From 7f7340c26ae5d5e8874651dbffeb12e0e9f505b6 Mon Sep 17 00:00:00 2001 From: ysdholak <140545342+ysdholak@users.noreply.github.com> Date: Fri, 22 Mar 2024 21:00:52 -0700 Subject: [PATCH] Update mappings to reflect latest ruleset (#272) --- mappings/cfn_nag_build.py | 117 -- mappings/rule_set_ABS_CCIGv2_Material.json | 44 +- mappings/rule_set_ABS_CCIGv2_Standard.json | 42 +- mappings/rule_set_FDA_21CFR_Part_11.json | 50 +- mappings/rule_set_acsc_essential_8.json | 39 +- mappings/rule_set_acsc_ism.json | 37 - mappings/rule_set_apra_cpg_234.json | 60 +- mappings/rule_set_bnm_rmit.json | 53 +- mappings/rule_set_cfn_nag.json | 12 + .../rule_set_cis_aws_benchmark_level_1.json | 12 - .../rule_set_cis_aws_benchmark_level_2.json | 12 - ...cis_critical_security_controls_v8_ig1.json | 14 - ...cis_critical_security_controls_v8_ig2.json | 45 +- ...cis_critical_security_controls_v8_ig3.json | 51 +- mappings/rule_set_cis_top_20.json | 33 - mappings/rule_set_cisa_ce.json | 65 +- mappings/rule_set_cmmc_level_1.json | 18 - mappings/rule_set_cmmc_level_2.json | 53 - mappings/rule_set_cmmc_level_3.json | 68 +- mappings/rule_set_cmmc_level_4.json | 70 +- mappings/rule_set_cmmc_level_5.json | 76 +- ...et_enisa_cybersecurity_guide_for_smes.json | 40 - mappings/rule_set_ens_high.json | 60 +- mappings/rule_set_ens_low.json | 55 +- mappings/rule_set_ens_medium.json | 60 +- mappings/rule_set_fedramp_low.json | 272 +---- mappings/rule_set_fedramp_moderate.json | 414 +------ mappings/rule_set_ffiec.json | 44 +- mappings/rule_set_hipaa_security.json | 68 +- mappings/rule_set_k_isms.json | 40 +- mappings/rule_set_mas_notice_655.json | 12 - mappings/rule_set_mas_trmg.json | 75 +- mappings/rule_set_nbc_trmg.json | 55 +- mappings/rule_set_ncsc.json | 50 +- mappings/rule_set_ncsc_cafv3.json | 45 +- mappings/rule_set_nerc.json | 18 - mappings/rule_set_nist800_53rev4.json | 329 +----- mappings/rule_set_nist800_53rev5.json | 1041 +---------------- mappings/rule_set_nist_1800_25.json | 44 +- mappings/rule_set_nist_800_171.json | 43 +- mappings/rule_set_nist_800_172.json | 19 - mappings/rule_set_nist_800_181.json | 63 +- mappings/rule_set_nist_csf.json | 54 +- mappings/rule_set_nist_privacy_framework.json | 42 +- mappings/rule_set_nzism.json | 27 - mappings/rule_set_pci_dss_3_2_1.json | 269 +---- mappings/rule_set_rbi_bcsf_ucb.json | 42 - mappings/rule_set_rbi_md_itf.json | 27 +- mappings/rule_set_us_nydfs.json | 41 +- mappings/rule_set_wa-Reliability-Pillar.json | 8 +- mappings/rule_set_wa-Security-Pillar.json | 57 - .../aws_dms/dms_replication_not_public.guard | 12 +- .../dms_replication_not_public_tests.yml | 43 +- 53 files changed, 117 insertions(+), 4323 deletions(-) delete mode 100755 mappings/cfn_nag_build.py diff --git a/mappings/cfn_nag_build.py b/mappings/cfn_nag_build.py deleted file mode 100755 index 5ecb73c..0000000 --- a/mappings/cfn_nag_build.py +++ /dev/null @@ -1,117 +0,0 @@ -#!/usr/bin/env python3 - -import argparse -import os -import json -import glob -import re -import urllib.request - -def download_resource_type_list(): - url = "https://cloudformation-schema.s3.us-west-2.amazonaws.com/resourcetypelist.json" - response = urllib.request.urlopen(url) - data = json.loads(response.read()) - return data - -def create_guard_rules_registry_all_rules(dirName, version): - aws_rules_directory = dirName + '/rules/aws/**/*.guard' - controls = ["all rules in AWS Guard Rules Registry"] - mappings = [] - resource_list = download_resource_type_list() - for build_file in glob.iglob(aws_rules_directory, recursive=True): - reports_on = [] - build_file_relative_path = os.path.relpath(build_file) - for resource in resource_list: - with open(build_file) as build_file_contents: - if re.search(resource, build_file_contents.read()) is not None: - reports_on.append(resource) - rule_json = { - "guardFilePath": build_file_relative_path, - "reportsOn": reports_on, - "controls": controls - } - mappings.append(rule_json) - all_rules_json = { - "owner": "AWS", - "ruleSetName": "guard-rules-registry-all-rules", - "version": version, - "description": "All AWS Guard Rules Registry in single rule set", - "contact": "aws-guard-rules-registry@amazon.com", - "mappings": mappings - } - with open('mappings/rule_set_guard_rules_registry_all_rules.json', 'w', encoding='utf-8') as outfile: - json.dump(all_rules_json, outfile, ensure_ascii=False, indent=2) - -def create_output_directory(): - path = "./docker/output/" - isExist = os.path.exists(path) - if not isExist: - os.makedirs(path) - - -def check_build_skip(guard_file): - skip = False - # if file does not exist in mapping we will skip it - file_exists = os.path.exists(guard_file) - if file_exists: - with open(guard_file) as f: - firstline = f.readline().rstrip() - if "## SKIP" in firstline: - skip = True - return skip - else: - skip = True - print("file not found: " + guard_file ) - return skip - -def build_custom_message(rule_set, control_list ): - message = '''\ -<< - Guard Rule Set: {ruleset} - Controls: {Control_List}\ - '''.format(ruleset=rule_set, Control_List=control_list ) - return message - -def build_rule_set(build_file, directory): - build_file_contents = open(build_file) - data = json.load(build_file_contents) - rule_set = data['ruleSetName'] - owner = data['owner'] - version = data['version'] - print(rule_set) - for rule in data['mappings']: - control_list = ",".join(rule['controls']) - guard_file = '../' + rule["guardFilePath"] - custom_message = build_custom_message(rule_set, control_list) - if check_build_skip(guard_file) is False: - inputfile = open(guard_file).read() - output_file_name = "../build/" + rule_set + ".guard" - outputfile = open(output_file_name, "a") - outputfile.write(re.sub('<<', custom_message, inputfile, flags=re.M)) - outputfile.write("\n") - outputfile.close() - # Closing file - build_file_contents.close() - -def main(directory, rulesets): - # create_guard_rules_registry_all_rules(directory, version) - create_output_directory() - # for build_file in glob.iglob(basedirectory, recursive=True): - for build_file in rulesets: - build_rule_set(build_file, directory) - -if __name__ == '__main__': - parser = argparse.ArgumentParser(description='Guard Rules Registry Build') - parser.add_argument("-d","--directory", required=False,default=os.getcwd(),help="Directory of the project rules") - # parser.add_argument("-r","--release", required=True,default="1.0.0",help="The release version for all rules file") - parser.add_argument("-s","--ruleset", required=False,help="The ruleset to build") - args = parser.parse_args() - directory = args.directory - # version = args.release - rulesets = [] - basedirectory = directory + '/mappings/rule_set_*.json' - if args.ruleset: - rulesets.append(args.ruleset) - else: - ruleset = glob.iglob(basedirectory, recursive=True) - main(directory, rulesets) diff --git a/mappings/rule_set_ABS_CCIGv2_Material.json b/mappings/rule_set_ABS_CCIGv2_Material.json index ce7b71f..d7b4a3c 100644 --- a/mappings/rule_set_ABS_CCIGv2_Material.json +++ b/mappings/rule_set_ABS_CCIGv2_Material.json @@ -326,7 +326,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "section4b-design-and-secure-the-cloud-3-material-workloads", "section4b-design-and-secure-the-cloud-3-standard-workloads" @@ -384,14 +384,6 @@ "section4b-design-and-secure-the-cloud-15-standard-workloads" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "section4b-design-and-secure-the-cloud-4-material-workloads", - "section4b-design-and-secure-the-cloud-4-standard-workloads", - "section4c-run-the-cloud-4-material-workloads" - ] - }, { "guardFilePath": "rules/aws/aws_kms/cmk_backing_key_rotation_enabled.guard", "controls": [ @@ -458,14 +450,6 @@ "section4b-design-and-secure-the-cloud-12-standard-workloads" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "section4b-design-and-secure-the-cloud-6-standard-workloads", - "section4b-design-and-secure-the-cloud-12-standard-workloads", - "section4b-design-and-secure-the-cloud-15-standard-workloads" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -507,14 +491,6 @@ "section4b-design-and-secure-the-cloud-15-standard-workloads" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "section4b-design-and-secure-the-cloud-6-standard-workloads", - "section4b-design-and-secure-the-cloud-12-standard-workloads", - "section4b-design-and-secure-the-cloud-15-standard-workloads" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -532,12 +508,6 @@ "section4c-run-the-cloud-3-standard-workloads" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "section4b-design-and-secure-the-cloud-6-standard-workloads" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ @@ -574,12 +544,6 @@ "section4b-design-and-secure-the-cloud-12-standard-workloads" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "section4b-design-and-secure-the-cloud-6-standard-workloads" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_default_encryption_kms.guard", "controls": [ @@ -587,12 +551,6 @@ "section4b-design-and-secure-the-cloud-15-standard-workloads" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "section4b-design-and-secure-the-cloud-6-standard-workloads" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ diff --git a/mappings/rule_set_ABS_CCIGv2_Standard.json b/mappings/rule_set_ABS_CCIGv2_Standard.json index e0fd9d3..bd91ac2 100644 --- a/mappings/rule_set_ABS_CCIGv2_Standard.json +++ b/mappings/rule_set_ABS_CCIGv2_Standard.json @@ -286,7 +286,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "section4b-design-and-secure-the-cloud-3-standard-workloads" ] @@ -312,12 +312,6 @@ "section4b-design-and-secure-the-cloud-15-standard-workloads" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "section4b-design-and-secure-the-cloud-4-standard-workloads" - ] - }, { "guardFilePath": "rules/aws/aws_certificate_manager/acm_certificate_expiration_check.guard", "controls": [ @@ -381,14 +375,6 @@ "section4b-design-and-secure-the-cloud-12-standard-workloads" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "section4b-design-and-secure-the-cloud-6-standard-workloads", - "section4b-design-and-secure-the-cloud-12-standard-workloads", - "section4b-design-and-secure-the-cloud-15-standard-workloads" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -430,14 +416,6 @@ "section4b-design-and-secure-the-cloud-15-standard-workloads" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "section4b-design-and-secure-the-cloud-6-standard-workloads", - "section4b-design-and-secure-the-cloud-12-standard-workloads", - "section4b-design-and-secure-the-cloud-15-standard-workloads" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -454,12 +432,6 @@ "section4c-run-the-cloud-3-standard-workloads" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "section4b-design-and-secure-the-cloud-6-standard-workloads" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ @@ -496,12 +468,6 @@ "section4b-design-and-secure-the-cloud-12-standard-workloads" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "section4b-design-and-secure-the-cloud-6-standard-workloads" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_default_encryption_kms.guard", "controls": [ @@ -509,12 +475,6 @@ "section4b-design-and-secure-the-cloud-15-standard-workloads" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "section4b-design-and-secure-the-cloud-6-standard-workloads" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ diff --git a/mappings/rule_set_FDA_21CFR_Part_11.json b/mappings/rule_set_FDA_21CFR_Part_11.json index 60e000d..73f5c0e 100644 --- a/mappings/rule_set_FDA_21CFR_Part_11.json +++ b/mappings/rule_set_FDA_21CFR_Part_11.json @@ -55,12 +55,6 @@ "11.10(a)" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "11.10(a)" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing/elb_cross_zone_load_balancing_enabled.guard", "controls": [ @@ -68,7 +62,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "11.10(a)" ] @@ -168,13 +162,6 @@ "11.10(k)" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "11.10(c)", - "11.3" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_configuration_check.guard", "controls": [ @@ -183,13 +170,6 @@ "11.3" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "11.10(c)", - "11.3" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -248,14 +228,6 @@ "11.300(b)" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "11.10(d)", - "11.10(g)", - "11.300(b)" - ] - }, { "guardFilePath": "rules/aws/aws_dms/dms_replication_not_public.guard", "controls": [ @@ -454,13 +426,6 @@ "11.3" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "11.10(g)", - "11.3" - ] - }, { "guardFilePath": "rules/aws/dynamodb/dynamodb_table_encrypted_kms.guard", "controls": [ @@ -474,13 +439,6 @@ "11.10(g)" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "11.10(g)", - "11.3" - ] - }, { "guardFilePath": "rules/aws/cloudwatch/cloudwatch_log_group_encrypted.guard", "controls": [ @@ -541,12 +499,6 @@ "11.3" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "11.3" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ diff --git a/mappings/rule_set_acsc_essential_8.json b/mappings/rule_set_acsc_essential_8.json index 93880e7..e78ec6e 100644 --- a/mappings/rule_set_acsc_essential_8.json +++ b/mappings/rule_set_acsc_essential_8.json @@ -124,12 +124,6 @@ "Application_control" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "Application_control" - ] - }, { "guardFilePath": "rules/aws/elastic_beanstalk/elastic_beanstalk_managed_updates_enabled.guard", "controls": [ @@ -162,13 +156,6 @@ "Mitigation_strategies_to_recover_data_and_system_availability" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "Regular_backups", - "Mitigation_strategies_to_recover_data_and_system_availability" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_replication_enabled.guard", "controls": [ @@ -269,12 +256,6 @@ "Mitigation_strategies_to_limit_the_extent_of_cyber_security_incidents" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "Mitigation_strategies_to_limit_the_extent_of_cyber_security_incidents" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -331,12 +312,6 @@ "Mitigation_strategies_to_recover_data_and_system_availability" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "Mitigation_strategies_to_limit_the_extent_of_cyber_security_incidents" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -350,12 +325,6 @@ "Mitigation_strategies_to_recover_data_and_system_availability" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "Mitigation_strategies_to_limit_the_extent_of_cyber_security_incidents" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_default_lock_enabled.guard", "controls": [ @@ -413,12 +382,6 @@ "Mitigation_strategies_to_recover_data_and_system_availability" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "Mitigation_strategies_to_limit_the_extent_of_cyber_security_incidents" - ] - }, { "guardFilePath": "rules/aws/opensearch_service/elasticsearch_logs_to_cloudwatch.guard", "controls": [ @@ -486,7 +449,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "Mitigation_strategies_to_recover_data_and_system_availability" ] diff --git a/mappings/rule_set_acsc_ism.json b/mappings/rule_set_acsc_ism.json index 28e8d55..16bb738 100644 --- a/mappings/rule_set_acsc_ism.json +++ b/mappings/rule_set_acsc_ism.json @@ -56,12 +56,6 @@ "459" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "459" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -86,12 +80,6 @@ "459" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "459" - ] - }, { "guardFilePath": "rules/aws/opensearch_service/elasticsearch_encrypted_at_rest.guard", "controls": [ @@ -140,12 +128,6 @@ "1240" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "1240" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_instance_public_access_check.guard", "controls": [ @@ -158,12 +140,6 @@ "1271" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "1277" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/restricted_ssh.guard", "controls": [ @@ -217,12 +193,6 @@ "P8" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "1425" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -261,13 +231,6 @@ "1511" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "1511", - "P9" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_versioning_enabled.guard", "controls": [ diff --git a/mappings/rule_set_apra_cpg_234.json b/mappings/rule_set_apra_cpg_234.json index b035731..19747d3 100644 --- a/mappings/rule_set_apra_cpg_234.json +++ b/mappings/rule_set_apra_cpg_234.json @@ -309,20 +309,6 @@ "AttachmentC_4" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "36e", - "AttachmentC_4" - ] - }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "36e", - "36f" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/alb_waf_enabled.guard", "controls": [ @@ -411,13 +397,7 @@ ] }, { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "36l" - ] - }, - { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "36l", "44b" @@ -571,42 +551,18 @@ "AttachmentE_1(a)(b)(d)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "52c", - "54", - "AttachmentE_1(a)(b)(d)" - ] - }, { "guardFilePath": "rules/aws/dynamodb/dynamodb_table_encrypted_kms.guard", "controls": [ "52c" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "52c", - "54", - "AttachmentE_1(a)(b)(d)" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_default_encryption_kms.guard", "controls": [ "52c" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "52c", - "54", - "AttachmentE_1(a)(b)(d)" - ] - }, { "guardFilePath": "rules/aws/aws_certificate_manager/acm_certificate_expiration_check.guard", "controls": [ @@ -628,13 +584,6 @@ "AttachmentE_1(a)(b)(d)" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "54", - "AttachmentE_1(a)(b)(d)" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -657,13 +606,6 @@ "AttachmentE_1(a)(b)(d)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "54", - "AttachmentE_1(a)(b)(d)" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ diff --git a/mappings/rule_set_bnm_rmit.json b/mappings/rule_set_bnm_rmit.json index 2a74785..3a2fb78 100644 --- a/mappings/rule_set_bnm_rmit.json +++ b/mappings/rule_set_bnm_rmit.json @@ -99,16 +99,6 @@ "10.66(d)" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "10.18", - "10.53", - "10.66(a)", - "Appendix 5.5(b)", - "Appendix 5.6" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ @@ -150,22 +140,6 @@ "10.66(a)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "10.18", - "10.53", - "10.66(a)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "10.18", - "10.53", - "10.66(a)" - ] - }, { "guardFilePath": "rules/aws/aws_kms/cmk_backing_key_rotation_enabled.guard", "controls": [ @@ -219,14 +193,6 @@ "10.66(a)" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "10.18", - "10.53", - "10.66(a)" - ] - }, { "guardFilePath": "rules/aws/secrets_manager/secretsmanager_using_cmk.guard", "controls": [ @@ -234,17 +200,6 @@ "10.66(a)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "10.18", - "10.36", - "10.53", - "10.66(a)", - "Appendix 5.5(b)", - "Appendix 5.6" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ @@ -327,7 +282,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "10.34", "10.36", @@ -598,12 +553,6 @@ "10.66(e)" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "10.66(e)" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_replication_enabled.guard", "controls": [ diff --git a/mappings/rule_set_cfn_nag.json b/mappings/rule_set_cfn_nag.json index ac3fc59..52a6de7 100644 --- a/mappings/rule_set_cfn_nag.json +++ b/mappings/rule_set_cfn_nag.json @@ -235,6 +235,12 @@ "F68" ] }, + { + "guardFilePath": "rules/aws/aws_kms/kms_no_wildcard_principal.guard", + "controls": [ + "F76" + ] + }, { "guardFilePath": "rules/aws/aws_cognito/cognito_user_pool_mfa_configuration_rule.guard", "controls": [ @@ -685,6 +691,12 @@ "W90" ] }, + { + "guardFilePath": "rules/aws/aws_dms/dms_replication_not_public.guard", + "controls": [ + "W91" + ] + }, { "guardFilePath": "rules/aws/lambda/lambda_concurrency_check.guard", "controls": [ diff --git a/mappings/rule_set_cis_aws_benchmark_level_1.json b/mappings/rule_set_cis_aws_benchmark_level_1.json index 5e26e14..6f56b0c 100644 --- a/mappings/rule_set_cis_aws_benchmark_level_1.json +++ b/mappings/rule_set_cis_aws_benchmark_level_1.json @@ -42,18 +42,6 @@ "2.2.1" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "2.2.1" - ] - }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "2.3.1" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ diff --git a/mappings/rule_set_cis_aws_benchmark_level_2.json b/mappings/rule_set_cis_aws_benchmark_level_2.json index 7258435..a7362e9 100644 --- a/mappings/rule_set_cis_aws_benchmark_level_2.json +++ b/mappings/rule_set_cis_aws_benchmark_level_2.json @@ -60,18 +60,6 @@ "2.2.1" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "2.2.1" - ] - }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "2.3.1" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ diff --git a/mappings/rule_set_cis_critical_security_controls_v8_ig1.json b/mappings/rule_set_cis_critical_security_controls_v8_ig1.json index 1e158f1..c162d1b 100644 --- a/mappings/rule_set_cis_critical_security_controls_v8_ig1.json +++ b/mappings/rule_set_cis_critical_security_controls_v8_ig1.json @@ -204,13 +204,6 @@ "4.6" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "4.6", - "11.3" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/encrypted_volumes.guard", "controls": [ @@ -308,13 +301,6 @@ "11.4" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "11.2", - "11.4" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/db_instance_backup_enabled.guard", "controls": [ diff --git a/mappings/rule_set_cis_critical_security_controls_v8_ig2.json b/mappings/rule_set_cis_critical_security_controls_v8_ig2.json index 563258a..baa5ac0 100644 --- a/mappings/rule_set_cis_critical_security_controls_v8_ig2.json +++ b/mappings/rule_set_cis_critical_security_controls_v8_ig2.json @@ -12,14 +12,6 @@ "7.3" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "3.1", - "12.3", - "12.6" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/alb_http_to_https_redirection_check.guard", "controls": [ @@ -53,14 +45,6 @@ "12.6" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "3.1", - "12.3", - "12.6" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ @@ -360,14 +344,6 @@ "11.3" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "3.11", - "4.6", - "11.3" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -380,12 +356,6 @@ "3.11" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "3.11" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -393,12 +363,6 @@ "11.3" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "3.11" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_default_encryption_kms.guard", "controls": [ @@ -504,13 +468,6 @@ "11.4" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "11.2", - "11.4" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/db_instance_backup_enabled.guard", "controls": [ @@ -557,7 +514,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "12.2" ] diff --git a/mappings/rule_set_cis_critical_security_controls_v8_ig3.json b/mappings/rule_set_cis_critical_security_controls_v8_ig3.json index d771acd..3de46a8 100644 --- a/mappings/rule_set_cis_critical_security_controls_v8_ig3.json +++ b/mappings/rule_set_cis_critical_security_controls_v8_ig3.json @@ -12,14 +12,6 @@ "7.3" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "3.1", - "12.3", - "12.6" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/alb_http_to_https_redirection_check.guard", "controls": [ @@ -53,14 +45,6 @@ "12.6" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "3.1", - "12.3", - "12.6" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ @@ -361,14 +345,6 @@ "11.3" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "3.11", - "4.6", - "11.3" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -381,12 +357,6 @@ "3.11" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "3.11" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -394,12 +364,6 @@ "11.3" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "3.11" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_default_encryption_kms.guard", "controls": [ @@ -505,13 +469,6 @@ "11.4" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "11.2", - "11.4" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/db_instance_backup_enabled.guard", "controls": [ @@ -558,7 +515,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "12.2" ] @@ -581,12 +538,6 @@ "13.1" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "13.1" - ] - }, { "guardFilePath": "rules/aws/codebuild/codebuild_project_envvar_awscred_check.guard", "controls": [ diff --git a/mappings/rule_set_cis_top_20.json b/mappings/rule_set_cis_top_20.json index 3a2a015..4f3b373 100644 --- a/mappings/rule_set_cis_top_20.json +++ b/mappings/rule_set_cis_top_20.json @@ -187,12 +187,6 @@ "CIS.10" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "CIS.10" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_replication_enabled.guard", "controls": [ @@ -240,13 +234,6 @@ "CIS.14" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "CIS.13", - "CIS.14" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -282,13 +269,6 @@ "CIS.14" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "CIS.13", - "CIS.14" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -296,13 +276,6 @@ "CIS.14" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "CIS.13", - "CIS.14" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_default_lock_enabled.guard", "controls": [ @@ -370,12 +343,6 @@ "CIS.16" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "CIS.16" - ] - }, { "guardFilePath": "rules/aws/codebuild/codebuild_project_envvar_awscred_check.guard", "controls": [ diff --git a/mappings/rule_set_cisa_ce.json b/mappings/rule_set_cisa_ce.json index 2833693..3b116a4 100644 --- a/mappings/rule_set_cisa_ce.json +++ b/mappings/rule_set_cisa_ce.json @@ -41,12 +41,6 @@ "Your Data-3" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "Your Systems-3" - ] - }, { "guardFilePath": "rules/aws/cloudtrail/cloud_trail_log_file_validation_enabled.guard", "controls": [ @@ -107,13 +101,6 @@ "Your Data-2" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "Your Systems-3", - "Your Data-2" - ] - }, { "guardFilePath": "rules/aws/cloudtrail/cloud_trail_encryption_enabled.guard", "controls": [ @@ -196,14 +183,6 @@ "Booting Up: Things to Do First-1" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "Your Systems-3", - "Your Data-1", - "Your Data-2" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/ec2_instance_no_public_ip.guard", "controls": [ @@ -255,7 +234,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "Your Systems-3", "Your Data-4" @@ -370,14 +349,6 @@ "Your Systems-3" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "Your Systems-3", - "Your Data-1", - "Your Data-2" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -402,14 +373,6 @@ "Your Data-2" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "Your Systems-3", - "Your Data-1", - "Your Data-2" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_public_access_check.guard", "controls": [ @@ -417,13 +380,6 @@ "Your Data-2" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "Your Systems-3", - "Your Data-2" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/restricted_common_ports.guard", "controls": [ @@ -534,18 +490,6 @@ "Your Systems-3" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_secret_periodic_rotation.guard", - "controls": [ - "Your Systems-3" - ] - }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_secret_unused.guard", - "controls": [ - "Your Systems-3" - ] - }, { "guardFilePath": "rules/aws/amazon_sns/sns_encrypted_kms.guard", "controls": [ @@ -614,13 +558,6 @@ "Your Data-2" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "Your Data-4", - "Booting Up: Things to Do First-1" - ] - }, { "guardFilePath": "rules/aws/aws_backup/backup_plan_min_frequency_and_min_retention_check.guard", "controls": [ diff --git a/mappings/rule_set_cmmc_level_1.json b/mappings/rule_set_cmmc_level_1.json index f9d3c66..76f2225 100644 --- a/mappings/rule_set_cmmc_level_1.json +++ b/mappings/rule_set_cmmc_level_1.json @@ -189,12 +189,6 @@ "AC.1.001" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "AC.1.001" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/alb_waf_enabled.guard", "controls": [ @@ -275,12 +269,6 @@ "SC.1.175" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "SC.1.175" - ] - }, { "guardFilePath": "rules/aws/cloudwatch/cloudwatch_alarm_action_check.guard", "controls": [ @@ -306,12 +294,6 @@ "SC.1.175" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "SC.1.175" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ diff --git a/mappings/rule_set_cmmc_level_2.json b/mappings/rule_set_cmmc_level_2.json index 6db5a89..73d4232 100644 --- a/mappings/rule_set_cmmc_level_2.json +++ b/mappings/rule_set_cmmc_level_2.json @@ -239,12 +239,6 @@ "AC.1.001" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "AC.1.001" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/alb_waf_enabled.guard", "controls": [ @@ -304,15 +298,6 @@ "SI.2.217" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "AC.2.016", - "SC.1.175", - "SI.2.214", - "SI.2.216" - ] - }, { "guardFilePath": "rules/aws/api_gateway/api_gw_execution_logging_enabled.guard", "controls": [ @@ -425,19 +410,6 @@ "IA.2.081" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "IA.2.081", - "SC.2.179" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "IA.2.081" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -486,31 +458,12 @@ "IA.2.081" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "IA.2.081" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ "IA.2.081" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "IA.2.081" - ] - }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "IA.2.081", - "SC.1.175" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ @@ -585,12 +538,6 @@ "RE.2.137" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "RE.2.137" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ diff --git a/mappings/rule_set_cmmc_level_3.json b/mappings/rule_set_cmmc_level_3.json index 4146e76..8b8a648 100644 --- a/mappings/rule_set_cmmc_level_3.json +++ b/mappings/rule_set_cmmc_level_3.json @@ -291,12 +291,6 @@ "AC.1.001" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "AC.1.001" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/alb_waf_enabled.guard", "controls": [ @@ -368,16 +362,6 @@ "SI.2.217" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "AC.2.016", - "SC.1.175", - "SC.3.180", - "SI.2.214", - "SI.2.216" - ] - }, { "guardFilePath": "rules/aws/aws_certificate_manager/acm_certificate_expiration_check.guard", "controls": [ @@ -396,16 +380,6 @@ "SC.3.190" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "AC.3.014", - "IA.2.081", - "SC.2.179", - "SC.3.185", - "SC.3.190" - ] - }, { "guardFilePath": "rules/aws/opensearch_service/elasticsearch_node_to_node_encryption_check.guard", "controls": [ @@ -447,16 +421,6 @@ "SC.3.190" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "AC.3.014", - "IA.2.081", - "SC.1.175", - "SC.3.185", - "SC.3.190" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -626,13 +590,6 @@ "SC.3.191" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "IA.2.081", - "SC.3.191" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -654,13 +611,6 @@ "SC.3.191" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "IA.2.081", - "SC.3.191" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -668,14 +618,6 @@ "SC.3.191" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "IA.2.081", - "SC.3.190", - "SC.3.191" - ] - }, { "guardFilePath": "rules/aws/amazon_sagemaker/sagemaker_endpoint_configuration_kms_key_configured.guard", "controls": [ @@ -742,14 +684,6 @@ "SC.3.180" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "RE.2.137", - "RE.3.139", - "SC.3.180" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ @@ -797,7 +731,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "SC.3.180" ] diff --git a/mappings/rule_set_cmmc_level_4.json b/mappings/rule_set_cmmc_level_4.json index 74e4ba1..c7a9d8c 100644 --- a/mappings/rule_set_cmmc_level_4.json +++ b/mappings/rule_set_cmmc_level_4.json @@ -308,12 +308,6 @@ "AC.1.001" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "AC.1.001" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/alb_waf_enabled.guard", "controls": [ @@ -393,18 +387,6 @@ "SI.2.217" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "AC.2.016", - "AC.4.023", - "SC.1.175", - "SC.3.180", - "SC.4.199", - "SI.2.214", - "SI.2.216" - ] - }, { "guardFilePath": "rules/aws/aws_certificate_manager/acm_certificate_expiration_check.guard", "controls": [ @@ -423,16 +405,6 @@ "SC.3.190" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "AC.3.014", - "IA.2.081", - "SC.2.179", - "SC.3.185", - "SC.3.190" - ] - }, { "guardFilePath": "rules/aws/opensearch_service/elasticsearch_node_to_node_encryption_check.guard", "controls": [ @@ -474,16 +446,6 @@ "SC.3.190" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "AC.3.014", - "IA.2.081", - "SC.1.175", - "SC.3.185", - "SC.3.190" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -653,13 +615,6 @@ "SC.3.191" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "IA.2.081", - "SC.3.191" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -681,13 +636,6 @@ "SC.3.191" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "IA.2.081", - "SC.3.191" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -695,14 +643,6 @@ "SC.3.191" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "IA.2.081", - "SC.3.190", - "SC.3.191" - ] - }, { "guardFilePath": "rules/aws/amazon_sagemaker/sagemaker_endpoint_configuration_kms_key_configured.guard", "controls": [ @@ -769,14 +709,6 @@ "SC.3.180" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "RE.2.137", - "RE.3.139", - "SC.3.180" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ @@ -824,7 +756,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "SC.3.180" ] diff --git a/mappings/rule_set_cmmc_level_5.json b/mappings/rule_set_cmmc_level_5.json index 754e3cb..3b45b82 100644 --- a/mappings/rule_set_cmmc_level_5.json +++ b/mappings/rule_set_cmmc_level_5.json @@ -318,12 +318,6 @@ "AC.1.001" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "AC.1.001" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/alb_waf_enabled.guard", "controls": [ @@ -410,21 +404,6 @@ "SI.5.223" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "AC.2.016", - "AC.4.023", - "SC.1.175", - "SC.3.180", - "SC.4.199", - "SC.5.198", - "SC.5.208", - "SI.2.214", - "SI.2.216", - "SI.5.223" - ] - }, { "guardFilePath": "rules/aws/aws_certificate_manager/acm_certificate_expiration_check.guard", "controls": [ @@ -444,17 +423,6 @@ "SC.5.230" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "AC.3.014", - "IA.2.081", - "SC.2.179", - "SC.3.185", - "SC.3.190", - "SC.5.230" - ] - }, { "guardFilePath": "rules/aws/opensearch_service/elasticsearch_node_to_node_encryption_check.guard", "controls": [ @@ -497,17 +465,6 @@ "SC.5.230" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "AC.3.014", - "IA.2.081", - "SC.1.175", - "SC.3.185", - "SC.3.190", - "SC.5.230" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -695,13 +652,6 @@ "SC.3.191" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "IA.2.081", - "SC.3.191" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -723,13 +673,6 @@ "SC.3.191" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "IA.2.081", - "SC.3.191" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -737,14 +680,6 @@ "SC.3.191" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "IA.2.081", - "SC.3.190", - "SC.3.191" - ] - }, { "guardFilePath": "rules/aws/amazon_sagemaker/sagemaker_endpoint_configuration_kms_key_configured.guard", "controls": [ @@ -815,15 +750,6 @@ "SC.3.180" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "RE.2.137", - "RE.3.139", - "RE.5.140", - "SC.3.180" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ @@ -864,7 +790,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "RE.5.140", "SC.3.180" diff --git a/mappings/rule_set_enisa_cybersecurity_guide_for_smes.json b/mappings/rule_set_enisa_cybersecurity_guide_for_smes.json index 63b0bc6..f57fec1 100644 --- a/mappings/rule_set_enisa_cybersecurity_guide_for_smes.json +++ b/mappings/rule_set_enisa_cybersecurity_guide_for_smes.json @@ -85,13 +85,6 @@ "6_SECURE DEVICES: ENCRYPTION" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION", - "6_SECURE DEVICES: ENCRYPTION" - ] - }, { "guardFilePath": "rules/aws/cloudtrail/cloud_trail_encryption_enabled.guard", "controls": [ @@ -106,13 +99,6 @@ "6_SECURE DEVICES: ENCRYPTION" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION", - "6_SECURE DEVICES: ENCRYPTION" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -179,13 +165,6 @@ "1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION", - "6_SECURE DEVICES: ENCRYPTION" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -200,13 +179,6 @@ "7_SECURE YOUR NETWORK: REVIEW REMOTE ACCESS SOLUTIONS" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION", - "6_SECURE DEVICES: ENCRYPTION" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ @@ -272,12 +244,6 @@ "6_SECURE DEVICES: ENCRYPTION" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "6_SECURE DEVICES: ENCRYPTION" - ] - }, { "guardFilePath": "rules/aws/amazon_sagemaker/sagemaker_endpoint_configuration_kms_key_configured.guard", "controls": [ @@ -356,12 +322,6 @@ "9_SECURE BACKUPS" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "9_SECURE BACKUPS" - ] - }, { "guardFilePath": "rules/aws/amazon_fsx/fsx_resources_protected_by_backup_plan.guard", "controls": [ diff --git a/mappings/rule_set_ens_high.json b/mappings/rule_set_ens_high.json index 258cbd8..31625e8 100644 --- a/mappings/rule_set_ens_high.json +++ b/mappings/rule_set_ens_high.json @@ -23,16 +23,6 @@ "Art. 21.1" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.4.2", - "Anexo II 5.4.3", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, { "guardFilePath": "rules/aws/cloudtrail/cloud_trail_encryption_enabled.guard", "controls": [ @@ -58,14 +48,6 @@ "Art. 21.1" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -120,14 +102,6 @@ "Art. 21.1" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -144,24 +118,6 @@ "Art. 21.1" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.4.2", - "Anexo II 5.4.3", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ @@ -237,7 +193,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "Anexo II 4.1.2.a); b); c)", "Anexo II 5.8.3.b)", @@ -382,14 +338,6 @@ "Anexo II 5.8.3.b)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "Anexo II 4.3.2.b)", - "Anexo II 5.8.2", - "Anexo II 5.8.3.b)" - ] - }, { "guardFilePath": "rules/aws/aws_dms/dms_replication_not_public.guard", "controls": [ @@ -574,12 +522,6 @@ "Art. 25" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "Art. 25" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ diff --git a/mappings/rule_set_ens_low.json b/mappings/rule_set_ens_low.json index 56ee4e3..d3c86a2 100644 --- a/mappings/rule_set_ens_low.json +++ b/mappings/rule_set_ens_low.json @@ -21,14 +21,6 @@ "Art. 21.1" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, { "guardFilePath": "rules/aws/cloudtrail/cloud_trail_encryption_enabled.guard", "controls": [ @@ -54,14 +46,6 @@ "Art. 21.1" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -110,14 +94,6 @@ "Art. 21.1" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -134,22 +110,6 @@ "Art. 21.1" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ @@ -221,7 +181,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "Anexo II 4.1.2.a); b); c)", "Art. 21.1" @@ -362,13 +322,6 @@ "Anexo II 5.8.2" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "Anexo II 4.3.2.b)", - "Anexo II 5.8.2" - ] - }, { "guardFilePath": "rules/aws/aws_dms/dms_replication_not_public.guard", "controls": [ @@ -546,12 +499,6 @@ "Art. 25" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "Art. 25" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ diff --git a/mappings/rule_set_ens_medium.json b/mappings/rule_set_ens_medium.json index a1915d0..2c66653 100644 --- a/mappings/rule_set_ens_medium.json +++ b/mappings/rule_set_ens_medium.json @@ -23,16 +23,6 @@ "Art. 21.1" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.4.2", - "Anexo II 5.4.3", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, { "guardFilePath": "rules/aws/cloudtrail/cloud_trail_encryption_enabled.guard", "controls": [ @@ -58,14 +48,6 @@ "Art. 21.1" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -120,14 +102,6 @@ "Art. 21.1" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -144,24 +118,6 @@ "Art. 21.1" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "Anexo II 4.1.2.a); b); c)", - "Anexo II 5.4.2", - "Anexo II 5.4.3", - "Anexo II 5.7.3", - "Art. 21.1" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ @@ -237,7 +193,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "Anexo II 4.1.2.a); b); c)", "Anexo II 5.8.3.b)", @@ -382,14 +338,6 @@ "Anexo II 5.8.3.b)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "Anexo II 4.3.2.b)", - "Anexo II 5.8.2", - "Anexo II 5.8.3.b)" - ] - }, { "guardFilePath": "rules/aws/aws_dms/dms_replication_not_public.guard", "controls": [ @@ -574,12 +522,6 @@ "Art. 25" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "Art. 25" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ diff --git a/mappings/rule_set_fedramp_low.json b/mappings/rule_set_fedramp_low.json index d7dcd86..ba12e19 100644 --- a/mappings/rule_set_fedramp_low.json +++ b/mappings/rule_set_fedramp_low.json @@ -32,18 +32,6 @@ "AC-2" ] }, - { - "guardFilePath": "rules/aws/iam/iam_customer_policy_blocked_kms_actions.guard", - "controls": [ - "AC-2" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_inline_policy_blocked_kms_actions.guard", - "controls": [ - "AC-2" - ] - }, { "guardFilePath": "rules/aws/iam/iam_no_inline_policy_check.guard", "controls": [ @@ -59,7 +47,7 @@ ] }, { - "guardFilePath": "rules/aws/cloudtrail/multi_region_cloudtrail_enabled.guard", + "guardFilePath": "rules/aws/cloudtrail/multi_region_cloud_trail_enabled.guard", "controls": [ "AC-2", "AU-2", @@ -73,15 +61,6 @@ "AU-2" ] }, - { - "guardFilePath": "rules/aws/security_hub/securityhub_enabled.guard", - "controls": [ - "AC-2", - "AC-17", - "CA-7", - "IR-4" - ] - }, { "guardFilePath": "rules/aws/aws_waf_v2/wafv2_logging_enabled.guard", "controls": [ @@ -90,12 +69,6 @@ "SC-7" ] }, - { - "guardFilePath": "rules/aws/iam/access_keys_rotated.guard", - "controls": [ - "AC-2" - ] - }, { "guardFilePath": "rules/aws/cloudtrail/cloud_trail_cloud_watch_logs_enabled.guard", "controls": [ @@ -104,7 +77,7 @@ ] }, { - "guardFilePath": "rules/aws/cloudtrail/cloudtrail_enabled.guard", + "guardFilePath": "rules/aws/cloudtrail/cloud_trail_enabled.guard", "controls": [ "AC-2", "AU-2", @@ -127,31 +100,6 @@ "IR-4" ] }, - { - "guardFilePath": "rules/aws/guardduty/guardduty_enabled_centralized.guard", - "controls": [ - "AC-2", - "AC-17", - "CA-7", - "CM-8", - "IR-4", - "SC-5" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_group_has_users_check.guard", - "controls": [ - "AC-2", - "AC-3" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_password_policy.guard", - "controls": [ - "AC-2", - "IA-2" - ] - }, { "guardFilePath": "rules/aws/iam/iam_policy_no_statements_with_admin_access.guard", "controls": [ @@ -159,28 +107,6 @@ "AC-3" ] }, - { - "guardFilePath": "rules/aws/iam/iam_root_access_key_check.guard", - "controls": [ - "AC-2", - "AC-3", - "IA-2" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_user_group_membership_check.guard", - "controls": [ - "AC-2", - "AC-3" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_user_mfa_enabled.guard", - "controls": [ - "AC-2", - "IA-2" - ] - }, { "guardFilePath": "rules/aws/iam/iam_user_no_policies_check.guard", "controls": [ @@ -188,20 +114,6 @@ "AC-3" ] }, - { - "guardFilePath": "rules/aws/iam/iam_user_unused_credentials_check.guard", - "controls": [ - "AC-2", - "AC-3" - ] - }, - { - "guardFilePath": "rules/aws/iam/mfa_enabled_for_iam_console_access.guard", - "controls": [ - "AC-2", - "IA-2" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_configuration_check.guard", "controls": [ @@ -210,20 +122,6 @@ "CA-7" ] }, - { - "guardFilePath": "rules/aws/iam/root_account_hardware_mfa_enabled.guard", - "controls": [ - "AC-2", - "IA-2" - ] - }, - { - "guardFilePath": "rules/aws/iam/root_account_mfa_enabled.guard", - "controls": [ - "AC-2", - "IA-2" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_logging_enabled.guard", "controls": [ @@ -238,18 +136,6 @@ "CM-2" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_imdsv2_check.guard", - "controls": [ - "AC-3" - ] - }, - { - "guardFilePath": "rules/aws/systems_manager/ssm_document_not_public.guard", - "controls": [ - "AC-3" - ] - }, { "guardFilePath": "rules/aws/aws_dms/dms_replication_not_public.guard", "controls": [ @@ -259,15 +145,6 @@ "SC-7" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ebs_snapshot_public_restorable_check.guard", - "controls": [ - "AC-3", - "AC-17", - "CM-2", - "SC-7" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/ec2_instance_no_public_ip.guard", "controls": [ @@ -322,15 +199,6 @@ "SC-7" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshots_public_prohibited.guard", - "controls": [ - "AC-3", - "AC-17", - "CM-2", - "SC-7" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_public_access_check.guard", "controls": [ @@ -340,15 +208,6 @@ "SC-7" ] }, - { - "guardFilePath": "rules/aws/amazon_s3/s3_account_level_public_access_blocks_periodic.guard", - "controls": [ - "AC-3", - "AC-17", - "CM-2", - "SC-7" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_level_public_access_prohibited.guard", "controls": [ @@ -444,13 +303,6 @@ "SC-7" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "AC-17", - "SC-7" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/restricted_common_ports.guard", "controls": [ @@ -466,34 +318,12 @@ "SC-7" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_default_security_group_closed.guard", - "controls": [ - "AC-17", - "CM-2", - "SC-7" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_sg_open_only_to_authorized_ports.guard", - "controls": [ - "AC-17", - "CM-2", - "SC-7" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing/elb_logging_enabled.guard", "controls": [ "AU-2" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_flow_logs_enabled.guard", - "controls": [ - "AU-2" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_replication_enabled.guard", "controls": [ @@ -587,12 +417,6 @@ "SC-7" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "CM-2" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/no_unrestricted_route_to_igw.guard", "controls": [ @@ -600,53 +424,13 @@ ] }, { - "guardFilePath": "rules/aws/amazon_ec2/ec2_instance_managed_by_systems_manager.guard", - "controls": [ - "CM-2", - "CM-8", - "SA-3" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_managedinstance_association_compliance_status_check.guard", - "controls": [ - "CM-2", - "CM-8" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_stopped_instance.guard", - "controls": [ - "CM-2" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_volume_inuse_check.guard", - "controls": [ - "CM-2" - ] - }, - { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "CM-2", "CP-10", "SC-5" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_managedinstance_patch_compliance_status_check.guard", - "controls": [ - "CM-8" - ] - }, - { - "guardFilePath": "rules/aws/amazon_rds/aurora_resources_protected_by_backup_plan.guard", - "controls": [ - "CP-9", - "CP-10" - ] - }, { "guardFilePath": "rules/aws/aws_backup/backup_plan_min_frequency_and_min_retention_check.guard", "controls": [ @@ -661,20 +445,6 @@ "CP-10" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ebs_resources_protected_by_backup_plan.guard", - "controls": [ - "CP-9", - "CP-10" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_resources_protected_by_backup_plan.guard", - "controls": [ - "CP-9", - "CP-10" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_resources_protected_by_backup_plan.guard", "controls": [ @@ -689,13 +459,6 @@ "CP-10" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_resources_protected_by_backup_plan.guard", - "controls": [ - "CP-9", - "CP-10" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ @@ -720,14 +483,6 @@ "SC-5" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "CP-9", - "CP-10", - "SC-5" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing/elb_cross_zone_load_balancing_enabled.guard", "controls": [ @@ -756,19 +511,6 @@ "SC-5" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_vpn_2_tunnels_up.guard", - "controls": [ - "CP-10", - "SC-5" - ] - }, - { - "guardFilePath": "rules/aws/guardduty/guardduty_non_archived_findings.guard", - "controls": [ - "IR-4" - ] - }, { "guardFilePath": "rules/aws/codebuild/codebuild_project_envvar_awscred_check.guard", "controls": [ @@ -829,12 +571,6 @@ "controls": [ "SC-13" ] - }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "SC-13" - ] } ] -} \ No newline at end of file +} diff --git a/mappings/rule_set_fedramp_moderate.json b/mappings/rule_set_fedramp_moderate.json index b0adefb..afacd82 100644 --- a/mappings/rule_set_fedramp_moderate.json +++ b/mappings/rule_set_fedramp_moderate.json @@ -5,14 +5,6 @@ "description" : "AWS Guard rule set based on the AWS Config Conformance Pack for FedRAMP Moderate", "contact" : "aws-guard-rules-registry@amazon.com", "mappings": [ - { - "guardFilePath": "rules/aws/iam/iam_inline_policy_blocked_kms_actions.guard", - "controls": [ - "AC-2(f)", - "AC-2(j)", - "AC-5c" - ] - }, { "guardFilePath": "rules/aws/iam/iam_no_inline_policy_check.guard", "controls": [ @@ -48,62 +40,6 @@ "AC-6(10)" ] }, - { - "guardFilePath": "rules/aws/iam/access_keys_rotated.guard", - "controls": [ - "AC-2(f)", - "AC-2(j)", - "AC-2(1)" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_password_policy.guard", - "controls": [ - "AC-2(f)", - "AC-2(j)", - "AC-2(1)", - "AC-2(3)", - "AC-5c", - "IA-2", - "IA-5(1)(a)(d)(e)", - "IA-5(4)" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_root_access_key_check.guard", - "controls": [ - "AC-2(f)", - "AC-2(j)", - "AC-2(1)", - "AC-3", - "AC-5c", - "AC-6", - "AC-6(10)", - "IA-2" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_user_group_membership_check.guard", - "controls": [ - "AC-2(f)", - "AC-2(j)", - "AC-2(1)", - "AC-3", - "AC-5c", - "AC-6", - "SC-2" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_user_mfa_enabled.guard", - "controls": [ - "AC-2(f)", - "AC-2(j)", - "AC-2(1)", - "IA-2(1)", - "IA-2(1)(2)" - ] - }, { "guardFilePath": "rules/aws/iam/iam_user_no_policies_check.guard", "controls": [ @@ -116,47 +52,6 @@ "SC-2" ] }, - { - "guardFilePath": "rules/aws/iam/iam_user_unused_credentials_check.guard", - "controls": [ - "AC-2(f)", - "AC-2(j)", - "AC-2(1)", - "AC-2(3)", - "AC-3", - "AC-5c", - "AC-6" - ] - }, - { - "guardFilePath": "rules/aws/iam/mfa_enabled_for_iam_console_access.guard", - "controls": [ - "AC-2(f)", - "AC-2(j)", - "AC-2(1)", - "IA-2(1)", - "IA-2(1)(2)" - ] - }, - { - "guardFilePath": "rules/aws/iam/root_account_hardware_mfa_enabled.guard", - "controls": [ - "AC-2(f)", - "AC-2(1)", - "IA-2(1)", - "IA-2(1)(2)" - ] - }, - { - "guardFilePath": "rules/aws/iam/root_account_mfa_enabled.guard", - "controls": [ - "AC-2(f)", - "AC-2(j)", - "AC-2(1)", - "IA-2(1)", - "IA-2(1)(2)" - ] - }, { "guardFilePath": "rules/aws/api_gateway_v2/api_gw_execution_logging_enabled.guard", "controls": [ @@ -174,7 +69,7 @@ ] }, { - "guardFilePath": "rules/aws/cloudtrail/multi_region_cloudtrail_enabled.guard", + "guardFilePath": "rules/aws/cloudtrail/multi_region_cloud_trail_enabled.guard", "controls": [ "AC-2(g)", "AC-2(4)", @@ -198,27 +93,6 @@ "AU-12(a)(c)" ] }, - { - "guardFilePath": "rules/aws/security_hub/securityhub_enabled.guard", - "controls": [ - "AC-2(g)", - "AC-2(1)", - "AC-2(4)", - "AC-2(12)(a)", - "AC-17(1)", - "AU-6(1)(3)", - "CA-7(a)(b)", - "IR-4(1)", - "IR-6(1)", - "IR-7(1)", - "SA-10", - "SI-4(a)(b)(c)", - "SI-4(2)", - "SI-4(4)", - "SI-4(5)", - "SI-4(16)" - ] - }, { "guardFilePath": "rules/aws/aws_waf_v2/wafv2_logging_enabled.guard", "controls": [ @@ -247,7 +121,7 @@ ] }, { - "guardFilePath": "rules/aws/cloudtrail/cloudtrail_enabled.guard", + "guardFilePath": "rules/aws/cloudtrail/cloud_trail_enabled.guard", "controls": [ "AC-2(g)", "AC-2(4)", @@ -274,31 +148,6 @@ "SI-4(16)" ] }, - { - "guardFilePath": "rules/aws/guardduty/guardduty_enabled_centralized.guard", - "controls": [ - "AC-2(g)", - "AC-2(1)", - "AC-2(4)", - "AC-2(12)(a)", - "AC-17(1)", - "AU-6(1)(3)", - "CA-7(a)(b)", - "CM-8(3)(a)", - "IR-4(1)", - "IR-6(1)", - "IR-7(1)", - "RA-5", - "SA-10", - "SC-5", - "SI-4(a)(b)(c)", - "SI-4(1)", - "SI-4(2)", - "SI-4(4)", - "SI-4(5)", - "SI-4(16)" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_configuration_check.guard", "controls": [ @@ -341,23 +190,6 @@ "AC-5c" ] }, - { - "guardFilePath": "rules/aws/iam/iam_customer_policy_blocked_kms_actions.guard", - "controls": [ - "AC-2(j)", - "AC-5c" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_group_has_users_check.guard", - "controls": [ - "AC-2(j)", - "AC-3", - "AC-5c", - "AC-6", - "SC-2" - ] - }, { "guardFilePath": "rules/aws/cloudwatch/cloudwatch_alarm_action_check.guard", "controls": [ @@ -381,21 +213,6 @@ "SC-7(3)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_imdsv2_check.guard", - "controls": [ - "AC-3", - "AC-6" - ] - }, - { - "guardFilePath": "rules/aws/systems_manager/ssm_document_not_public.guard", - "controls": [ - "AC-3", - "SC-4", - "SC-7(3)" - ] - }, { "guardFilePath": "rules/aws/aws_dms/dms_replication_not_public.guard", "controls": [ @@ -410,20 +227,6 @@ "SC-7(3)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ebs_snapshot_public_restorable_check.guard", - "controls": [ - "AC-3", - "AC-4", - "AC-6", - "AC-17(1)", - "AC-21(b)", - "CM-2", - "SC-4", - "SC-7", - "SC-7(3)" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/ec2_instance_no_public_ip.guard", "controls": [ @@ -502,20 +305,6 @@ "SC-7(3)" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshots_public_prohibited.guard", - "controls": [ - "AC-3", - "AC-4", - "AC-6", - "AC-17(1)", - "AC-21(b)", - "CM-2", - "SC-4", - "SC-7", - "SC-7(3)" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_public_access_check.guard", "controls": [ @@ -530,19 +319,6 @@ "SC-7(3)" ] }, - { - "guardFilePath": "rules/aws/amazon_s3/s3_account_level_public_access_blocks_periodic.guard", - "controls": [ - "AC-3", - "AC-6", - "AC-17(1)", - "AC-21(b)", - "CM-2", - "SC-4", - "SC-7", - "SC-7(3)" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_level_public_access_prohibited.guard", "controls": [ @@ -652,30 +428,6 @@ "SC-7(3)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_default_security_group_closed.guard", - "controls": [ - "AC-4", - "AC-17(1)", - "AC-21(b)", - "CM-2", - "SC-4", - "SC-7", - "SC-7(3)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_sg_open_only_to_authorized_ports.guard", - "controls": [ - "AC-4", - "AC-17(1)", - "AC-21(b)", - "CM-2", - "SC-4", - "SC-7", - "SC-7(3)" - ] - }, { "guardFilePath": "rules/aws/codebuild/codebuild_project_envvar_awscred_check.guard", "controls": [ @@ -714,16 +466,6 @@ "SC-23" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "AC-17(2)", - "SC-7", - "SC-8", - "SC-8(1)", - "SC-23" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -751,15 +493,6 @@ "AU-12(a)(c)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_flow_logs_enabled.guard", - "controls": [ - "AU-2(a)(d)", - "AU-3", - "AU-6(1)(3)", - "AU-12(a)(c)" - ] - }, { "guardFilePath": "rules/aws/cloudwatch/cw_loggroup_retention_period_check.guard", "controls": [ @@ -864,72 +597,13 @@ ] }, { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "CM-2", - "SI-4(a)(b)(c)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_instance_managed_by_systems_manager.guard", - "controls": [ - "CM-2", - "CM-7(a)", - "CM-8(1)", - "CM-8(3)(a)", - "SA-3(a)", - "SA-10", - "SI-2(2)", - "SI-7(1)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_managedinstance_association_compliance_status_check.guard", - "controls": [ - "CM-2", - "CM-7(a)", - "CM-8(1)", - "CM-8(3)(a)", - "SI-2(2)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_stopped_instance.guard", - "controls": [ - "CM-2" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_volume_inuse_check.guard", - "controls": [ - "CM-2", - "SC-4" - ] - }, - { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "CM-2", "CP-10", "SC-5" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_managedinstance_patch_compliance_status_check.guard", - "controls": [ - "CM-8(3)(a)", - "SI-2(2)", - "SI-7(1)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_rds/aurora_resources_protected_by_backup_plan.guard", - "controls": [ - "CP-9(b)", - "CP-10", - "SI-12" - ] - }, { "guardFilePath": "rules/aws/aws_backup/backup_plan_min_frequency_and_min_retention_check.guard", "controls": [ @@ -946,22 +620,6 @@ "SI-12" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ebs_resources_protected_by_backup_plan.guard", - "controls": [ - "CP-9(b)", - "CP-10", - "SI-12" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_resources_protected_by_backup_plan.guard", - "controls": [ - "CP-9(b)", - "CP-10", - "SI-12" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_resources_protected_by_backup_plan.guard", "controls": [ @@ -978,14 +636,6 @@ "SI-12" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_resources_protected_by_backup_plan.guard", - "controls": [ - "CP-9(b)", - "CP-10", - "SI-12" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ @@ -1011,15 +661,6 @@ "SI-12" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "CP-9(b)", - "CP-10", - "SC-5", - "SI-12" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing/elb_cross_zone_load_balancing_enabled.guard", "controls": [ @@ -1048,24 +689,6 @@ "SC-5" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_vpn_2_tunnels_up.guard", - "controls": [ - "CP-10", - "SC-5" - ] - }, - { - "guardFilePath": "rules/aws/guardduty/guardduty_non_archived_findings.guard", - "controls": [ - "IR-4(1)", - "IR-6(1)", - "IR-7(1)", - "RA-5", - "SA-10", - "SI-4(a)(b)(c)" - ] - }, { "guardFilePath": "rules/aws/codebuild/codebuild_project_source_repo_url_check.guard", "controls": [ @@ -1094,14 +717,6 @@ "SC-8(1)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "SC-8", - "SC-8(1)", - "SC-23" - ] - }, { "guardFilePath": "rules/aws/aws_kms/cmk_backing_key_rotation_enabled.guard", "controls": [ @@ -1144,13 +759,6 @@ "SC-28" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "SC-13", - "SC-28" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_default_lock_enabled.guard", "controls": [ @@ -1158,13 +766,7 @@ ] }, { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_cache_enabled_and_encrypted.guard", - "controls": [ - "SC-28" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", + "guardFilePath": "rules/aws/api_gateway/api_gw_cache_enabled_and_encrypted.guard", "controls": [ "SC-28" ] @@ -1187,12 +789,6 @@ "SC-28" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "SC-28" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -1212,4 +808,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/mappings/rule_set_ffiec.json b/mappings/rule_set_ffiec.json index ecaad80..aab2e8a 100644 --- a/mappings/rule_set_ffiec.json +++ b/mappings/rule_set_ffiec.json @@ -26,13 +26,6 @@ "D5.IR.Pl.B.6" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "D1.G.RM.Rm.1", - "D5.IR.Pl.B.6" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_multi_az_support.guard", "controls": [ @@ -280,12 +273,6 @@ "D3.PC.Am.B.12" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "D3.PC.Am.B.12" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ @@ -345,28 +332,6 @@ "D3.PC.Am.B.13" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "D3.PC.Am.B.12", - "D3.PC.Am.B.13", - "D3.PC.Am.B.15" - ] - }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "D3.PC.Am.B.12", - "D3.PC.Am.B.13", - "D3.PC.Am.B.15" - ] - }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "D3.PC.Am.B.12" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_default_encryption_kms.guard", "controls": [ @@ -464,13 +429,6 @@ "D3.PC.IM.B.2" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "D3.PC.Im.B.1", - "D3.PC.IM.B.2" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2_auto_scaling/autoscaling_launch_config_public_ip_disabled.guard", "controls": [ @@ -570,7 +528,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "D5.IR.Pl.B.6" ] diff --git a/mappings/rule_set_hipaa_security.json b/mappings/rule_set_hipaa_security.json index cbe7279..393a598 100644 --- a/mappings/rule_set_hipaa_security.json +++ b/mappings/rule_set_hipaa_security.json @@ -341,25 +341,6 @@ "164.308(a)(4)(ii)(B)" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "164.308(a)(4)(ii)(B)" - ] - }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_secret_periodic_rotation.guard", - "controls": [ - "164.308(a)(4)(ii)(B)" - ] - }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_secret_unused.guard", - "controls": [ - "164.308(a)(4)(ii)(B)", - "164.308(a)(4)(ii)(C)" - ] - }, { "guardFilePath": "rules/aws/elastic_beanstalk/elastic_beanstalk_managed_updates_enabled.guard", "controls": [ @@ -394,7 +375,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "164.308(a)(7)(i)", "164.308(a)(7)(ii)(C)" @@ -444,14 +425,6 @@ "164.308(a)(7)(i)" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "164.308(a)(7)(i)", - "164.308(a)(7)(ii)(A)", - "164.308(a)(7)(ii)(B)" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ @@ -503,15 +476,6 @@ "164.312(e)(2)(ii)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "164.312(a)(2)(iv)", - "164.312(e)(1)", - "164.312(e)(2)(i)", - "164.312(e)(2)(ii)" - ] - }, { "guardFilePath": "rules/aws/cloudtrail/cloud_trail_encryption_enabled.guard", "controls": [ @@ -533,13 +497,6 @@ "164.312(e)(2)(ii)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "164.312(a)(2)(iv)", - "164.312(e)(2)(ii)" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -588,13 +545,6 @@ "164.312(e)(2)(ii)" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "164.312(a)(2)(iv)", - "164.312(e)(2)(ii)" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -610,22 +560,6 @@ "164.312(e)(2)(ii)" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "164.312(a)(2)(iv)", - "164.312(e)(2)(ii)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "164.312(a)(2)(iv)", - "164.312(e)(1)", - "164.312(e)(2)(i)", - "164.312(e)(2)(ii)" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ diff --git a/mappings/rule_set_k_isms.json b/mappings/rule_set_k_isms.json index a447b85..3eca3db 100644 --- a/mappings/rule_set_k_isms.json +++ b/mappings/rule_set_k_isms.json @@ -127,12 +127,6 @@ "2.6.6" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "2.6.6" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ @@ -189,12 +183,6 @@ "2.7" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "2.7" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -234,12 +222,6 @@ "2.7" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "2.7" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -252,13 +234,6 @@ "2.7" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "2.7", - "2.10.5" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ @@ -290,12 +265,6 @@ "2.7" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "2.7.1" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing/elb_predefined_security_policy_ssl_check.guard", "controls": [ @@ -401,13 +370,6 @@ "2.12" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "2.9.3", - "2.12" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing/elb_cross_zone_load_balancing_enabled.guard", "controls": [ @@ -416,7 +378,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "2.9.3", "2.12" diff --git a/mappings/rule_set_mas_notice_655.json b/mappings/rule_set_mas_notice_655.json index ae3f6f9..f56868b 100644 --- a/mappings/rule_set_mas_notice_655.json +++ b/mappings/rule_set_mas_notice_655.json @@ -35,12 +35,6 @@ "4.1" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "4.1" - ] - }, { "guardFilePath": "rules/aws/iam/iam_policy_no_statements_with_full_access.guard", "controls": [ @@ -185,12 +179,6 @@ "controls": [ "4.4" ] - }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "4.4" - ] } ] } diff --git a/mappings/rule_set_mas_trmg.json b/mappings/rule_set_mas_trmg.json index 43168c4..fba59a1 100644 --- a/mappings/rule_set_mas_trmg.json +++ b/mappings/rule_set_mas_trmg.json @@ -49,17 +49,6 @@ "14.2.2" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "6.4.5", - "9.3.1", - "10.1.1", - "11.1.1 (a)", - "14.1.2", - "14.2.2" - ] - }, { "guardFilePath": "rules/aws/aws_kms/cmk_backing_key_rotation_enabled.guard", "controls": [ @@ -105,16 +94,6 @@ "14.1.2" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "6.4.5", - "9.3.1", - "10.1.1", - "11.1.1 (a)", - "14.1.2" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -253,7 +232,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "6.4.8", "8.1.1" @@ -310,13 +289,6 @@ "8.4.2" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "7.5.5", - "8.4.2" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ @@ -367,15 +339,6 @@ "8.4.2" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "8.4.4", - "10.1.1", - "11.1.1 (b)", - "11.1.3" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/ec2_instance_profile_attached.guard", "controls": [ @@ -436,30 +399,12 @@ "9.1.1" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "9.1.1" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_policy_grantee_check.guard", "controls": [ "9.1.1" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_secret_periodic_rotation.guard", - "controls": [ - "9.1.1" - ] - }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_secret_unused.guard", - "controls": [ - "9.1.1" - ] - }, { "guardFilePath": "rules/aws/cloudtrail/cloud_trail_encryption_enabled.guard", "controls": [ @@ -500,16 +445,6 @@ "14.2.6" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "10.1.1", - "11.1.1 (b)", - "11.1.3", - "14.2.2", - "14.2.6" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -547,14 +482,6 @@ "11.1.3" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "10.1.1", - "11.1.1 (b)", - "11.1.3" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ diff --git a/mappings/rule_set_nbc_trmg.json b/mappings/rule_set_nbc_trmg.json index 93a9eea..3dd69f5 100644 --- a/mappings/rule_set_nbc_trmg.json +++ b/mappings/rule_set_nbc_trmg.json @@ -184,13 +184,6 @@ "3.1.1(h)" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "3.1.1(h)", - "3.1.10(b)" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -198,13 +191,6 @@ "3.1.10(b)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "3.1.1(h)", - "3.1.10(b)" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -221,15 +207,6 @@ "3.6.1(d)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "3.1.2(a)", - "3.1.6(a)", - "3.6.1(a)(h)", - "3.6.1(d)" - ] - }, { "guardFilePath": "rules/aws/aws_certificate_manager/acm_certificate_expiration_check.guard", "controls": [ @@ -259,15 +236,6 @@ "3.6.1(b)" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "3.1.2(c)", - "3.1.2(e)", - "3.1.3(e)", - "3.6.1(b)" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -436,15 +404,6 @@ "3.1.2(c)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "3.1.2(c)", - "3.1.2(e)", - "3.1.3(e)", - "3.6.1(b)" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ @@ -553,12 +512,6 @@ "3.1.10(b)" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "3.1.10(b)" - ] - }, { "guardFilePath": "rules/aws/secrets_manager/secretsmanager_using_cmk.guard", "controls": [ @@ -585,12 +538,6 @@ "3.3.1(a)" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "3.2.1(h)" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_replication_enabled.guard", "controls": [ @@ -624,7 +571,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "3.3.1(a)" ] diff --git a/mappings/rule_set_ncsc.json b/mappings/rule_set_ncsc.json index b8848ca..de9464c 100644 --- a/mappings/rule_set_ncsc.json +++ b/mappings/rule_set_ncsc.json @@ -35,12 +35,6 @@ "1. Data in transit protection" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "1. Data in transit protection" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ @@ -53,12 +47,6 @@ "1. Data in transit protection" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "1. Data in transit protection" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -121,12 +109,6 @@ "2. Asset protection and resilience" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "2. Asset protection and resilience" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing/elb_cross_zone_load_balancing_enabled.guard", "controls": [ @@ -134,7 +116,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "2. Asset protection and resilience" ] @@ -164,24 +146,12 @@ "11. External interface protection" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "2. Asset protection and resilience" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ "2. Asset protection and resilience" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "2. Asset protection and resilience" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -206,12 +176,6 @@ "2. Asset protection and resilience" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "2. Asset protection and resilience" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -409,12 +373,6 @@ "10. Identity and authentication" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "10. Identity and authentication" - ] - }, { "guardFilePath": "rules/aws/amazon_ecs/ecs_task_definition_user_for_host_mode_check.guard", "controls": [ @@ -458,12 +416,6 @@ "11. External interface protection" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "11. External interface protection" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/ec2_instance_no_public_ip.guard", "controls": [ diff --git a/mappings/rule_set_ncsc_cafv3.json b/mappings/rule_set_ncsc_cafv3.json index 63020bb..4487b25 100644 --- a/mappings/rule_set_ncsc_cafv3.json +++ b/mappings/rule_set_ncsc_cafv3.json @@ -94,12 +94,6 @@ "B4.a Secure by Design" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "B3.b Data in Transit" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -207,7 +201,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "B3.b Data in Transit", "B4.a Secure by Design" @@ -249,12 +243,6 @@ "B4.a Secure by Design" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "B3.b Data in Transit" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ @@ -285,12 +273,6 @@ "B3.c Stored Data" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "B3.c Stored Data" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -309,12 +291,6 @@ "B3.c Stored Data" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "B3.c Stored Data" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -378,13 +354,6 @@ "B5.c Backups" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "B3.c Stored Data", - "B5.c Backups" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_replication_enabled.guard", "controls": [ @@ -415,12 +384,6 @@ "C1.b Securing Logs" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "B3.c Stored Data" - ] - }, { "guardFilePath": "rules/aws/secrets_manager/secretsmanager_using_cmk.guard", "controls": [ @@ -440,12 +403,6 @@ "B4.a Secure by Design" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "B4.a Secure by Design" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_public_read_prohibited.guard", "controls": [ diff --git a/mappings/rule_set_nerc.json b/mappings/rule_set_nerc.json index 6f72b85..98abaa3 100644 --- a/mappings/rule_set_nerc.json +++ b/mappings/rule_set_nerc.json @@ -119,12 +119,6 @@ "CIP-011-3-R1-Part 1.2" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "CIP-011-3-R1-Part 1.2" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -167,12 +161,6 @@ "CIP-011-3-R1-Part 1.2" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "CIP-011-3-R1-Part 1.2" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -185,12 +173,6 @@ "CIP-011-3-R1-Part 1.2" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "CIP-011-3-R1-Part 1.2" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ diff --git a/mappings/rule_set_nist800_53rev4.json b/mappings/rule_set_nist800_53rev4.json index 9ddeded..50e77b5 100644 --- a/mappings/rule_set_nist800_53rev4.json +++ b/mappings/rule_set_nist800_53rev4.json @@ -5,88 +5,6 @@ "description" : "AWS Guard rule set based on the AWS Config Conformance Pack for NIST 800-53 revision 4.", "contact" : "aws-guard-rules-registry@amazon.com", "mappings": [ - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "AC-2(1)", - "AC-2(j)" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_user_group_membership_check.guard", - "controls": [ - "AC-2(1)", - "AC-2(j)", - "AC-3", - "AC-6" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_password_policy.guard", - "controls": [ - "AC-2(1)", - "AC-2(f)", - "AC-2(j)", - "IA-2", - "IA-5(1)(a)(d)(e)", - "IA-5(4)" - ] - }, - { - "guardFilePath": "rules/aws/iam/access_keys_rotated.guard", - "controls": [ - "AC-2(1)", - "AC-2(j)" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_user_unused_credentials_check.guard", - "controls": [ - "AC-2(1)", - "AC-2(3)", - "AC-2(f)", - "AC-3", - "AC-6" - ] - }, - { - "guardFilePath": "rules/aws/security_hub/securityhub_enabled.guard", - "controls": [ - "AC-2(1)", - "AC-2(4)", - "AC-2(12)(a)", - "AC-2(g)", - "AC-17(1)", - "AU-6(1)(3)", - "CA-7(a)(b)", - "SA-10", - "SI-4(2)", - "SI-4(4)", - "SI-4(5)", - "SI-4(16)", - "SI-4(a)(b)(c)" - ] - }, - { - "guardFilePath": "rules/aws/guardduty/guardduty_enabled_centralized.guard", - "controls": [ - "AC-2(1)", - "AC-2(4)", - "AC-2(12)(a)", - "AC-2(g)", - "AC-17(1)", - "AU-6(1)(3)", - "CA-7(a)(b)", - "RA-5", - "SA-10", - "SI-4(1)", - "SI-4(2)", - "SI-4(4)", - "SI-4(5)", - "SI-4(16)", - "SI-4(a)(b)(c)" - ] - }, { "guardFilePath": "rules/aws/cloudtrail/cloud_trail_cloud_watch_logs_enabled.guard", "controls": [ @@ -105,7 +23,7 @@ ] }, { - "guardFilePath": "rules/aws/cloudtrail/cloudtrail_enabled.guard", + "guardFilePath": "rules/aws/cloudtrail/cloud_trail_enabled.guard", "controls": [ "AC-2(4)", "AC-2(g)", @@ -115,7 +33,7 @@ ] }, { - "guardFilePath": "rules/aws/cloudtrail/multi_region_cloudtrail_enabled.guard", + "guardFilePath": "rules/aws/cloudtrail/multi_region_cloud_trail_enabled.guard", "controls": [ "AC-2(4)", "AU-2(a)(d)", @@ -159,16 +77,6 @@ "SC-28" ] }, - { - "guardFilePath": "rules/aws/iam/iam_root_access_key_check.guard", - "controls": [ - "AC-2(f)", - "AC-2(j)", - "AC-3", - "AC-6", - "AC-6(10)" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_logging_enabled.guard", "controls": [ @@ -187,13 +95,6 @@ "AU-12(a)(c)" ] }, - { - "guardFilePath": "rules/aws/iam/root_account_mfa_enabled.guard", - "controls": [ - "AC-2(j)", - "IA-2(1)(11)" - ] - }, { "guardFilePath": "rules/aws/amazon_emr/emr_kerberos_enabled.guard", "controls": [ @@ -203,16 +104,6 @@ "AC-6" ] }, - { - "guardFilePath": "rules/aws/iam/iam_group_has_users_check.guard", - "controls": [ - "AC-2(j)", - "AC-3", - "AC-5c", - "AC-6", - "SC-2" - ] - }, { "guardFilePath": "rules/aws/iam/iam_policy_no_statements_with_admin_access.guard", "controls": [ @@ -254,17 +145,6 @@ "SC-7(3)" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshots_public_prohibited.guard", - "controls": [ - "AC-3", - "AC-4", - "AC-6", - "AC-21(b)", - "SC-7", - "SC-7(3)" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_public_access_check.guard", "controls": [ @@ -296,17 +176,6 @@ "SC-7(3)" ] }, - { - "guardFilePath": "rules/aws/amazon_s3/s3_account_level_public_access_blocks.guard", - "controls": [ - "AC-3", - "AC-4", - "AC-6", - "AC-21(b)", - "SC-7", - "SC-7(3)" - ] - }, { "guardFilePath": "rules/aws/aws_dms/dms_replication_not_public.guard", "controls": [ @@ -318,17 +187,6 @@ "SC-7(3)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ebs_snapshot_public_restorable_check.guard", - "controls": [ - "AC-3", - "AC-4", - "AC-6", - "AC-21(b)", - "SC-7", - "SC-7(3)" - ] - }, { "guardFilePath": "rules/aws/amazon_sagemaker/sagemaker_notebook_no_direct_internet_access.guard", "controls": [ @@ -383,22 +241,6 @@ "SC-7(3)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_default_security_group_closed.guard", - "controls": [ - "AC-4", - "SC-7", - "SC-7(3)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_sg_open_only_to_authorized_ports.guard", - "controls": [ - "AC-4", - "SC-7", - "SC-7(3)" - ] - }, { "guardFilePath": "rules/aws/aws_certificate_manager/acm_certificate_expiration_check.guard", "controls": [ @@ -434,15 +276,6 @@ "SC-7(3)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/internet_gateway_authorized_vpc_only.guard", - "controls": [ - "AC-4", - "AC-17(3)", - "SC-7", - "SC-7(3)" - ] - }, { "guardFilePath": "rules/aws/codebuild/codebuild_project_envvar_awscred_check.guard", "controls": [ @@ -451,12 +284,6 @@ "SA-3(a)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_imdsv2_check.guard", - "controls": [ - "AC-6" - ] - }, { "guardFilePath": "rules/aws/iam/iam_no_inline_policy_check.guard", "controls": [ @@ -474,16 +301,6 @@ "SC-23" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "AC-17(2)", - "SC-7", - "SC-8", - "SC-8(1)", - "SC-13" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -540,14 +357,6 @@ "AU-12(a)(c)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_flow_logs_enabled.guard", - "controls": [ - "AU-2(a)(d)", - "AU-3", - "AU-12(a)(c)" - ] - }, { "guardFilePath": "rules/aws/aws_waf_v2/wafv2_logging_enabled.guard", "controls": [ @@ -606,61 +415,12 @@ ] }, { - "guardFilePath": "rules/aws/amazon_ec2/ec2_instance_managed_by_systems_manager.guard", - "controls": [ - "CM-2", - "CM-7(a)", - "CM-8(1)", - "CM-8(3)(a)", - "SA-3(a)", - "SA-10", - "SI-2(2)", - "SI-7(1)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_managedinstance_association_compliance_status_check.guard", - "controls": [ - "CM-2", - "CM-7(a)", - "CM-8(3)(a)", - "SI-2(2)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_stopped_instance.guard", - "controls": [ - "CM-2" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_volume_inuse_check.guard", - "controls": [ - "CM-2", - "SC-4" - ] - }, - { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "CM-2", "CP-10" ] }, - { - "guardFilePath": "rules/aws/cloudtrail/cloudtrail_security_trail_enabled.guard", - "controls": [ - "CM-2" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_managedinstance_patch_compliance_status_check.guard", - "controls": [ - "CM-8(3)(a)", - "SI-2(2)", - "SI-7(1)" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/db_instance_backup_enabled.guard", "controls": [ @@ -677,14 +437,6 @@ "SI-12" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "CP-9(b)", - "CP-10", - "SI-12" - ] - }, { "guardFilePath": "rules/aws/dynamodb/dynamodb_in_backup_plan.guard", "controls": [ @@ -693,30 +445,6 @@ "SI-12" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ebs_in_backup_plan.guard", - "controls": [ - "CP-9(b)", - "CP-10", - "SI-12" - ] - }, - { - "guardFilePath": "rules/aws/amazon_efs/efs_in_backup_plan.guard", - "controls": [ - "CP-9(b)", - "CP-10", - "SI-12" - ] - }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_in_backup_plan.guard", - "controls": [ - "CP-9(b)", - "CP-10", - "SI-12" - ] - }, { "guardFilePath": "rules/aws/dynamodb/dynamodb_autoscaling_enabled.guard", "controls": [ @@ -739,12 +467,6 @@ "SI-12" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_vpn_2_tunnels_up.guard", - "controls": [ - "CP-10" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing/elb_cross_zone_load_balancing_enabled.guard", "controls": [ @@ -752,35 +474,6 @@ "SC-5" ] }, - { - "guardFilePath": "rules/aws/iam/root_account_hardware_mfa_enabled.guard", - "controls": [ - "IA-2(1)(11)" - ] - }, - { - "guardFilePath": "rules/aws/iam/mfa_enabled_for_iam_console_access.guard", - "controls": [ - "IA-2(1)(2)(11)" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_user_mfa_enabled.guard", - "controls": [ - "IA-2(1)(2)(11)" - ] - }, - { - "guardFilePath": "rules/aws/guardduty/guardduty_non_archived_findings.guard", - "controls": [ - "IR-4(1)", - "IR-6(1)", - "IR-7(1)", - "RA-5", - "SA-10", - "SI-4(a)(b)(c)" - ] - }, { "guardFilePath": "rules/aws/codebuild/codebuild_project_source_repo_url_check.guard", "controls": [ @@ -828,7 +521,7 @@ ] }, { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_cache_enabled_and_encrypted.guard", + "guardFilePath": "rules/aws/api_gateway/api_gw_cache_enabled_and_encrypted.guard", "controls": [ "SC-13", "SC-28" @@ -902,18 +595,6 @@ "SC-28" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "SC-28" - ] - }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "SC-28" - ] - }, { "guardFilePath": "rules/aws/cloudtrail/cloud_trail_log_file_validation_enabled.guard", "controls": [ @@ -922,4 +603,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/mappings/rule_set_nist800_53rev5.json b/mappings/rule_set_nist800_53rev5.json index 623f738..256af2d 100644 --- a/mappings/rule_set_nist800_53rev5.json +++ b/mappings/rule_set_nist800_53rev5.json @@ -5,49 +5,6 @@ "description" : "AWS Guard rule set based on the AWS Config Conformance Pack for NIST 800-53 revision 5.", "contact" : "aws-guard-rules-registry@amazon.com", "mappings": [ - { - "guardFilePath": "rules/aws/iam/access_keys_rotated.guard", - "controls": [ - "AC-2(1)", - "AC-3(3)(a)", - "AC-3(3)(b)(1)", - "AC-3(3)(b)(2)", - "AC-3(3)(b)(3)", - "AC-3(3)(b)(4)", - "AC-3(3)(b)(5)", - "AC-3(3)(c)", - "AC-3(3)", - "AC-3(4)(a)", - "AC-3(4)(b)", - "AC-3(4)(c)", - "AC-3(4)(d)", - "AC-3(4)(e)", - "AC-3(4)", - "AC-3(8)", - "AC-3(12)(a)", - "AC-3(13)", - "AC-3(15)(a)", - "AC-3(15)(b)", - "AC-4(28)", - "AC-24", - "CM-5(1)(a)", - "CM-6a", - "CM-9b", - "SC-23(3)" - ] - }, - { - "guardFilePath": "rules/aws/aws_organizations/account_part_of_organizations.guard", - "controls": [ - "CM-2b", - "CM-2b.1", - "CM-2b.2", - "CM-2b.3", - "CM-3(3)", - "CM-6a", - "CM-9b" - ] - }, { "guardFilePath": "rules/aws/aws_certificate_manager/acm_certificate_expiration_check.guard", "controls": [ @@ -88,13 +45,7 @@ ] }, { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "AC-4(21)" - ] - }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_cache_enabled_and_encrypted.guard", + "guardFilePath": "rules/aws/api_gateway/api_gw_cache_enabled_and_encrypted.guard", "controls": [ "AU-9(3)", "CP-9d", @@ -144,32 +95,6 @@ "SI-7(8)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "AC-4", - "AC-4(22)", - "AC-17(2)", - "AC-24(1)", - "AU-9(3)", - "CA-9b", - "IA-5(1)(c)", - "PM-17b", - "SC-7(4)(b)", - "SC-7(4)(g)", - "SC-8", - "SC-8(1)", - "SC-8(2)", - "SC-8(3)", - "SC-8(4)", - "SC-8(5)", - "SC-13a", - "SC-23", - "SI-1a.2", - "SI-1a.2", - "SI-1c.2" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2_auto_scaling/autoscaling_group_elb_healthcheck_required.guard", "controls": [ @@ -307,7 +232,7 @@ ] }, { - "guardFilePath": "rules/aws/cloudtrail/cloudtrail_enabled.guard", + "guardFilePath": "rules/aws/cloudtrail/cloud_trail_enabled.guard", "controls": [ "AC-2(4)", "AC-3(1)", @@ -610,23 +535,6 @@ "SI-2a" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ebs_in_backup_plan.guard", - "controls": [ - "CP-1(2)", - "CP-2(5)", - "CP-6a", - "CP-6(1)", - "CP-6(2)", - "CP-9a", - "CP-9b", - "CP-9c", - "CP-10", - "CP-10(2)", - "SC-5(2)", - "SI-13(5)" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/ebs_optimized_instance.guard", "controls": [ @@ -638,112 +546,6 @@ "SC-5(2)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ebs_snapshot_public_restorable_check.guard", - "controls": [ - "AC-2(6)", - "AC-3", - "AC-3(7)", - "AC-4(21)", - "AC-6", - "AC-17b", - "AC-17(1)", - "AC-17(1)", - "AC-17(4)(a)", - "AC-17(9)", - "AC-17(10)", - "MP-2", - "SC-7a", - "SC-7b", - "SC-7c", - "SC-7(2)", - "SC-7(3)", - "SC-7(7)", - "SC-7(9)(a)", - "SC-7(11)", - "SC-7(12)", - "SC-7(16)", - "SC-7(20)", - "SC-7(21)", - "SC-7(24)(b)", - "SC-7(25)", - "SC-7(26)", - "SC-7(27)", - "SC-7(28)", - "SC-25" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "AU-9(3)", - "CM-6a", - "CM-9b", - "CP-9d", - "SC-8(3)", - "SC-8(4)", - "SC-13a", - "SC-28(1)", - "SI-19(4)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_imdsv2_check.guard", - "controls": [ - "AC-2(6)", - "AC-3", - "AC-3(3)(a)", - "AC-3(3)(b)(1)", - "AC-3(3)(b)(2)", - "AC-3(3)(b)(3)", - "AC-3(3)(b)(4)", - "AC-3(3)(b)(5)", - "AC-3(3)(c)", - "AC-3(3)", - "AC-3(4)(a)", - "AC-3(4)(b)", - "AC-3(4)(c)", - "AC-3(4)(d)", - "AC-3(4)(e)", - "AC-3(4)", - "AC-3(7)", - "AC-3(8)", - "AC-3(12)(a)", - "AC-3(13)", - "AC-3(15)(a)", - "AC-3(15)(b)", - "AC-4(28)", - "AC-6", - "AC-24", - "CM-5(1)(a)", - "MP-2", - "SC-23(3)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_instance_managed_by_systems_manager.guard", - "controls": [ - "CM-2a", - "CM-2b", - "CM-2b.1", - "CM-2b.2", - "CM-2b.3", - "CM-2(2)", - "CM-3(3)", - "CM-8a", - "CM-8a.1", - "CM-8a.2", - "CM-8a.3", - "CM-8a.4", - "CM-8a.5", - "CM-8b", - "CM-8(1)", - "CM-8(2)", - "CM-8(3)(a)", - "CM-8(6)", - "SI-3c.2" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/ec2_instance_no_public_ip.guard", "controls": [ @@ -816,68 +618,6 @@ "SC-25" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_managedinstance_association_compliance_status_check.guard", - "controls": [ - "CM-2a", - "CM-2b", - "CM-2b.1", - "CM-2b.2", - "CM-2b.3", - "CM-2(2)", - "CM-3(3)", - "CM-8a", - "CM-8a.1", - "CM-8a.2", - "CM-8a.3", - "CM-8a.4", - "CM-8a.5", - "CM-8b", - "CM-8(1)", - "CM-8(3)(a)", - "CM-8(6)", - "SI-3c.2" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_managedinstance_patch_compliance_status_check.guard", - "controls": [ - "CM-8(3)(a)", - "RA-3a.1", - "RA-3a.1", - "SI-2c", - "SI-2d", - "SI-2(2)", - "SI-2(5)", - "SI-3c.2" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_stopped_instance.guard", - "controls": [ - "CM-2a", - "CM-2b", - "CM-2b.1", - "CM-2b.2", - "CM-2b.3", - "CM-2(2)", - "CM-3(3)", - "CM-8(6)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_volume_inuse_check.guard", - "controls": [ - "CM-2a", - "CM-2b", - "CM-2b.1", - "CM-2b.2", - "CM-2b.3", - "CM-2(2)", - "CM-3(3)", - "CM-8(6)" - ] - }, { "guardFilePath": "rules/aws/amazon_ecs/ecs_task_definition_user_for_host_mode_check.guard", "controls": [ @@ -898,23 +638,6 @@ "SI-19(4)" ] }, - { - "guardFilePath": "rules/aws/amazon_efs/efs_in_backup_plan.guard", - "controls": [ - "CP-1(2)", - "CP-2(5)", - "CP-6a", - "CP-6(1)", - "CP-6(2)", - "CP-9a", - "CP-9b", - "CP-9c", - "CP-10", - "CP-10(2)", - "SC-5(2)", - "SI-13(5)" - ] - }, { "guardFilePath": "rules/aws/elastic_beanstalk/elastic_beanstalk_managed_updates_enabled.guard", "controls": [ @@ -924,23 +647,6 @@ "SI-2(5)" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "CP-1(2)", - "CP-2(5)", - "CP-6a", - "CP-6(1)", - "CP-6(2)", - "CP-9a", - "CP-9b", - "CP-9c", - "CP-10", - "CP-10(2)", - "SC-5(2)", - "SI-13(5)" - ] - }, { "guardFilePath": "rules/aws/opensearch_service/elasticsearch_encrypted_at_rest.guard", "controls": [ @@ -1062,7 +768,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "CA-7(4)(c)", "CM-2a", @@ -1209,69 +915,7 @@ ] }, { - "guardFilePath": "rules/aws/guardduty/guardduty_enabled_centralized.guard", - "controls": [ - "AC-2(12)(a)", - "AC-3(12)(b)", - "AU-3(1)", - "AU-6(1)", - "AU-6(5)", - "AU-12(3)", - "AU-14a", - "AU-14b", - "CA-2d", - "CA-7", - "CA-7b", - "CM-8(3)(a)", - "IR-4a", - "PE-6(2)", - "PE-6(4)", - "PM-14a.1", - "PM-14b", - "PM-16", - "PM-31", - "RA-1a", - "RA-1a.1", - "RA-1a.2", - "RA-3a.1", - "RA-3a.1", - "RA-3(4)", - "RA-5a", - "RA-5(4)", - "RA-10a", - "RA-10a.1", - "RA-10a.2", - "SC-5a", - "SC-5b", - "SC-5(1)", - "SC-5(3)(a)", - "SC-5(3)(b)", - "SC-43b", - "SI-3(8)(a)", - "SI-4a", - "SI-4a.1", - "SI-4a.1", - "SI-4a.2", - "SI-4b", - "SI-4c", - "SI-4(1)", - "SI-4(1)", - "SI-4(2)", - "SI-4(3)", - "SI-4(4)(a)", - "SI-4(4)(b)", - "SI-4(10)", - "SI-4(13)(a)", - "SI-4(14)", - "SI-4(14)", - "SI-4(23)", - "SI-4(25)", - "SI-5b", - "SI-5(1)" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_no_inline_policy_check.guard", + "guardFilePath": "rules/aws/iam/iam_no_inline_policy_check.guard", "controls": [ "AC-2i.2", "AC-2(1)", @@ -1308,60 +952,6 @@ "SC-23(3)" ] }, - { - "guardFilePath": "rules/aws/iam/iam_password_policy.guard", - "controls": [ - "AC-2d.1", - "AC-2(1)", - "AC-2(3)(a)", - "AC-2(3)(b)", - "AC-2(3)(c)", - "AC-2(3)(d)", - "AC-2(3)", - "AC-3(3)(a)", - "AC-3(3)(b)(1)", - "AC-3(3)(b)(2)", - "AC-3(3)(b)(3)", - "AC-3(3)(b)(4)", - "AC-3(3)(b)(5)", - "AC-3(3)(c)", - "AC-3(3)", - "AC-3(4)(a)", - "AC-3(4)(b)", - "AC-3(4)(c)", - "AC-3(4)(d)", - "AC-3(4)(e)", - "AC-3(4)", - "AC-3(8)", - "AC-3(12)(a)", - "AC-3(13)", - "AC-3(15)(a)", - "AC-3(15)(b)", - "AC-4(28)", - "AC-7(4)", - "AC-7(4)(a)", - "AC-24", - "CM-5(1)(a)", - "CM-6a", - "CM-9b", - "CM-12b", - "IA-4d", - "IA-5", - "IA-5b", - "IA-5c", - "IA-5d", - "IA-5f", - "IA-5h", - "IA-5(1)(f)", - "IA-5(1)(g)", - "IA-5(1)(h)", - "IA-5(18)(a)", - "IA-5(18)(b)", - "IA-8(2)(b)", - "MA-4c", - "SC-23(3)" - ] - }, { "guardFilePath": "rules/aws/iam/iam_policy_no_statements_with_admin_access.guard", "controls": [ @@ -1414,126 +1004,6 @@ "CM-5(1)(a)" ] }, - { - "guardFilePath": "rules/aws/iam/iam_root_access_key_check.guard", - "controls": [ - "AC-2(1)", - "AC-2(6)", - "AC-3(3)(a)", - "AC-3(3)(b)(1)", - "AC-3(3)(b)(2)", - "AC-3(3)(b)(3)", - "AC-3(3)(b)(4)", - "AC-3(3)(b)(5)", - "AC-3(3)(c)", - "AC-3(3)", - "AC-3(4)(a)", - "AC-3(4)(b)", - "AC-3(4)(c)", - "AC-3(4)(d)", - "AC-3(4)(e)", - "AC-3(4)", - "AC-3(7)", - "AC-3(8)", - "AC-3(12)(a)", - "AC-3(13)", - "AC-3(15)(a)", - "AC-3(15)(b)", - "AC-4(28)", - "AC-6", - "AC-6(2)", - "AC-6(10)", - "AC-24", - "CM-5(1)(a)", - "CM-6a", - "CM-6a", - "CM-9b", - "IA-2", - "IA-4b", - "IA-4(4)", - "IA-4(8)", - "IA-5(8)", - "MP-2", - "SC-23(3)", - "SC-25" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_user_group_membership_check.guard", - "controls": [ - "AC-2i.2", - "AC-2(1)", - "AC-2(6)", - "AC-3", - "AC-3(3)(a)", - "AC-3(3)(b)(1)", - "AC-3(3)(b)(2)", - "AC-3(3)(b)(3)", - "AC-3(3)(b)(4)", - "AC-3(3)(b)(5)", - "AC-3(3)(c)", - "AC-3(3)", - "AC-3(4)(a)", - "AC-3(4)(b)", - "AC-3(4)(c)", - "AC-3(4)(d)", - "AC-3(4)(e)", - "AC-3(4)", - "AC-3(7)", - "AC-3(8)", - "AC-3(12)(a)", - "AC-3(13)", - "AC-3(15)(a)", - "AC-3(15)(b)", - "AC-4(28)", - "AC-6", - "AC-6(3)", - "AC-24", - "CM-5(1)(a)", - "CM-6a", - "CM-9b", - "MP-2", - "SC-23(3)" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_user_mfa_enabled.guard", - "controls": [ - "AC-2(1)", - "AC-3(2)", - "AC-3(3)(a)", - "AC-3(3)(b)(1)", - "AC-3(3)(b)(2)", - "AC-3(3)(b)(3)", - "AC-3(3)(b)(4)", - "AC-3(3)(b)(5)", - "AC-3(3)(c)", - "AC-3(3)", - "AC-3(4)(a)", - "AC-3(4)(b)", - "AC-3(4)(c)", - "AC-3(4)(d)", - "AC-3(4)(e)", - "AC-3(4)", - "AC-3(8)", - "AC-3(12)(a)", - "AC-3(13)", - "AC-3(15)(a)", - "AC-3(15)(b)", - "AC-4(28)", - "AC-7(4)", - "AC-7(4)(a)", - "AC-24", - "CM-5(1)(a)", - "IA-2(1)", - "IA-2(2)", - "IA-2(6)", - "IA-2(6)", - "IA-2(6)(a)", - "IA-2(8)", - "SC-23(3)" - ] - }, { "guardFilePath": "rules/aws/iam/iam_user_no_policies_check.guard", "controls": [ @@ -1573,50 +1043,6 @@ "SC-25" ] }, - { - "guardFilePath": "rules/aws/iam/iam_user_unused_credentials_check.guard", - "controls": [ - "AC-2g", - "AC-2j", - "AC-2j", - "AC-2(1)", - "AC-2(3)(a)", - "AC-2(3)(b)", - "AC-2(3)(c)", - "AC-2(3)(d)", - "AC-2(3)", - "AC-2(6)", - "AC-3", - "AC-3(3)(a)", - "AC-3(3)(b)(1)", - "AC-3(3)(b)(2)", - "AC-3(3)(b)(3)", - "AC-3(3)(b)(4)", - "AC-3(3)(b)(5)", - "AC-3(3)(c)", - "AC-3(3)", - "AC-3(4)(a)", - "AC-3(4)(b)", - "AC-3(4)(c)", - "AC-3(4)(d)", - "AC-3(4)(e)", - "AC-3(4)", - "AC-3(7)", - "AC-3(8)", - "AC-3(12)(a)", - "AC-3(13)", - "AC-3(15)(a)", - "AC-3(15)(b)", - "AC-4(28)", - "AC-6", - "AC-24", - "CM-5(1)(a)", - "CM-6a", - "CM-9b", - "MP-2", - "SC-23(3)" - ] - }, { "guardFilePath": "rules/aws/aws_kms/kms_cmk_not_scheduled_for_deletion.guard", "controls": [ @@ -1722,47 +1148,7 @@ ] }, { - "guardFilePath": "rules/aws/iam/mfa_enabled_for_iam_console_access.guard", - "controls": [ - "AC-2(1)", - "AC-3(2)", - "AC-3(3)(a)", - "AC-3(3)(b)(1)", - "AC-3(3)(b)(2)", - "AC-3(3)(b)(3)", - "AC-3(3)(b)(4)", - "AC-3(3)(b)(5)", - "AC-3(3)(c)", - "AC-3(3)", - "AC-3(4)(a)", - "AC-3(4)(b)", - "AC-3(4)(c)", - "AC-3(4)(d)", - "AC-3(4)(e)", - "AC-3(4)", - "AC-3(8)", - "AC-3(12)(a)", - "AC-3(13)", - "AC-3(15)(a)", - "AC-3(15)(b)", - "AC-4(28)", - "AC-7(4)", - "AC-7(4)(a)", - "AC-24", - "CM-5(1)(a)", - "CM-6a", - "CM-9b", - "IA-2(1)", - "IA-2(2)", - "IA-2(6)", - "IA-2(6)", - "IA-2(6)(a)", - "IA-2(8)", - "SC-23(3)" - ] - }, - { - "guardFilePath": "rules/aws/cloudtrail/multi_region_cloudtrail_enabled.guard", + "guardFilePath": "rules/aws/cloudtrail/multi_region_cloud_trail_enabled.guard", "controls": [ "AC-2(4)", "AC-3(1)", @@ -1834,23 +1220,6 @@ "SI-2a" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_in_backup_plan.guard", - "controls": [ - "CP-1(2)", - "CP-2(5)", - "CP-6a", - "CP-6(1)", - "CP-6(2)", - "CP-9a", - "CP-9b", - "CP-9c", - "CP-10", - "CP-10(2)", - "SC-5(2)", - "SI-13(5)" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_instance_deletion_protection_enabled.guard", "controls": [ @@ -1974,54 +1343,6 @@ "SI-13(5)" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "AU-9(3)", - "CP-9d", - "CP-9(8)", - "SC-8(3)", - "SC-8(4)", - "SC-13a", - "SC-28(1)", - "SI-19(4)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshots_public_prohibited.guard", - "controls": [ - "AC-2(6)", - "AC-3", - "AC-3(7)", - "AC-4(21)", - "AC-6", - "AC-17b", - "AC-17(1)", - "AC-17(1)", - "AC-17(4)(a)", - "AC-17(9)", - "AC-17(10)", - "MP-2", - "SC-7a", - "SC-7b", - "SC-7c", - "SC-7(2)", - "SC-7(3)", - "SC-7(7)", - "SC-7(9)(a)", - "SC-7(11)", - "SC-7(12)", - "SC-7(16)", - "SC-7(20)", - "SC-7(21)", - "SC-7(24)(b)", - "SC-7(25)", - "SC-7(26)", - "SC-7(27)", - "SC-7(28)", - "SC-25" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -2106,18 +1427,6 @@ "SI-19(4)" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "AU-9(3)", - "CP-9d", - "SC-8(3)", - "SC-8(4)", - "SC-13a", - "SC-28(1)", - "SI-19(4)" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_maintenancesettings_check.guard", "controls": [ @@ -2178,30 +1487,6 @@ "SC-7b" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "AC-4", - "AC-4(22)", - "AC-24(1)", - "AU-9(3)", - "CA-9b", - "PM-17b", - "SC-7(4)(b)", - "SC-7(4)(g)", - "SC-8", - "SC-8(1)", - "SC-8(2)", - "SC-8(3)", - "SC-8(4)", - "SC-8(5)", - "SC-13a", - "SC-23", - "SI-1a.2", - "SI-1a.2", - "SI-1c.2" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/restricted_common_ports.guard", "controls": [ @@ -2216,35 +1501,11 @@ "CM-2(2)", "CM-6a", "CM-7b", - "CM-8(6)", - "CM-9b", - "SC-7a", - "SC-7c", - "SC-7(5)", - "SC-7(7)", - "SC-7(11)", - "SC-7(12)", - "SC-7(16)", - "SC-7(21)", - "SC-7(24)(b)", - "SC-7(25)", - "SC-7(26)", - "SC-7(27)", - "SC-7(28)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/restricted_ssh.guard", - "controls": [ - "AC-17b", - "AC-17(1)", - "AC-17(1)", - "AC-17(4)(a)", - "AC-17(9)", - "AC-17(10)", + "CM-8(6)", "CM-9b", "SC-7a", "SC-7c", + "SC-7(5)", "SC-7(7)", "SC-7(11)", "SC-7(12)", @@ -2258,120 +1519,27 @@ ] }, { - "guardFilePath": "rules/aws/iam/root_account_hardware_mfa_enabled.guard", - "controls": [ - "AC-2(1)", - "AC-3(2)", - "AC-3(3)(a)", - "AC-3(3)(b)(1)", - "AC-3(3)(b)(2)", - "AC-3(3)(b)(3)", - "AC-3(3)(b)(4)", - "AC-3(3)(b)(5)", - "AC-3(3)(c)", - "AC-3(3)", - "AC-3(4)(a)", - "AC-3(4)(b)", - "AC-3(4)(c)", - "AC-3(4)(d)", - "AC-3(4)(e)", - "AC-3(4)", - "AC-3(8)", - "AC-3(12)(a)", - "AC-3(13)", - "AC-3(15)(a)", - "AC-3(15)(b)", - "AC-4(28)", - "AC-7(4)", - "AC-7(4)(a)", - "AC-24", - "CM-5(1)(a)", - "CM-6a", - "CM-9b", - "IA-2(1)", - "IA-2(2)", - "IA-2(6)", - "IA-2(6)", - "IA-2(6)(a)", - "IA-2(8)", - "SC-23(3)" - ] - }, - { - "guardFilePath": "rules/aws/iam/root_account_mfa_enabled.guard", - "controls": [ - "AC-2(1)", - "AC-3(2)", - "AC-3(3)(a)", - "AC-3(3)(b)(1)", - "AC-3(3)(b)(2)", - "AC-3(3)(b)(3)", - "AC-3(3)(b)(4)", - "AC-3(3)(b)(5)", - "AC-3(3)(c)", - "AC-3(3)", - "AC-3(4)(a)", - "AC-3(4)(b)", - "AC-3(4)(c)", - "AC-3(4)(d)", - "AC-3(4)(e)", - "AC-3(4)", - "AC-3(8)", - "AC-3(12)(a)", - "AC-3(13)", - "AC-3(15)(a)", - "AC-3(15)(b)", - "AC-4(28)", - "AC-7(4)", - "AC-7(4)(a)", - "AC-24", - "CM-5(1)(a)", - "CM-6a", - "CM-9b", - "IA-2(1)", - "IA-2(2)", - "IA-2(6)", - "IA-2(6)", - "IA-2(6)(a)", - "IA-2(8)", - "SC-23(3)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_s3/s3_account_level_public_access_blocks_periodic.guard", + "guardFilePath": "rules/aws/amazon_ec2/restricted_ssh.guard", "controls": [ - "AC-2(6)", - "AC-3", - "AC-3(7)", - "AC-4(21)", - "AC-6", "AC-17b", "AC-17(1)", "AC-17(1)", "AC-17(4)(a)", "AC-17(9)", "AC-17(10)", - "CM-6a", "CM-9b", - "MP-2", "SC-7a", - "SC-7b", "SC-7c", - "SC-7(2)", - "SC-7(3)", "SC-7(7)", - "SC-7(9)(a)", "SC-7(11)", "SC-7(12)", "SC-7(16)", - "SC-7(20)", "SC-7(21)", "SC-7(24)(b)", "SC-7(25)", "SC-7(26)", "SC-7(27)", - "SC-7(28)", - "SC-25" + "SC-7(28)" ] }, { @@ -2723,64 +1891,6 @@ "SC-23(3)" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_secret_periodic_rotation.guard", - "controls": [ - "AC-2(1)", - "AC-3(3)(a)", - "AC-3(3)(b)(1)", - "AC-3(3)(b)(2)", - "AC-3(3)(b)(3)", - "AC-3(3)(b)(4)", - "AC-3(3)(b)(5)", - "AC-3(3)(c)", - "AC-3(3)", - "AC-3(4)(a)", - "AC-3(4)(b)", - "AC-3(4)(c)", - "AC-3(4)(d)", - "AC-3(4)(e)", - "AC-3(4)", - "AC-3(8)", - "AC-3(12)(a)", - "AC-3(13)", - "AC-3(15)(a)", - "AC-3(15)(b)", - "AC-4(28)", - "AC-24", - "CM-5(1)(a)", - "SC-23(3)" - ] - }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_secret_unused.guard", - "controls": [ - "AC-2(1)", - "AC-3(3)(a)", - "AC-3(3)(b)(1)", - "AC-3(3)(b)(2)", - "AC-3(3)(b)(3)", - "AC-3(3)(b)(4)", - "AC-3(3)(b)(5)", - "AC-3(3)(c)", - "AC-3(3)", - "AC-3(4)(a)", - "AC-3(4)(b)", - "AC-3(4)(c)", - "AC-3(4)(d)", - "AC-3(4)(e)", - "AC-3(4)", - "AC-3(8)", - "AC-3(12)(a)", - "AC-3(13)", - "AC-3(15)(a)", - "AC-3(15)(b)", - "AC-4(28)", - "AC-24", - "CM-5(1)(a)", - "SC-23(3)" - ] - }, { "guardFilePath": "rules/aws/secrets_manager/secretsmanager_using_cmk.guard", "controls": [ @@ -2793,22 +1903,6 @@ "SI-19(4)" ] }, - { - "guardFilePath": "rules/aws/security_hub/securityhub_enabled.guard", - "controls": [ - "AU-6(1)", - "AU-6(5)", - "AU-12(3)", - "AU-14a", - "AU-14b", - "CA-2d", - "CA-7", - "CA-7b", - "PM-14a.1", - "PM-14b", - "PM-31" - ] - }, { "guardFilePath": "rules/aws/amazon_sns/sns_encrypted_kms.guard", "controls": [ @@ -2820,15 +1914,6 @@ "SC-28(1)" ] }, - { - "guardFilePath": "rules/aws/systems_manager/ssm_document_not_public.guard", - "controls": [ - "AC-3", - "AC-4(21)", - "CM-6a", - "SC-7(3)" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/subnet_auto_assign_public_ip_disabled.guard", "controls": [ @@ -2864,112 +1949,6 @@ "SC-25" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_default_security_group_closed.guard", - "controls": [ - "AC-4(21)", - "AC-17b", - "AC-17(1)", - "AC-17(1)", - "AC-17(4)(a)", - "AC-17(9)", - "AC-17(10)", - "CM-6a", - "CM-9b", - "SC-7a", - "SC-7c", - "SC-7(5)", - "SC-7(7)", - "SC-7(11)", - "SC-7(12)", - "SC-7(16)", - "SC-7(21)", - "SC-7(24)(b)", - "SC-7(25)", - "SC-7(26)", - "SC-7(27)", - "SC-7(28)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_flow_logs_enabled.guard", - "controls": [ - "AC-4(26)", - "AU-2b", - "AU-3a", - "AU-3b", - "AU-3c", - "AU-3d", - "AU-3e", - "AU-6(3)", - "AU-6(4)", - "AU-6(6)", - "AU-6(9)", - "AU-8b", - "AU-12a", - "AU-12c", - "AU-12(1)", - "AU-12(2)", - "AU-12(3)", - "AU-12(4)", - "AU-14a", - "AU-14b", - "AU-14b", - "AU-14(3)", - "CA-7b", - "CM-5(1)(b)", - "CM-6a", - "CM-9b", - "IA-3(3)(b)", - "MA-4(1)(a)", - "PM-14a.1", - "PM-14b", - "PM-31", - "SI-4(17)", - "SI-7(8)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_sg_open_only_to_authorized_ports.guard", - "controls": [ - "AC-4(21)", - "AC-17b", - "AC-17(1)", - "AC-17(1)", - "AC-17(4)(a)", - "AC-17(9)", - "AC-17(10)", - "SC-7a", - "SC-7c", - "SC-7(5)", - "SC-7(11)", - "SC-7(12)", - "SC-7(16)", - "SC-7(21)", - "SC-7(24)(b)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_vpn_2_tunnels_up.guard", - "controls": [ - "CP-1a.1(b)", - "CP-1a.2", - "CP-2a", - "CP-2a.6", - "CP-2a.7", - "CP-2d", - "CP-2e", - "CP-2(5)", - "CP-2(6)", - "CP-6(2)", - "CP-10", - "SC-5(2)", - "SC-6", - "SC-22", - "SC-36", - "SI-13(5)" - ] - }, { "guardFilePath": "rules/aws/aws_waf_v2/wafv2_logging_enabled.guard", "controls": [ @@ -3010,4 +1989,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/mappings/rule_set_nist_1800_25.json b/mappings/rule_set_nist_1800_25.json index e3e78cb..a660605 100644 --- a/mappings/rule_set_nist_1800_25.json +++ b/mappings/rule_set_nist_1800_25.json @@ -56,12 +56,6 @@ "PR.AC-1" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "PR.AC-1" - ] - }, { "guardFilePath": "rules/aws/amazon_ecs/ecs_task_definition_user_for_host_mode_check.guard", "controls": [ @@ -262,12 +256,6 @@ "PR.DS-1" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "PR.DS-1" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -280,24 +268,12 @@ "PR.DS-1" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "PR.DS-1" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ "PR.DS-1" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "PR.DS-1" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_default_encryption_kms.guard", "controls": [ @@ -353,12 +329,6 @@ "PR.DS-1" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "PR.DS-2" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/alb_http_to_https_redirection_check.guard", "controls": [ @@ -383,12 +353,6 @@ "PR.DS-2" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "PR.DS-2" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ @@ -416,7 +380,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "PR.IP-3" ] @@ -445,12 +409,6 @@ "PR.IP-4" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "PR.IP-4" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/db_instance_backup_enabled.guard", "controls": [ diff --git a/mappings/rule_set_nist_800_171.json b/mappings/rule_set_nist_800_171.json index d09e7bf..68b61d9 100644 --- a/mappings/rule_set_nist_800_171.json +++ b/mappings/rule_set_nist_800_171.json @@ -392,15 +392,6 @@ "3.13.1" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "3.1.13", - "3.5.10", - "3.13.1", - "3.13.8" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -410,14 +401,6 @@ "3.13.8" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "3.1.13", - "3.5.10", - "3.13.8" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ @@ -555,7 +538,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "3.13.2" ] @@ -596,12 +579,6 @@ "3.13.2" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "3.13.2" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ @@ -645,12 +622,6 @@ "3.13.16" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "3.13.16" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -663,12 +634,6 @@ "3.13.16" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "3.13.16" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -704,12 +669,6 @@ "controls": [ "3.14.3" ] - }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "3.14.6" - ] } ] } diff --git a/mappings/rule_set_nist_800_172.json b/mappings/rule_set_nist_800_172.json index 6327555..2c2f40e 100644 --- a/mappings/rule_set_nist_800_172.json +++ b/mappings/rule_set_nist_800_172.json @@ -17,12 +17,6 @@ "3.1.3e" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "3.1.3e" - ] - }, { "guardFilePath": "rules/aws/opensearch_service/elasticsearch_node_to_node_encryption_check.guard", "controls": [ @@ -43,12 +37,6 @@ "3.1.3e" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "3.1.3e" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -218,13 +206,6 @@ "3.5.2e" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "3.5.2e", - "3.5.2e" - ] - }, { "guardFilePath": "rules/aws/cloudtrail/cloud_trail_log_file_validation_enabled.guard", "controls": [ diff --git a/mappings/rule_set_nist_800_181.json b/mappings/rule_set_nist_800_181.json index 8abdca5..5cd596e 100644 --- a/mappings/rule_set_nist_800_181.json +++ b/mappings/rule_set_nist_800_181.json @@ -62,17 +62,6 @@ "T0960" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "T0008", - "T0017", - "T0051", - "T0065", - "T0070", - "T0162" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing/elb_cross_zone_load_balancing_enabled.guard", "controls": [ @@ -117,14 +106,6 @@ "T0162" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "T0017", - "T0416", - "T0553" - ] - }, { "guardFilePath": "rules/aws/cloudtrail/cloud_trail_encryption_enabled.guard", "controls": [ @@ -132,13 +113,6 @@ "T0553" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "T0017", - "T0553" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -191,23 +165,6 @@ "T0553" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "T0017", - "T0152", - "T0553" - ] - }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "T0017", - "T0152", - "T0416", - "T0553" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ @@ -434,14 +391,6 @@ "T0557" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "T0017", - "T0152", - "T0553" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -474,7 +423,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "T0017", "T0051", @@ -603,16 +552,6 @@ "T0609" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "T0144", - "T0195", - "T0262", - "T0284", - "T0609" - ] - }, { "guardFilePath": "rules/aws/amazon_emr/emr_kerberos_enabled.guard", "controls": [ diff --git a/mappings/rule_set_nist_csf.json b/mappings/rule_set_nist_csf.json index 7c35064..dd93043 100644 --- a/mappings/rule_set_nist_csf.json +++ b/mappings/rule_set_nist_csf.json @@ -145,16 +145,6 @@ "RC.RP-1" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "ID.BE-5", - "PR.DS-4", - "PR.IP-4", - "PR.PT-5", - "RC.RP-1" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing/elb_cross_zone_load_balancing_enabled.guard", "controls": [ @@ -165,7 +155,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "ID.BE-5", "PR.DS-4", @@ -314,12 +304,6 @@ "PR.AC-1" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "PR.AC-1" - ] - }, { "guardFilePath": "rules/aws/amazon_ecs/ecs_task_definition_user_for_host_mode_check.guard", "controls": [ @@ -517,12 +501,6 @@ "PR.DS-1" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "PR.DS-1" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -535,24 +513,12 @@ "PR.DS-1" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "PR.DS-1" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ "PR.DS-1" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "PR.DS-1" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_default_encryption_kms.guard", "controls": [ @@ -601,12 +567,6 @@ "PR.DS-1" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "PR.DS-2" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/alb_http_to_https_redirection_check.guard", "controls": [ @@ -631,12 +591,6 @@ "PR.DS-2" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "PR.DS-2" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ @@ -688,12 +642,6 @@ "PR.PT-1" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "PR.PT-1" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_enhanced_monitoring_enabled.guard", "controls": [ diff --git a/mappings/rule_set_nist_privacy_framework.json b/mappings/rule_set_nist_privacy_framework.json index dd23852..e9667f7 100644 --- a/mappings/rule_set_nist_privacy_framework.json +++ b/mappings/rule_set_nist_privacy_framework.json @@ -12,13 +12,6 @@ "PR.DS-P2" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "CT.DM-P7", - "PR.DS-P2" - ] - }, { "guardFilePath": "rules/aws/opensearch_service/elasticsearch_node_to_node_encryption_check.guard", "controls": [ @@ -39,12 +32,6 @@ "PR.DS-P2" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "CT.DM-P7" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -430,12 +417,6 @@ "PR.DS-P1" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "PR.DS-P1" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -448,24 +429,12 @@ "PR.DS-P1" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "PR.DS-P1" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ "PR.DS-P1" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "PR.DS-P1" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_default_encryption_kms.guard", "controls": [ @@ -529,7 +498,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "PR.DS-P4", "PR.PO-P1", @@ -586,15 +555,6 @@ "PR.PO-P3" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "PR.DS-P4", - "PR.PO-P3", - "PR.PO-P7", - "PR.PT-P4" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ diff --git a/mappings/rule_set_nzism.json b/mappings/rule_set_nzism.json index 96f20de..93fd6f8 100644 --- a/mappings/rule_set_nzism.json +++ b/mappings/rule_set_nzism.json @@ -104,12 +104,6 @@ "2082" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "2082" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -144,14 +138,6 @@ "4839" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "2082", - "4441", - "4839" - ] - }, { "guardFilePath": "rules/aws/opensearch_service/elasticsearch_encrypted_at_rest.guard", "controls": [ @@ -160,13 +146,6 @@ "4839" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "2091", - "4839" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/restricted_ssh.guard", "controls": [ @@ -357,12 +336,6 @@ "4849" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "4849" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_instance_deletion_protection_enabled.guard", "controls": [ diff --git a/mappings/rule_set_pci_dss_3_2_1.json b/mappings/rule_set_pci_dss_3_2_1.json index 6e1f590..ed450d5 100644 --- a/mappings/rule_set_pci_dss_3_2_1.json +++ b/mappings/rule_set_pci_dss_3_2_1.json @@ -18,19 +18,6 @@ "2.2.2" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ebs_snapshot_public_restorable_check.guard", - "controls": [ - "1.2", - "1.2.1", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "2.2.2" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/ec2_instance_no_public_ip.guard", "controls": [ @@ -132,19 +119,6 @@ "2.2.2" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshots_public_prohibited.guard", - "controls": [ - "1.2", - "1.2.1", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "2.2.2" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_public_access_check.guard", "controls": [ @@ -170,20 +144,6 @@ "2.2.2" ] }, - { - "guardFilePath": "rules/aws/amazon_s3/s3_account_level_public_access_blocks_periodic.guard", - "controls": [ - "1.2", - "1.2.1", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "2.2", - "2.2.2" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_public_read_prohibited.guard", "controls": [ @@ -238,30 +198,6 @@ "2.2.2" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_default_security_group_closed.guard", - "controls": [ - "1.2", - "1.2.1", - "1.3", - "1.3.1", - "1.3.2", - "2.1", - "2.2", - "2.2.2" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_sg_open_only_to_authorized_ports.guard", - "controls": [ - "1.2", - "1.2.1", - "1.3", - "1.3.1", - "1.3.2", - "2.2.2" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_level_public_access_prohibited.guard", "controls": [ @@ -286,19 +222,6 @@ "2.2.2" ] }, - { - "guardFilePath": "rules/aws/systems_manager/ssm_document_not_public.guard", - "controls": [ - "1.2", - "1.2.1", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "2.2.2" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2_auto_scaling/autoscaling_launch_config_public_ip_disabled.guard", "controls": [ @@ -321,18 +244,6 @@ "1.3.2" ] }, - { - "guardFilePath": "rules/aws/iam/access_keys_rotated.guard", - "controls": [ - "2.2" - ] - }, - { - "guardFilePath": "rules/aws/aws_organizations/account_part_of_organizations.guard", - "controls": [ - "2.2" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2_auto_scaling/autoscaling_group_elb_healthcheck_required.guard", "controls": [ @@ -402,14 +313,6 @@ "3.6.4" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "2.2", - "3.4", - "8.2.1" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/encrypted_volumes.guard", "controls": [ @@ -438,25 +341,6 @@ "7.2.2" ] }, - { - "guardFilePath": "rules/aws/iam/iam_root_access_key_check.guard", - "controls": [ - "2.2", - "7.1.2", - "7.2.1", - "8.1.1" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_user_group_membership_check.guard", - "controls": [ - "2.2", - "7.1.2", - "7.1.3", - "7.2.1", - "7.2.2" - ] - }, { "guardFilePath": "rules/aws/iam/iam_user_no_policies_check.guard", "controls": [ @@ -468,22 +352,7 @@ ] }, { - "guardFilePath": "rules/aws/iam/iam_user_unused_credentials_check.guard", - "controls": [ - "2.2", - "7.2.1", - "8.1.4" - ] - }, - { - "guardFilePath": "rules/aws/iam/mfa_enabled_for_iam_console_access.guard", - "controls": [ - "2.2", - "8.3" - ] - }, - { - "guardFilePath": "rules/aws/cloudtrail/multi_region_cloudtrail_enabled.guard", + "guardFilePath": "rules/aws/cloudtrail/multi_region_cloud_trail_enabled.guard", "controls": [ "2.2", "10.1", @@ -502,20 +371,6 @@ "10.3.6" ] }, - { - "guardFilePath": "rules/aws/iam/root_account_hardware_mfa_enabled.guard", - "controls": [ - "2.2", - "8.3" - ] - }, - { - "guardFilePath": "rules/aws/iam/root_account_mfa_enabled.guard", - "controls": [ - "2.2", - "8.3" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_logging_enabled.guard", "controls": [ @@ -559,18 +414,6 @@ "8.2.1" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/vpc_flow_logs_enabled.guard", - "controls": [ - "2.2", - "10.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/ec2_instance_profile_attached.guard", "controls": [ @@ -587,14 +430,6 @@ "8.2.1" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "2.3", - "4.1", - "8.2.1" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing/elb_predefined_security_policy_ssl_check.guard", "controls": [ @@ -611,19 +446,6 @@ "8.2.1" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "2.3", - "4.1" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_instance_managed_by_systems_manager.guard", - "controls": [ - "2.4" - ] - }, { "guardFilePath": "rules/aws/cloudwatch/cw_loggroup_retention_period_check.guard", "controls": [ @@ -632,7 +454,7 @@ ] }, { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_cache_enabled_and_encrypted.guard", + "guardFilePath": "rules/aws/api_gateway/api_gw_cache_enabled_and_encrypted.guard", "controls": [ "3.4" ] @@ -664,13 +486,6 @@ "8.2.1" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "3.4", - "8.2.1" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -697,13 +512,6 @@ "10.3.6" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "3.4", - "8.2.1" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_default_encryption_kms.guard", "controls": [ @@ -740,26 +548,6 @@ "3.6" ] }, - { - "guardFilePath": "rules/aws/iam/iam_customer_policy_blocked_kms_actions.guard", - "controls": [ - "3.5.2", - "7.1.2", - "7.1.3", - "7.2.1", - "7.2.2" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_inline_policy_blocked_kms_actions.guard", - "controls": [ - "3.5.2", - "7.1.2", - "7.1.3", - "7.2.1", - "7.2.2" - ] - }, { "guardFilePath": "rules/aws/aws_certificate_manager/acm_certificate_expiration_check.guard", "controls": [ @@ -792,26 +580,6 @@ "4.1" ] }, - { - "guardFilePath": "rules/aws/guardduty/guardduty_enabled_centralized.guard", - "controls": [ - "5.1.2", - "6.1", - "11.4" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_managedinstance_association_compliance_status_check.guard", - "controls": [ - "6.2" - ] - }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_managedinstance_patch_compliance_status_check.guard", - "controls": [ - "6.2" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_automatic_minor_version_upgrade_enabled.guard", "controls": [ @@ -830,21 +598,6 @@ "6.6" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "6.6" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_group_has_users_check.guard", - "controls": [ - "7.1.2", - "7.1.3", - "7.2.1", - "7.2.2" - ] - }, { "guardFilePath": "rules/aws/iam/iam_policy_no_statements_with_full_access.guard", "controls": [ @@ -890,20 +643,6 @@ "8.2.1" ] }, - { - "guardFilePath": "rules/aws/iam/iam_password_policy.guard", - "controls": [ - "8.2.3", - "8.2.4", - "8.2.5" - ] - }, - { - "guardFilePath": "rules/aws/iam/iam_user_mfa_enabled.guard", - "controls": [ - "8.3" - ] - }, { "guardFilePath": "rules/aws/api_gateway_v2/api_gw_execution_logging_enabled.guard", "controls": [ @@ -918,7 +657,7 @@ ] }, { - "guardFilePath": "rules/aws/cloudtrail/cloudtrail_enabled.guard", + "guardFilePath": "rules/aws/cloudtrail/cloud_trail_enabled.guard", "controls": [ "10.1", "10.2.1", @@ -1003,4 +742,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/mappings/rule_set_rbi_bcsf_ucb.json b/mappings/rule_set_rbi_bcsf_ucb.json index 0a70af0..35033d9 100644 --- a/mappings/rule_set_rbi_bcsf_ucb.json +++ b/mappings/rule_set_rbi_bcsf_ucb.json @@ -35,12 +35,6 @@ "Annex_I(1.3)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "Annex_I(1.3)" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ @@ -71,12 +65,6 @@ "Annex_I(1.3)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "Annex_I(1.3)" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -119,12 +107,6 @@ "Annex_I(1.3)" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "Annex_I(1.3)" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ @@ -138,12 +120,6 @@ "Annex_I(7.4)" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "Annex_I(1.3)" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ @@ -217,12 +193,6 @@ "Annex_I(1.3)" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "Annex_I(1.3)" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/subnet_auto_assign_public_ip_disabled.guard", "controls": [ @@ -284,12 +254,6 @@ "Annex_I(5.1)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "Annex_I(5.1)" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/restricted_ssh.guard", "controls": [ @@ -411,12 +375,6 @@ "Annex_I(12)" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "Annex_I(12)" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ diff --git a/mappings/rule_set_rbi_md_itf.json b/mappings/rule_set_rbi_md_itf.json index 6a6ce5f..1ba4bf5 100644 --- a/mappings/rule_set_rbi_md_itf.json +++ b/mappings/rule_set_rbi_md_itf.json @@ -57,13 +57,6 @@ "8.I" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "3.1(c )", - "8.I" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/alb_waf_enabled.guard", "controls": [ @@ -148,12 +141,6 @@ "3.1(i)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "3.1(i)" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/elbv2_acm_certificate_required.guard", "controls": [ @@ -172,12 +159,6 @@ "3.1(i)" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "3.1(i)" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ @@ -219,7 +200,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "4.4(h)", "8.1" @@ -432,12 +413,6 @@ "8.IX" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "8.IX" - ] - }, { "guardFilePath": "rules/aws/amazon_redshift/redshift_backup_enabled.guard", "controls": [ diff --git a/mappings/rule_set_us_nydfs.json b/mappings/rule_set_us_nydfs.json index e7cf463..cee21f6 100644 --- a/mappings/rule_set_us_nydfs.json +++ b/mappings/rule_set_us_nydfs.json @@ -120,20 +120,6 @@ "500.15(a)" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "500.02(a)", - "500.15(a)" - ] - }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "500.02(a)", - "500.15(a)" - ] - }, { "guardFilePath": "rules/aws/elastic_load_balancing_v2/alb_http_drop_invalid_header_enabled.guard", "controls": [ @@ -168,7 +154,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "500.02(a)" ] @@ -197,13 +183,6 @@ "500.02(a)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "500.02(a)", - "500.15(a)" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2_auto_scaling/autoscaling_group_elb_healthcheck_required.guard", "controls": [ @@ -387,12 +366,6 @@ "500.02(b)(2)" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "500.02(b)(2)" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/no_unrestricted_route_to_igw.guard", "controls": [ @@ -494,12 +467,6 @@ "500.02(b)(5)" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "500.02(b)(5)" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_replication_enabled.guard", "controls": [ @@ -543,12 +510,6 @@ "500.07" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "500.07" - ] - }, { "guardFilePath": "rules/aws/codebuild/codebuild_project_envvar_awscred_check.guard", "controls": [ diff --git a/mappings/rule_set_wa-Reliability-Pillar.json b/mappings/rule_set_wa-Reliability-Pillar.json index 781feea..6e86217 100644 --- a/mappings/rule_set_wa-Reliability-Pillar.json +++ b/mappings/rule_set_wa-Reliability-Pillar.json @@ -115,12 +115,6 @@ "REL-9" ] }, - { - "guardFilePath": "rules/aws/elasticache/elasticache_redis_cluster_automatic_backup_check.guard", - "controls": [ - "REL-9" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_replication_enabled.guard", "controls": [ @@ -158,7 +152,7 @@ ] }, { - "guardFilePath": "rules/aws/elastic_load_balancing/elb_deletion_protection_enabled.guard", + "guardFilePath": "rules/aws/elastic_load_balancing_v2/elb_deletion_protection_enabled.guard", "controls": [ "REL-10" ] diff --git a/mappings/rule_set_wa-Security-Pillar.json b/mappings/rule_set_wa-Security-Pillar.json index 883e28f..ff64b07 100644 --- a/mappings/rule_set_wa-Security-Pillar.json +++ b/mappings/rule_set_wa-Security-Pillar.json @@ -49,24 +49,6 @@ "SEC-2.4" ] }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_scheduled_rotation_success_check.guard", - "controls": [ - "SEC-2.4" - ] - }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_secret_periodic_rotation.guard", - "controls": [ - "SEC-2.4" - ] - }, - { - "guardFilePath": "rules/aws/secrets_manager/secretsmanager_secret_unused.guard", - "controls": [ - "SEC-2.4" - ] - }, { "guardFilePath": "rules/aws/secrets_manager/secretsmanager_using_cmk.guard", "controls": [ @@ -282,13 +264,6 @@ "SEC-5.5" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_associated_with_waf.guard", - "controls": [ - "SEC-5.3", - "SEC-5.5" - ] - }, { "guardFilePath": "rules/aws/amazon_ec2/no_unrestricted_route_to_igw.guard", "controls": [ @@ -355,12 +330,6 @@ "SEC-8.3" ] }, - { - "guardFilePath": "rules/aws/amazon_ec2/ec2_ebs_encryption_by_default.guard", - "controls": [ - "SEC-8.3" - ] - }, { "guardFilePath": "rules/aws/amazon_efs/efs_encrypted_check.guard", "controls": [ @@ -379,24 +348,12 @@ "SEC-8.3" ] }, - { - "guardFilePath": "rules/aws/amazon_rds/rds_snapshot_encrypted.guard", - "controls": [ - "SEC-8.3" - ] - }, { "guardFilePath": "rules/aws/amazon_rds/rds_storage_encrypted.guard", "controls": [ "SEC-8.3" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_cluster_kms_enabled.guard", - "controls": [ - "SEC-8.3" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_server_side_encryption_enabled.guard", "controls": [ @@ -464,13 +421,6 @@ "SEC-9.3" ] }, - { - "guardFilePath": "rules/aws/api_gateway_v2/api_gw_ssl_enabled.guard", - "controls": [ - "SEC-9.3", - "SEC-9.4" - ] - }, { "guardFilePath": "rules/aws/opensearch_service/elasticsearch_node_to_node_encryption_check.guard", "controls": [ @@ -484,13 +434,6 @@ "SEC-9.4" ] }, - { - "guardFilePath": "rules/aws/amazon_redshift/redshift_require_tls_ssl.guard", - "controls": [ - "SEC-9.3", - "SEC-9.4" - ] - }, { "guardFilePath": "rules/aws/amazon_s3/s3_bucket_ssl_requests_only.guard", "controls": [ diff --git a/rules/aws/aws_dms/dms_replication_not_public.guard b/rules/aws/aws_dms/dms_replication_not_public.guard index 5a5e769..552322f 100644 --- a/rules/aws/aws_dms/dms_replication_not_public.guard +++ b/rules/aws/aws_dms/dms_replication_not_public.guard @@ -21,14 +21,16 @@ # a) SKIP: when there is no DMS Replication Instance present # b) FAIL: When DMS Replication Instance is present and PubliclyAccessible property is set to true # c) PASS: When DMS Replication Instance is present and PubliclyAccessible property is set to false -# c) PASS: When DMS Replication Instance is present and PubliclyAccessible property is not set -# d) SKIP: when metada has rule suppression for DMS_REPLICATION_NOT_PUBLIC +# c) FAIL: When DMS Replication Instance is present and PubliclyAccessible property is not set +# d) SKIP: when metadata has rule suppression for DMS_REPLICATION_NOT_PUBLIC or cfn_nag W91 # -# Select all Redshift cluster resources from incoming template +# Select all DMS ReplicationInstance resources from incoming template # let dms_replication_instances = Resources.*[ Type == 'AWS::DMS::ReplicationInstance' + Metadata.cfn_nag.rules_to_suppress not exists or + Metadata.cfn_nag.rules_to_suppress.*.id != "W91" Metadata.guard.SuppressedRules not exists or Metadata.guard.SuppressedRules.* != "DMS_REPLICATION_NOT_PUBLIC" ] @@ -38,6 +40,6 @@ rule DMS_REPLICATION_NOT_PUBLIC when %dms_replication_instances !empty { %dms_replication_instances.Properties.PubliclyAccessible == false << Violation: AWS Database Migration Service replication instances should not be public. - Fix: Set the DMS Replication Instance property PubliclyAccessible parameter to true. + Fix: Set the DMS Replication Instance property PubliclyAccessible parameter to false. >> -} \ No newline at end of file +} diff --git a/rules/aws/aws_dms/tests/dms_replication_not_public_tests.yml b/rules/aws/aws_dms/tests/dms_replication_not_public_tests.yml index 0ba0f3a..2f2a345 100644 --- a/rules/aws/aws_dms/tests/dms_replication_not_public_tests.yml +++ b/rules/aws/aws_dms/tests/dms_replication_not_public_tests.yml @@ -50,18 +50,55 @@ rules: DMS_REPLICATION_NOT_PUBLIC: FAIL -- name: DMS Replication Instance property PublicAccessible set to true but rule suppress, SKIP +- name: CFN_NAG suppression for W91 input: Resources: BasicReplicationInstance: Type: "AWS::DMS::ReplicationInstance" + Properties: + ReplicationInstanceClass: dms.t2.small + PubliclyAccessible: true + Metadata: + cfn_nag: + rules_to_suppress: + - id: W91 + reason: Suppressed to test suppression works and skips this test + expectations: + rules: + DMS_REPLICATION_NOT_PUBLIC: SKIP + +- name: Guard suppression for DMS_REPLICATION_NOT_PUBLIC + input: + Resources: + BasicReplicationInstance: + Type: "AWS::DMS::ReplicationInstance" + Properties: + ReplicationInstanceClass: dms.t2.small + PubliclyAccessible: true Metadata: guard: SuppressedRules: - DMS_REPLICATION_NOT_PUBLIC + expectations: + rules: + DMS_REPLICATION_NOT_PUBLIC: SKIP + +- name: Guard and CFN_NAG suppression for W91 & DMS_REPLICATION_NOT_PUBLIC + input: + Resources: + BasicReplicationInstance: + Type: "AWS::DMS::ReplicationInstance" Properties: ReplicationInstanceClass: dms.t2.small - PubliclyAccessible: false + PubliclyAccessible: true + Metadata: + cfn_nag: + rules_to_suppress: + - id: W91 + reason: Suppressed to test suppression works and skips this test + guard: + SuppressedRules: + - DMS_REPLICATION_NOT_PUBLIC expectations: rules: - DMS_REPLICATION_NOT_PUBLIC: SKIP \ No newline at end of file + DMS_REPLICATION_NOT_PUBLIC: SKIP