test-scanner
Overview
Critical
0High
1Medium
2Low
1Informational
0Security issues (4)
Severity | Non-Compliance | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|
High | — | Amazon S3 bucket versioning is disabled. | Enable S3 bucket versioning to protect the objects from accidental deletion or overwrite. | More info | |
Low | PCI DSS 10.2 HIPAA (Audit) | Amazon S3 server access logging is disabled. | Enable S3 access logging for detailed records for the requests that are made to a bucket. The access log information can be useful in security and access audits. | More info | |
Medium | — | Amazon S3 bucket uses server-side encryption with Amazon S3-managed encryption keys (SSE-S3). | For more control over the data-at-rest encryption, use server-side encryption with customer-provided encryption keys (SSE-C). | More info | |
Medium | CIS 2.1.2 PCI DSS 4.2 HIPAA (Encryption) | Amazon S3 bucket policy was not found. | Add S3 bucket policy to require encryption during data transit. To be compliant, the policy should explicitly deny access to HTTP requests. | More info |