search

aws-solutions / automated-security-response-on-aws

Automated Security Response on AWS is an add-on solution that works with AWS Security Hub to provide a ready-to-deploy architecture and a library of automated playbooks. The solution makes it easier for AWS Security Hub customers to resolve common security findings and to improve their security posture in AWS.
https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/
Apache License 2.0
359 stars 102 forks source link

Addition of remediation runbooks that map to AFSBP, NIST SP 800-53 Rev. 5, PCI-DSS, CIS V1.2.0 and CIS V1.4.0 standards #169

Open rakshb opened 1 year ago

rakshb commented 1 year ago
  1. | EC2.8 | Amazon EC2 instances should use Instance Metadata Service Version 2 (IMDSv2) | Applicable standards: AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5
  2. | S3.11 | S3 buckets should have event notifications enabled | Applicable standards: AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5
  3. | SecretsManager.4 | Secrets Manager secrets should be rotated within a specified number of days | Applicable standards: AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5
  4. | SSM.1 | Amazon EC2 instances should be managed by AWS Systems Manager | Applicable standards: AWS Foundational Security Best Practices v1.0.0, PCI DSS v3.2.1, NIST SP 800-53 Rev. 5
  5. | S3.9 | S3 bucket server access logging should be enabled | Applicable standards: AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5
  6. | IAM.3 | IAM users' access keys should be rotated every 90 days or less | Applicable standards: CIS AWS Foundations Benchmark v1.2.0, AWS Foundational Security Best Practices v1.0.0, CIS AWS Foundations Benchmark v1.4.0, NIST SP 800-53 Rev. 5
  7. | S3.13 | S3 buckets should have lifecycle policies configured | Applicable standards: AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5
  8. | CodeBuild.5 | CodeBuild project environments should not have privileged mode enabled | Applicable standards: AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5
  9. | EC2.17 | Amazon EC2 instances should not use multiple ENIs | Applicable standards: AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5
  10. | EC2.18 | Security groups should only allow unrestricted incoming traffic for authorized ports | Applicable standards: AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5
  11. | EC2.3 | Attached Amazon EBS volumes should be encrypted at-rest | Applicable standards: AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5
  12. | SecretsManager.1 | Secrets Manager secrets should have automatic rotation enabled | Applicable standards: AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5
  13. | SSM.4 | SSM documents should not be public | Applicable standards: AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5
  14. | CloudFront.1 | CloudFront distributions should have a default root object configured | Applicable standards: AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5