galenatjpl
commented
2 weeks ago This is fixed for the U-CS MC bucket
Open GodwinShen opened 1 month ago
galenatjpl
commented
2 weeks ago This is fixed for the U-CS MC bucket
The S3 general purpose buckets should require requests to use SSL control is defined as follows: [S3.5] This control checks whether an Amazon S3 general purpose bucket has a policy that requires requests to use SSL. The control fails if the bucket policy doesn't require requests to use SSL. Remediation instructions S3 buckets should have policies that require all requests (Action: S3:*) to only accept transmission of data over HTTPS in the S3 resource policy, indicated by the condition key aws:SecureTransport.
Several resources were identify as non-compliant, see the list in: https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-4081