The Center for Internet Security (CIS) is a nonprofit that publishes a benchmark — a set of security configuration best practices for AWS.
To read more about CIS AWS Foundations Benchmark, please visit CIS AWS home page .
CIS AWS v1.5.0 non-compliance issues (156)
| Severity | Non-Compliance | Region | Resource | Issue | Remediation | Read more | Action | |
|---|---|---|---|---|---|---|---|---|
| EC2 | Medium | CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption) | us-east-1 | vol-004919a0d32e05d34 | No EBS encryption found. | Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt. | More info | |
| EC2 | Medium | CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption) | us-east-1 | vol-074257a397fadc9ec | No EBS encryption found. | Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | us-east-1 | sg-0be4454dc243daa89 | Default security group with 2 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | us-east-1 | sg-0cf4e19eb2fc096da | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | us-east-1 | sg-0f1857e87433d40ce | Default security group with 2 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | us-east-2 | sg-0350acc1c67617b6d | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | us-east-2 | sg-071bb37c316ae7808 | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | us-east-2 | sg-0a8cef89f1e98930c | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | us-east-2 | sg-0cbbda7c | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | us-east-2 | sg-0fa59556ef2020a9e | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | us-west-1 | sg-f46b0b82 | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Medium | CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption) | us-west-2 | vol-05830c14eadc21ea2 | No EBS encryption found. | Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt. | More info | |
| EC2 | Medium | CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption) | us-west-2 | vol-06d98619c32de5968 | No EBS encryption found. | Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt. | More info | |
| EC2 | Medium | CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption) | us-west-2 | vol-0ee3ff4a2100dc2f3 | No EBS encryption found. | Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt. | More info | |
| EC2 | Medium | CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption) | us-west-2 | vol-0dbacadab7b315e80 | No EBS encryption found. | Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt. | More info | |
| EC2 | Medium | CIS 2.2.1 PCI DSS 3.5 HIPAA (Encryption) | us-west-2 | vol-0987ccd97176d01ee | No EBS encryption found. | Enable EBS encryption, either using encryption by default or by enabling encryption when you create a volume that you want to encrypt. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | us-west-2 | sg-08a4e95779202da87 | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | us-west-2 | sg-0d2059d6f62212dde | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | us-west-2 | sg-0d21142c1e8c610f7 | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | us-west-2 | sg-b7f7f595 | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | ap-south-1 | sg-3d5f1d44 | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | ap-northeast-2 | sg-34ef8e4c | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | ap-southeast-1 | sg-7ffd8e36 | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | ap-southeast-2 | sg-a4bacfef | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | ap-northeast-1 | sg-68a91027 | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | ca-central-1 | sg-19392c7e | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | eu-central-1 | sg-577d7728 | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | eu-west-1 | sg-d77d858c | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | eu-west-2 | sg-dc55b6a4 | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | eu-west-3 | sg-48a3d32a | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | eu-north-1 | sg-3e01de5d | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| EC2 | Low | CIS 5.4 PCI DSS (Networking) HIPAA (Networking) | sa-east-1 | sg-07b33375 | Default security group with 1 inbound and 1 outbound rules. | Review inbound and outbound rules for any default security group. | More info | |
| VPC | Medium | CIS 3.9 PCI DSS 10.2 HIPAA (Audit) | us-east-1 | vpc-07f3b77c454b3c310 | VPC Flow Logs are disabled. | Ensure VPC flow logging is enabled in all VPCs. | More info | |
| VPC | Medium | CIS 3.9 PCI DSS 10.2 HIPAA (Audit) | us-east-1 | vpc-071a12f8ec7613303 | VPC Flow Logs are disabled. | Ensure VPC flow logging is enabled in all VPCs. | More info | |
| VPC | Medium | CIS 3.9 PCI DSS 10.2 HIPAA (Audit) | us-east-1 | vpc-073764f023b9a5efc | VPC Flow Logs are disabled. | Ensure VPC flow logging is enabled in all VPCs. | More info | |
| VPC | Medium | CIS 3.9 PCI DSS 10.2 HIPAA (Audit) | us-east-2 | vpc-02585025ab31219f8 | VPC Flow Logs are disabled. | Ensure VPC flow logging is enabled in all VPCs. | More info | |
| VPC | Medium | CIS 3.9 PCI DSS 10.2 HIPAA (Audit) | us-east-2 | vpc-0d6a54312c6027726 | VPC Flow Logs are disabled. | Ensure VPC flow logging is enabled in all VPCs. | More info | |
| VPC | Medium | CIS 3.9 PCI DSS 10.2 HIPAA (Audit) | us-east-2 | vpc-0c15019aee6c8423e | VPC Flow Logs are disabled. | Ensure VPC flow logging is enabled in all VPCs. | More info | |
| VPC | Medium | CIS 3.9 PCI DSS 10.2 HIPAA (Audit) | us-west-1 | vpc-72ea2314 | VPC Flow Logs are disabled. | Ensure VPC flow logging is enabled in all VPCs. | More info | |
| VPC | Medium | CIS 3.9 PCI DSS 10.2 HIPAA (Audit) | us-west-2 | vpc-033848556cef01aca | VPC Flow Logs are disabled. | Ensure VPC flow logging is enabled in all VPCs. | More info | |
| VPC | Medium | CIS 3.9 PCI DSS 10.2 HIPAA (Audit) | us-west-2 | vpc-0ed42ee2ea7505377 | VPC Flow Logs are disabled. | Ensure VPC flow logging is enabled in all VPCs. | More info | |
| VPC | Medium | CIS 3.9 PCI DSS 10.2 HIPAA (Audit) | us-west-2 | vpc-05461e6842795a02d | VPC Flow Logs are disabled. | Ensure VPC flow logging is enabled in all VPCs. | More info | |
| S3 | Medium | CIS 2.1.2 PCI DSS 4.2 HIPAA (Encryption) | us-east-1 | cf-templates-lqa4fy3xqyy2-us-west-2 | Amazon S3 bucket policy was not found. | Add S3 bucket policy to require encryption during data transit. To be compliant, the policy should explicitly deny access to HTTP requests. | More info | |
| S3 | Medium | CIS 2.1.1 PCI DSS 3.5 HIPAA (Encryption) | us-east-1 | elasticbeanstalk-us-east-1-531239714189 | Amazon S3 bucket server-side encryption is disabled. | Enable server-side encryption for S3 buckets to protect your data. | More info | |
| S3 | Medium | CIS 2.1.2 PCI DSS 4.2 HIPAA (Encryption) | us-east-1 | elasticbeanstalk-us-east-1-531239714189 | Amazon S3 bucket policy was not found. | Add S3 bucket policy to require encryption during data transit. To be compliant, the policy should explicitly deny access to HTTP requests. | More info | |
| S3 | Medium | CIS 2.1.2 PCI DSS 4.2 HIPAA (Encryption) | us-east-1 | test-collector | Amazon S3 bucket policy was not found. | Add S3 bucket policy to require encryption during data transit. To be compliant, the policy should explicitly deny access to HTTP requests. | More info | |
| S3 | Medium | CIS 2.1.2 PCI DSS 4.2 HIPAA (Encryption) | us-east-1 | test-resources | Amazon S3 bucket policy was not found. | Add S3 bucket policy to require encryption during data transit. To be compliant, the policy should explicitly deny access to HTTP requests. | More info | |
| S3 | Medium | CIS 2.1.2 PCI DSS 4.2 HIPAA (Encryption) | us-east-1 | test-scanner | Amazon S3 bucket policy was not found. | Add S3 bucket policy to require encryption during data transit. To be compliant, the policy should explicitly deny access to HTTP requests. | More info | |
| S3 | Medium | CIS 2.1.2 PCI DSS 4.2 HIPAA (Encryption) | us-east-1 | test-update | Amazon S3 bucket policy was not found. | Add S3 bucket policy to require encryption during data transit. To be compliant, the policy should explicitly deny access to HTTP requests. | More info | |
| IAM | Medium | CIS 1.5 PCI DSS 8.4 | us-east-1 | IAM | The root user does not use any Multi-factor authentication (MFA) device. | Enable an MFA device for AWS account root user. | More info | |
| IAM | Medium | CIS 1.10 PCI DSS 8.4 | us-east-1 | Rony | IAM user "Rony" does not have Multi-factor authentication (MFA) enabled. | PCI DSS Requirement 8.3: Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access. | More info | |
| IAM | Low | CIS 1.11 | us-east-1 | Rony | IAM user "Rony" has both an access key for programmatic access and a password to sign-in to the AWS Management Console. | Consider creating a separate IAM user for programmatic access. | More info | |
| IAM | Medium | CIS 1.10 PCI DSS 8.4 | us-east-1 | Sergei | IAM user "Sergei" does not have Multi-factor authentication (MFA) enabled. | PCI DSS Requirement 8.3: Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access. | More info | |
| IAM | Low | CIS 1.11 | us-east-1 | Sergei | IAM user "Sergei" has both an access key for programmatic access and a password to sign-in to the AWS Management Console. | Consider creating a separate IAM user for programmatic access. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | us-east-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | us-east-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | us-east-1 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | us-east-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | us-east-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | us-east-1 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | us-east-2 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | us-east-2 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | us-east-2 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | us-east-2 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | us-east-2 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | us-east-2 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | us-west-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | us-west-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | us-west-1 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | us-west-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | us-west-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | us-west-1 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | us-west-2 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | us-west-2 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | us-west-2 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | us-west-2 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | us-west-2 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Critical | CIS 3.4 | us-west-2 | test-trail | CloudTrail trail is not using CloudWatch Logs to monitor your trail logs and notify you when suspicious activity occurs. | Configure your CloudTrail trail to send events to CloudWatch Logs: specify an existing CloudWatch Logs log group, or create a new one to which to send your events. | More info | |
| CloudTrail | Medium | CIS 3.1 | ap-east-1 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | ap-south-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | ap-south-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | ap-south-1 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | ap-south-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | ap-south-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | ap-south-1 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | ap-northeast-2 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | ap-northeast-2 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | ap-northeast-2 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | ap-northeast-2 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | ap-northeast-2 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | ap-northeast-2 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | ap-southeast-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | ap-southeast-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | ap-southeast-1 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | ap-southeast-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | ap-southeast-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | ap-southeast-1 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | ap-southeast-2 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | ap-southeast-2 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | ap-southeast-2 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | ap-southeast-2 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | ap-southeast-2 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | ap-southeast-2 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | ap-northeast-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | ap-northeast-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | ap-northeast-1 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | ap-northeast-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | ap-northeast-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | ap-northeast-1 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | ca-central-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | ca-central-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | ca-central-1 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | ca-central-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | ca-central-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | ca-central-1 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | eu-central-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | eu-central-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | eu-central-1 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | eu-central-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | eu-central-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | eu-central-1 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | eu-west-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | eu-west-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | eu-west-1 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | eu-west-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | eu-west-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | eu-west-1 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | eu-west-2 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | eu-west-2 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | eu-west-2 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | eu-west-2 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | eu-west-2 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | eu-west-2 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | eu-west-3 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | eu-west-3 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | eu-west-3 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | eu-west-3 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | eu-west-3 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | eu-west-3 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | eu-north-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | eu-north-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | eu-north-1 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | eu-north-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | eu-north-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | eu-north-1 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Medium | CIS 3.1 | me-south-1 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | sa-east-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | sa-east-1 | my-trail | S3 bucket "prevasio-test-bucket" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Low | CIS 3.4 | sa-east-1 | test-trail | CloudTrail is not configured to send logs to CloudWatch Logs for real-time analysis. | Ensure CloudTrail trails are integrated with Amazon CloudWatch Logs. | More info | |
| CloudTrail | Low | CIS 3.6 PCI DSS 10.2 HIPAA (Audit) | sa-east-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has Server access logging disabled. | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket. | More info | |
| CloudTrail | Low | CIS 2.1.3 | sa-east-1 | test-trail | S3 bucket "aws-cloudtrail-logs-531239714189-8b5cd0ac" is used by CloudTrail and has MFA delete disabled in the bucket versioning configuration. | Add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) delete. | More info | |
| CloudTrail | Medium | CIS 3.1 | sa-east-1 | CloudTrail | No CloudTrail trails found for this region. | Create a CloudTrail trail to meet your governance, compliance, and auditing needs for your AWS accounts. | More info | |
| Key Management Service | Critical | CIS 3.8 PCI DSS 3.7.4 | us-east-1 | e92b32e6-a563-42c7-b0cc-c9a09cc3fec8 | Customer managed key (CMK) "my-key" has key rotation disabled. | PCI DSS Requirement 3.6 states that you must rotate the keys at the end of their defined cryptoperiod. CIS Control 2.8: Ensure rotation for customer-created CMKs is enabled | More info | |
| Key Management Service | Critical | CIS 3.8 PCI DSS 3.7.4 | us-east-2 | 2a30648d-7f18-46ab-b97d-f9f0d562446e | Customer managed key (CMK) "test-key2" has key rotation disabled. | PCI DSS Requirement 3.6 states that you must rotate the keys at the end of their defined cryptoperiod. CIS Control 2.8: Ensure rotation for customer-created CMKs is enabled | More info | |
| Key Management Service | Critical | CIS 3.8 PCI DSS 3.7.4 | us-west-2 | ef4a6c7d-4091-4456-927d-e3a62e245f59 | Customer managed key (CMK) "my-test-key" has key rotation disabled. | PCI DSS Requirement 3.6 states that you must rotate the keys at the end of their defined cryptoperiod. CIS Control 2.8: Ensure rotation for customer-created CMKs is enabled | More info | |
| Elastic File System | Critical | CIS 2.4.1 PCI DSS 3.5 HIPAA (Encryption) | us-east-1 | fs-34d4d281 | EFS file system is not encrypted. | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest and in transit, make sure your file system is encrypted with a KMS customer-managed key (CMK). | More info |