iCompaas Support
Welcome
Login
Sign up
Home
Solutions
How can we help you today?
Enter your search term here...
Search
New support ticket
Check ticket status
Knowledge base
General
FAQ
4
How to add additional aws accounts to your plan ?
How do i check my existing subscription plan ?
How does good Cybersecurity operate?
What are the costs of a Cybersecurity attack?
Security Controls
IAM Policies
40
Ensure there are no EC2 AMIs set as Public
Ensure users of groups with AdministratorAccess policy have MFA tokens enabled
Ensure there are no EBS Snapshots set as Public
Ensure there are no S3 buckets open to the Everyone or Any AWS user
Ensure there are no Security Groups without ingress filtering being used
View all 40
AWS Services
106
Ensure there are no ECR repositories set as Public
Ensure there are no Public Accessible RDS instances
Ensure there are no internet facing Elastic Load Balancers
Ensure there are no internet facing EC2 Instances
Ensure Redshift Cluster is not publicly accessible
View all 106
VPC Policies
18
Ensure Security Groups do not allow unrestricted ingress access to any port
Ensure Security Groups do not allow unrestricted ingress access to Oracle Ports 1521 or 2483
Ensure Security Groups do not allow unrestricted ingress access to MySQL port 3306
Ensure Security Groups do not allow unrestricted ingress access to Postgres port 5432
Ensure Security Groups do not allow unrestricted ingress access to Redis port 6379
View all 18
Automation Policies
18
Ensure Lambda Dead Letter Queue(DLQ) is enabled
Ensure Lambda Concurrency Limit is Configured
Ensure CloudFormation Stack Drift Detection Check
Ensure EC2 Instances Managed by Systems Manager (SSM)
Ensure Elastic Beanstalk Enhanced Health Reporting Enabled
View all 18
Amazon Lightsail
8
Ensure Amazon LightSail Instance Automatic Backup is Enabled
Ensure Lightsail Instances should not allow traffic from any IP
Ensure Alarm exist for CPU Utilization for Lightsail instances
Ensure Amazon LightSail Bucket is not publicly accessible
Ensure alarm exist for Lightsail bucket storage
View all 8
AWS CIS Benchmark Level 1
CIS Control 1
1
Ensure a support role has been created to manage incidents with AWS Support
CIS Control 1.4
1
Ensure AWS Config is enabled in all regions
CIS Control 4
1
Ensure IAM policies that allow full "*:*" administrative privileges are not created
CIS Control 4.3
2
Ensure root account user is not used
Ensure no root account access key exists
CIS Control 4.4
1
Ensure IAM password policy prevents password reuse
CIS Control 4.5
2
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
Ensure MFA is enabled for the "root" account
CIS Control 4.9
1
Ensure a log metric filter and alarm exist for usage of "root" account
CIS Control 5.5
1
Ensure a log metric filter and alarm exist for VPC changes
CIS Control 6
1
Ensure a log metric filter and alarm exist for CloudTrail configuration changes
CIS Control 6.2
6
Ensure CloudTrail is enabled in all regions
Ensure CloudTrail trails are integrated with CloudWatch Logs
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
Ensure a log metric filter and alarm exist for S3 bucket policy changes
Ensure a log metric filter and alarm exist for changes to network gateways
View all 6
CIS Control 6.3
1
Maintain current contact details
CIS Control 6.5
1
Ensure a log metric filter and alarm exist for unauthorized API calls
CIS Control 6.7
0
CIS Control 9.2
2
Ensure no security groups allow ingress from all IPs(0.0.0.0/0) to SSH (Port 22)
Ensure no security groups allow ingress from all IPs to RDP Port(3389)
CIS Control 11.3
0
CIS Control 14
0
CIS Control 14.6
1
Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
CIS Control 14.9
0
CIS Control 16
11
Ensure IAM password policy requires at least one uppercase letter
Ensure IAM password policy require at least one lowercase letter
Ensure IAM password policy require at least one symbol
Ensure IAM password policy require at least one number
Ensure IAM password policy requires minimum length of 14 or greater
View all 11
CIS Control 16.9
2
Ensure credentials unused for 90 days or greater are disabled
Ensure access keys are rotated every 90 days or less
CIS Control 19
2
Ensure security contact information is registered
Ensure a log metric filter and alarm exist for AWS Management Console Authentication failures
AWS CIS Benchmark Level 2
CIS Control 1.4
1
Ensure a log metric filter and alarm exist for AWS Config configuration changes
CIS Control 4.5
1
Ensure hardware MFA is enabled for the "root" account
CIS Control 4.8
1
Ensure a log metric filter and alarm exist for security group changes
CIS Control 6
3
Ensure CloudTrail log file validation is enabled
Ensure CloudTrail logs are encrypted at rest using KMS CMKs
Ensure rotation for customer created CMKs is enabled
CIS Control 6.2
1
Ensure VPC flow logging is enabled in all VPCs
CIS Control 11.3
1
Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)
CIS Control 14.6
2
Ensure the default security group of every VPC restricts all traffic
Ensure routing tables for VPC peering are "least access"
CIS Control 16
1
Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
CIS Control 19
1
Ensure IAM instance roles are used for AWS resource access from instances
Azure CIS Benchmark Level 1 & Level 2
1. Identity and Access Management
21
1.1 Ensure that multi-factor authentication is enabled for all privileged users
1.2 Ensure that multi-factor authentication is enabled for all non- privileged users
1.3 Ensure guest users are reviewed on a monthly basis
1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled
1.5 Ensure that 'Number of methods required to reset' is set to '2'
View all 21
2. Security Center
15
2.1 Ensure that Azure Defender is set to On for Servers
2.2 Ensure that Azure Defender is set to On for App Service
2.3 Ensure that Azure Defender is set to On for Azure SQL database servers
2.4 Ensure that Azure Defender is set to On for SQL servers on machines
2.5 Ensure that Azure Defender is set to On for Storage
View all 15
3. Storage Accounts
9
3.1 Ensure that 'Secure transfer required' is set to 'Enabled'
3.2 Ensure that storage account access keys are periodically regenerated
3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests
3.4 Ensure that shared access signature tokens expire within an hour
3.5 Ensure that 'Public access level' is set to Private for blob containers
View all 9
4. Database Services
9
4.1.1 Ensure that 'Auditing' is set to 'On'
Ensure that 'Data encryption' is set to 'On' on a SQL Database
Ensure that 'Auditing' Retention is 'greater than 90 days'
Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled'
Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
View all 9
5. Logging and Monitoring
4
5.1.1 Ensure that a 'Diagnostics Setting' exists
5.1.2 Ensure Diagnostic Setting captures appropriate categories
5.1.3 Ensure the storage container storing the activity logs is not publicly accessible
5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key)
6. Networking
0
7. Virtual Machines
0
8. Other Security Considerations
0
9. AppService
0
HIPAA Readiness
AWS - HIPAA
10
Check if S3 buckets have server access logging enabled
Enable S3 buckets have Object-level logging enabled in CloudTrail
Ensure there are no EBS Snapshots set as Public
Ensure there are no Security Groups not being used
Ensure Elastic Load Balancers have logging enabled
View all 10
CIS Control 4.5
2
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
Ensure MFA is enabled for the "root" account
CIS Control 6.2
3
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
Ensure VPC flow logging is enabled in all VPCs
Ensure a log metric filter and alarm exist for S3 bucket policy changes
CIS Control 6
1
Ensure CloudTrail logs are encrypted at rest using KMS CMKs
CIS Control 14.6
1
Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
Orders and refunds
Your order
0
Coupons
Coupons
0
Information collected
Privacy policy
0
Opt-out policy
0
Getting started with us
Your account
0
SOC2 Readiness
SOC2 Controls
11
Ensure S3 buckets have custom backup schedule configured
Ensure EFS storage have backup schedule configured
Ensure FSx Lustre has backup schedule configured
Ensure FSx for Windows File System has backup schedule configured
Ensure the RDS storage has retention enabled
View all 11
Cost Saving Recommendations
Cost Savings
9
Cloud Resource Instance Upgrade
Right Sizing Resource
Deleting Orphan EBS Volumes - Instance Storage
Database Upgrade - Consider upgrading instance class from db.r4 to db.r5
Cache Upgrade - Consider upgrading ElastiCache instance class from cache.r4 to cache.r5
View all 9
Best Practices
3
S3 Lifecycle Management
Ensure S3 Bucket Replication Enabled
Ensure S3 Bucket Inventory Configuration enabled
Help Desk Software
by Freshdesk Support Desk