "least access"
CIS Control 16
1
Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
CIS Control 19
1
Ensure IAM instance roles are used for AWS resource access from instances
Azure CIS Benchmark Level 1 & Level 2
1. Identity and Access Management
22
Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
Ensure Guest Users Are Reviewed on a Regular Basis
1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled
1.5 Ensure that 'Number of methods required to reset' is set to '2'
View all 22
2. Security Center
15
Ensure That Microsoft Defender for Servers Is Set to 'On'
Ensure That Microsoft Defender for App Services Is Set To 'On'
2.3 Ensure that Azure Defender is set to On for Azure SQL database servers
Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' .
Ensure That Microsoft Defender for Storage Is Set To 'On'
View all 15
3. Storage Accounts
9
3.1 Ensure that 'Secure transfer required' is set to 'Enabled'
3.2 Ensure that storage account access keys are periodically regenerated
Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests (Automated)
3.4 Ensure that shared access signature tokens expire within an hour
Ensure that 'Public access level' is disabled for storage accounts with blob containers (Automated).
View all 9
4. Database Services
10
4.1.1 Ensure that 'Auditing' is set to 'On'
Ensure that 'Data encryption' is set to 'On' on a SQL Database
Ensure that 'Auditing' Retention is 'greater than 90 days'
Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled'
Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
View all 10
5. Logging and Monitoring
8
5.1.1 Ensure that a 'Diagnostics Setting' exists for exporting activity logs
Ensure Diagnostic Setting captures appropriate categories from the control/management plane
5.1.3 Ensure the storage container storing the activity logs is not publicly accessible
Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment
View all 8
6. Networking
0
7. Virtual Machines
0
8. Other Security Considerations
0
9. AppService
2
9.9 Ensure that 'HTTP Version' is the latest, if used to run the web app
9.10 Ensure FTP deployments are disabled
HIPAA Readiness
CIS Control 4.5
2
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
Ensure MFA is enabled for the "root" account
CIS Control 6.2
3
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
Ensure VPC flow logging is enabled in all VPCs
Ensure a log metric filter and alarm exist for S3 bucket policy changes
CIS Control 6
1
Ensure CloudTrail logs are encrypted at rest using KMS CMKs
CIS Control 14.6
1
Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
AWS - HIPAA
10
Check if S3 buckets have server access logging enabled
Enable S3 buckets have Object-level logging enabled in CloudTrail
Ensure there are no EBS Snapshots set as Public
Ensure there are no Security Groups not being used
Ensure Elastic Load Balancers have logging enabled
View all 10
Controls
1
HIPAA 164.312(e)(2)(ii) - Encryption
Privacy Rule
1
HIPAA 164.310(d)(2)(iii) - Accountability
Security Rule
27
HIPAA 164.308(a)(3)(i) - Workforce security
HIPAA 164.310(d)(2)(i) - Disposal
HIPPA 164.310(d)(2)(iv) - Data backup and storage
HIPAA 164.308(a)(3)(ii)(C) - Termination procedures
HIPAA 164.308(a)(3)(ii)(B) - Workforce clearance procedure
View all 27
Patient Rights
9
164.312(a)(2)(ii) - Emergency access procedure
164.310(d)(2)(ii) Media re-use
164.310(c) - Workstation security
164.310(b) Workstation use
163.310(a)(2)(iv) - Maintenance records
View all 9
Business Associate Agreements
1
164.308(a)(7)(ii)(D) - Testing and revision procedures
Enforcement Rule
11
164.312(a)(1) - Access control
164.312(a)(2)(iv) - Encryption and decryption
164.312(e)(1) - Transmission security
164.312(e)(2)(i) - Integrity controls
164.312(e)(2)(ii) - Encryption
View all 11
Breach Notification Rule
3
164.308(a)(1)(ii)(C)- Sanction policy
164.308(a)(7)(ii)(C)- Emergency mode operation plan
164.308(a)(7)(ii)(E)- Applications and data criticality analysis
Orders and refunds
Your order
0
Coupons
Coupons
0
Information collected
Privacy policy
0
Opt-out policy
0
InfoSec
5
Security Headers Remediation - Content Security Policy
Why do we need to use Proxy
WAF Recommendation - Cloudflare
Security Header Remediation: X Frame Options
Security Header Remediation: Referrer-Policy
Getting started with us
Your account
2
Integrating Azure to iCompaas
Deleting iCompaas_Stack from AWS Account
SOC2 Readiness
SOC2 Controls
12
Ensure S3 buckets have custom backup schedule configured
Ensure EFS storage have backup schedule configured
Ensure FSx Lustre has backup schedule configured
Ensure FSx for Windows File System has backup schedule configured
Ensure the RDS storage has retention enabled
View all 12
Cost Saving Recommendations
Cost Savings
9
Cloud Resource Instance Upgrade
Right Sizing Resource
Deleting Orphan EBS Volumes - Instance Storage
Database Upgrade - Consider upgrading instance class from db.r4 to db.r5
Cache Upgrade - Consider upgrading ElastiCache instance class from cache.r4 to cache.r5
View all 9
Best Practices
3
S3 Lifecycle Management
Ensure S3 Bucket Replication Enabled
Ensure S3 Bucket Inventory Configuration enabled
taxonomy
CyberSecurity-Topics
97
Static Code Scanning
Network firewalls
Encryption
Data Classification
Access Control
View all 97
Data Breach Notification
States
0
NIST
800-171
110
NIST 800-171 3.1.1 Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
NIST 800-171 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute.
NIST 800-171 3.1.3 Control the flow of CUI in accordance with approved authorizations.
NIST 800-171 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion.
NIST 800-171 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts.
View all 110
800-53
0
800-172
0
CMMC
2.0
96
CMMC 2.0 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems)
CMMC 2.0 AC.1.002 Limit system access to the types of transactions and functions that authorized users are permitted to execute.
CMMC 2.0 AC.1.003 Verify and control/limit connections to and use of external information systems.
CMMC 2.0 AC.1.004 Control Public Information Control information posted or processed on publicly accessible information systems.
CMMC 2.0 AC.2.016 Control CUI Flow Control the flow of CUI in accordance with approved authorizations.
View all 96
GCP Benchmarks
GCP Knowledge Bases
84
1.1 Ensure Corporate Login Credentials Are Used (Manual)
1.2 Ensure Multi-Factor Authentication is Enabled for All Non-Service Accounts (Manual)
1.3 Ensure Security Key Enforcement is Enabled for All Admin Accounts (Manual)
1.4 Ensure Only GCP-Managed Service Account Keys Are Used for Each Service Account (Automated)
1.5 Ensure Service Accounts Do Not Have Admin Privileges (Automated)
View all 84
AWS CIS V.4 Level 1 Benchmarks
CIS Control 5
8
5.1.1 Ensure EBS Volume Encryption is Enabled in All Regions (Automated)
5.1.2 Ensure CIFS Access is Restricted to Trusted Networks to Prevent Unauthorized Access (Manual)
5.2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Remote Server Administration Ports (Automated)
5.3 Ensure No Security Groups Allow Ingress from 0.0.0.0/0 to Remote Server Administration Ports (Automated)
5.4 Ensure No Security Groups Allow Ingress from ::/0 to Remote Server Administration Ports (Automated)
View all 8
CIS Control 2
9
2.2.4 Ensure Multi-AZ deployments are used for enhanced availability in Amazon RDS
2.2.3 Ensure that RDS instances are not publicly accessible
2.2.2 Ensure the Auto Minor Version Upgrade feature is enabled for RDS instances
2.2.1 Ensure that encryption-at-rest is enabled for RDS instances
2.1.4 Ensure that S3 is configured with 'Block Public Access' enabled
View all 9
CIS Control 1
22
1.22 Restrict Access to AWSCloudShellFullAccess (Manual)
1.1 Maintain Current Contact Details (Manual)
1.21 Ensure IAM Users Are Managed Centrally via Identity Federation or AWS Organizations in Multi-Account Environments (Manual)
1.11 Do Not Create Access Keys During Initial Setup for IAM Users with a Console Password (Manual)
1.2 Ensure Security Contact Information is Registered (Manual)
View all 22
CIS Control 4
16
4.16 Ensure AWS Security Hub is Enabled (Automated)
4.15 Ensure AWS Organizations Changes are Monitored (Manual)
4.14 Ensure VPC Changes are Monitored (Manual)
4.13 Ensure Route Table Changes are Monitored (Manual)
4.12 Ensure Changes to Network Gateways are Monitored (Manual)
View all 16
CIS Control 3
8
3.2 Ensure CloudTrail Log File Validation is Enabled (Automated)
3.3 Ensure AWS Config is Enabled in All Regions (Automated)
3.4 Ensure Server Access Logging is Enabled on the CloudTrail S3 Bucket (Automated)
3.5 Ensure CloudTrail Logs Are Encrypted at Rest Using KMS CMKs (Automated)
3.6 Ensure Rotation for Customer-Created Symmetric CMKs Is Enabled (Automated)
View all 8
AWS Checks New Version
AWS New Checks
406
GuardDuty EKS Runtime Monitoring should be enabled
EFS Access Points Should Enforce a User Identity
Check if GuardDuty Lambda Protection is enabled
GuardDuty EKS Audit Log Monitoring Enabled
EFS Should Not Have Policies Allowing Unrestricted Access Within VPC
View all 406
Help Desk Software
by Freshdesk