iCompaas Support

FAQ 2

• How to add additional aws accounts to your plan ?
• How do i check my existing subscription plan ?

IAM Policies 34

• Ensure there are no EC2 AMIs set as Public
• Ensure users of groups with AdministratorAccess policy have MFA tokens enabled
• Ensure there are no EBS Snapshots set as Public
• Ensure there are no S3 buckets open to the Everyone or Any AWS user
• Ensure there are no Security Groups without ingress filtering being used

See all 34 articles

AWS Services 27

• Ensure there are no ECR repositories set as Public
• Ensure there are no Public Accessible RDS instances
• Ensure there are no internet facing Elastic Load Balancers
• Ensure there are no internet facing EC2 Instances
• Ensure Redshift Cluster is not publicly accessible

See all 27 articles

VPC Policies 8

• Ensure Security Groups do not allow unrestricted ingress access to any port
• Ensure Security Groups do not allow unrestricted ingress access to Oracle ports 1521 or 2483
• Ensure Security Groups do not allow unrestricted ingress access to MySQL port 3306
• Ensure Security Groups do not allow unrestricted ingress access to Postgres port 5432
• Ensure Security Groups do not allow unrestricted ingress access to Redis port 6379

See all 8 articles

CIS Control 1 1

• Ensure a support role has been created to manage incidents with AWS Support

CIS Control 1.4 1

• Ensure AWS Config is enabled in all regions

CIS Control 4 1

• Ensure IAM policies that allow full "*:*" administrative privileges are not created

CIS Control 4.3 2

• Avoid the use of the "root" account
• Ensure no root account access key exists

CIS Control 4.4 1

• Ensure IAM password policy prevents password reuse

CIS Control 4.5 2

• Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
• Ensure MFA is enabled for the "root" account

CIS Control 4.9 1

• Ensure a log metric filter and alarm exist for usage of "root" account

CIS Control 5.5 1

• Ensure a log metric filter and alarm exist for VPC changes

CIS Control 6 1

• Ensure a log metric filter and alarm exist for CloudTrail configuration changes

CIS Control 6.2 6

• Ensure CloudTrail is enabled in all regions
• Ensure CloudTrail trails are integrated with CloudWatch Logs
• Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
• Ensure a log metric filter and alarm exist for S3 bucket policy changes
• Ensure a log metric filter and alarm exist for changes to network gateways

See all 6 articles

CIS Control 6.3 1

• Maintain current contact details

CIS Control 6.5 1

• Ensure a log metric filter and alarm exist for unauthorized API calls

CIS Control 6.7 0

CIS Control 9.2 2

• Ensure no security groups allow ingress from 0.0.0.0/0 to port 22
• Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389

CIS Control 11.3 0

CIS Control 14 0

CIS Control 14.6 1

• Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible

CIS Control 14.9 0

CIS Control 16 11

• Ensure IAM password policy requires at least one uppercase letter
• Ensure IAM password policy require at least one lowercase letter
• Ensure IAM password policy require at least one symbol
• Ensure IAM password policy require at least one number
• Ensure IAM password policy requires minimum length of 14 or greater

See all 11 articles

CIS Control 16.9 2

• Ensure credentials unused for 90 days or greater are disabled
• Ensure access keys are rotated every 90 days or less

CIS Control 19 2

• Ensure security contact information is registered
• Ensure a log metric filter and alarm exist for AWS Management Console authentication failures

CIS Control 1.4 1

• Ensure a log metric filter and alarm exist for AWS Config configuration changes

CIS Control 4.5 1

• Ensure hardware MFA is enabled for the "root" account

CIS Control 4.8 1

• Ensure a log metric filter and alarm exist for security group changes

CIS Control 6 3

• Ensure CloudTrail log file validation is enabled
• Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• Ensure rotation for customer created CMKs is enabled

CIS Control 6.2 1

• Ensure VPC flow logging is enabled in all VPCs

CIS Control 11.3 1

• Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)

CIS Control 14.6 2

• Ensure the default security group of every VPC restricts all traffic
• Ensure routing tables for VPC peering are "least access"

CIS Control 16 1

• Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs

CIS Control 19 1

• Ensure IAM instance roles are used for AWS resource access from instances

AWS - HIPAA 10

• Check if S3 buckets have server access logging enabled
• Enable S3 buckets have Object-level logging enabled in CloudTrail
• Ensure there are no EBS Snapshots set as Public
• Ensure there are no Security Groups not being used
• Ensure Elastic Load Balancers have logging enabled

See all 10 articles

CIS Control 4.5 2

• Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
• Ensure MFA is enabled for the "root" account

CIS Control 6.2 3

• Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
• Ensure VPC flow logging is enabled in all VPCs
• Ensure a log metric filter and alarm exist for S3 bucket policy changes

CIS Control 6 1

• Ensure CloudTrail logs are encrypted at rest using KMS CMKs

CIS Control 14.6 1

• Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible

Your order 0

Coupons 0

Privacy policy 0

Opt-out policy 0

Your account 0