cleaning

Author: acx1729

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1.yaml

@@ -1,17 +1,12 @@
 ID: aws_acsc_essential_eight_ml_1
-Title: "ACSC Essential Eight Maturity Level 1"
-Description: "The availability category refers to the accessibility of information
-  used by the entity’s systems, as well as the products or services provided to its
-  customers."
-SectionCode: "ml_1"
+Title: ACSC Essential Eight Maturity Level 1
+Description: The availability category refers to the accessibility of information used by the entity’s systems, as well as the products or services provided to its customers.
+SectionCode: ml_1
 Children:
-- aws_acsc_essential_eight_ml_1_2
-- aws_acsc_essential_eight_ml_1_5
-- aws_acsc_essential_eight_ml_1_6
-- aws_acsc_essential_eight_ml_1_7
-- aws_acsc_essential_eight_ml_1_8
-Tags: {}
-Enabled: false
-AutoAssign: false
+    - aws_acsc_essential_eight_ml_1_2
+    - aws_acsc_essential_eight_ml_1_5
+    - aws_acsc_essential_eight_ml_1_6
+    - aws_acsc_essential_eight_ml_1_7
+    - aws_acsc_essential_eight_ml_1_8
 Controls: []
-TracksDriftEvents: false
+Tags: {}

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2.yaml

@@ -1,12 +1,8 @@
 ID: aws_acsc_essential_eight_ml_1_2
-Title: "ACSC-EE-ML1-2: Patch applications ML1"
-Description: "A vulnerability scanner with an up-to-date vulnerability database is
-  used for vulnerability scanning activities."
+Title: 'ACSC-EE-ML1-2: Patch applications ML1'
+Description: A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities.
 SectionCode: "2"
 Children:
-- aws_acsc_essential_eight_ml_1_2_5
-Tags: {}
-Enabled: false
-AutoAssign: false
+    - aws_acsc_essential_eight_ml_1_2_5
 Controls: []
-TracksDriftEvents: false
+Tags: {}

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2_5.yaml

@@ -1,21 +1,16 @@
 ID: aws_acsc_essential_eight_ml_1_2_5
-Title: "ACSC-EE-ML1-2.5: Patch applications ML1"
-Description: "Patches, updates or vendor mitigations for security vulnerabilities
-  in internet-facing services are applied within two weeks of release, or within 48
-  hours if an exploit exists."
+Title: 'ACSC-EE-ML1-2.5: Patch applications ML1'
+Description: Patches, updates or vendor mitigations for security vulnerabilities in internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists.
 SectionCode: "5"
 Children: []
-Tags: {}
-Enabled: false
-AutoAssign: false
 Controls:
-- aws_ecs_service_fargate_using_latest_platform_version
-- aws_eks_cluster_with_latest_kubernetes_version
-- aws_elastic_beanstalk_environment_managed_updates_enabled
-- aws_elasticache_cluster_auto_minor_version_upgrade_enabled
-- aws_lambda_function_use_latest_runtime
-- aws_opensearch_domain_updated_with_latest_service_software_version
-- aws_rds_db_instance_automatic_minor_version_upgrade_enabled
-- aws_redshift_cluster_maintenance_settings_check
-- aws_ssm_managed_instance_compliance_patch_compliant
-TracksDriftEvents: false
+    - aws_ecs_service_fargate_using_latest_platform_version
+    - aws_eks_cluster_with_latest_kubernetes_version
+    - aws_elastic_beanstalk_environment_managed_updates_enabled
+    - aws_elasticache_cluster_auto_minor_version_upgrade_enabled
+    - aws_lambda_function_use_latest_runtime
+    - aws_opensearch_domain_updated_with_latest_service_software_version
+    - aws_rds_db_instance_automatic_minor_version_upgrade_enabled
+    - aws_redshift_cluster_maintenance_settings_check
+    - aws_ssm_managed_instance_compliance_patch_compliant
+Tags: {}

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5.yaml

@@ -1,16 +1,11 @@
 ID: aws_acsc_essential_eight_ml_1_5
-Title: "ACSC-EE-ML1-5: Restrict administrative privileges ML1"
-Description: "The restriction of administrative privileges is the practice of limiting
-  the number of privileged accounts and the extent of their access to systems and
-  data."
+Title: 'ACSC-EE-ML1-5: Restrict administrative privileges ML1'
+Description: The restriction of administrative privileges is the practice of limiting the number of privileged accounts and the extent of their access to systems and data.
 SectionCode: "5"
 Children:
-- aws_acsc_essential_eight_ml_1_5_2
-- aws_acsc_essential_eight_ml_1_5_3
-- aws_acsc_essential_eight_ml_1_5_4
-- aws_acsc_essential_eight_ml_1_5_5
-Tags: {}
-Enabled: false
-AutoAssign: false
+    - aws_acsc_essential_eight_ml_1_5_2
+    - aws_acsc_essential_eight_ml_1_5_3
+    - aws_acsc_essential_eight_ml_1_5_4
+    - aws_acsc_essential_eight_ml_1_5_5
 Controls: []
-TracksDriftEvents: false
+Tags: {}

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_2.yaml

@@ -1,20 +1,16 @@
 ID: aws_acsc_essential_eight_ml_1_5_2
-Title: "ACSC-EE-ML1-5.2: Restrict administrative privileges ML1"
-Description: "Privileged accounts (excluding privileged service accounts) are prevented
-  from accessing the internet, email and web services."
+Title: 'ACSC-EE-ML1-5.2: Restrict administrative privileges ML1'
+Description: Privileged accounts (excluding privileged service accounts) are prevented from accessing the internet, email and web services.
 SectionCode: "2"
 Children: []
-Tags: {}
-Enabled: false
-AutoAssign: false
 Controls:
-- aws_codebuild_project_environment_privileged_mode_disabled
-- aws_ecs_task_definition_container_non_privileged
-- aws_ecs_task_definition_no_root_user
-- aws_eventbridge_custom_bus_resource_based_policy_attached
-- aws_iam_policy_custom_no_blocked_kms_actions
-- aws_iam_policy_inline_no_blocked_kms_actions
-- aws_iam_policy_no_star_star
-- aws_iam_root_user_no_access_keys
-- aws_sagemaker_notebook_instance_root_access_disabled
-TracksDriftEvents: false
+    - aws_codebuild_project_environment_privileged_mode_disabled
+    - aws_ecs_task_definition_container_non_privileged
+    - aws_ecs_task_definition_no_root_user
+    - aws_eventbridge_custom_bus_resource_based_policy_attached
+    - aws_iam_policy_custom_no_blocked_kms_actions
+    - aws_iam_policy_inline_no_blocked_kms_actions
+    - aws_iam_policy_no_star_star
+    - aws_iam_root_user_no_access_keys
+    - aws_sagemaker_notebook_instance_root_access_disabled
+Tags: {}

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_3.yaml

@@ -1,19 +1,15 @@
 ID: aws_acsc_essential_eight_ml_1_5_3
-Title: "ACSC-EE-ML1-5.3: Restrict administrative privileges ML1"
-Description: "Privileged users use separate privileged and unprivileged operating
-  environments."
+Title: 'ACSC-EE-ML1-5.3: Restrict administrative privileges ML1'
+Description: Privileged users use separate privileged and unprivileged operating environments.
 SectionCode: "3"
 Children: []
-Tags: {}
-Enabled: false
-AutoAssign: false
 Controls:
-- aws_codebuild_project_environment_privileged_mode_disabled
-- aws_codebuild_project_source_repo_oauth_configured
-- aws_ecs_task_definition_container_non_privileged
-- aws_ecs_task_definition_no_root_user
-- aws_eventbridge_custom_bus_resource_based_policy_attached
-- aws_iam_root_user_no_access_keys
-- aws_sagemaker_notebook_instance_root_access_disabled
-- aws_ssm_managed_instance_compliance_association_compliant
-TracksDriftEvents: false
+    - aws_codebuild_project_environment_privileged_mode_disabled
+    - aws_codebuild_project_source_repo_oauth_configured
+    - aws_ecs_task_definition_container_non_privileged
+    - aws_ecs_task_definition_no_root_user
+    - aws_eventbridge_custom_bus_resource_based_policy_attached
+    - aws_iam_root_user_no_access_keys
+    - aws_sagemaker_notebook_instance_root_access_disabled
+    - aws_ssm_managed_instance_compliance_association_compliant
+Tags: {}

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_4.yaml

@@ -1,15 +1,12 @@
 ID: aws_acsc_essential_eight_ml_1_5_4
-Title: "ACSC-EE-ML1-5.4: Restrict administrative privileges ML1"
-Description: "Unprivileged accounts cannot logon to privileged operating environments."
+Title: 'ACSC-EE-ML1-5.4: Restrict administrative privileges ML1'
+Description: Unprivileged accounts cannot logon to privileged operating environments.
 SectionCode: "4"
 Children: []
-Tags: {}
-Enabled: false
-AutoAssign: false
 Controls:
-- aws_codebuild_project_source_repo_oauth_configured
-- aws_ec2_instance_iam_profile_attached
-- aws_eventbridge_custom_bus_resource_based_policy_attached
-- aws_ssm_managed_instance_compliance_association_compliant
-- aws_vpc_security_group_restrict_ingress_ssh_all
-TracksDriftEvents: false
+    - aws_codebuild_project_source_repo_oauth_configured
+    - aws_ec2_instance_iam_profile_attached
+    - aws_eventbridge_custom_bus_resource_based_policy_attached
+    - aws_ssm_managed_instance_compliance_association_compliant
+    - aws_vpc_security_group_restrict_ingress_ssh_all
+Tags: {}

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_5.yaml

@@ -1,21 +1,17 @@
 ID: aws_acsc_essential_eight_ml_1_5_5
-Title: "ACSC-EE-ML1-5.5: Restrict administrative privileges ML1"
-Description: "Privileged accounts (excluding local administrator accounts) cannot
-  logon to unprivileged operating environments."
+Title: 'ACSC-EE-ML1-5.5: Restrict administrative privileges ML1'
+Description: Privileged accounts (excluding local administrator accounts) cannot logon to unprivileged operating environments.
 SectionCode: "5"
 Children: []
-Tags: {}
-Enabled: false
-AutoAssign: false
 Controls:
-- aws_codebuild_project_environment_privileged_mode_disabled
-- aws_codebuild_project_source_repo_oauth_configured
-- aws_ecs_task_definition_container_non_privileged
-- aws_ecs_task_definition_no_root_user
-- aws_iam_policy_custom_no_blocked_kms_actions
-- aws_iam_policy_inline_no_blocked_kms_actions
-- aws_iam_policy_no_star_star
-- aws_iam_root_user_no_access_keys
-- aws_sagemaker_notebook_instance_root_access_disabled
-- aws_vpc_security_group_restrict_ingress_ssh_all
-TracksDriftEvents: false
+    - aws_codebuild_project_environment_privileged_mode_disabled
+    - aws_codebuild_project_source_repo_oauth_configured
+    - aws_ecs_task_definition_container_non_privileged
+    - aws_ecs_task_definition_no_root_user
+    - aws_iam_policy_custom_no_blocked_kms_actions
+    - aws_iam_policy_inline_no_blocked_kms_actions
+    - aws_iam_policy_no_star_star
+    - aws_iam_root_user_no_access_keys
+    - aws_sagemaker_notebook_instance_root_access_disabled
+    - aws_vpc_security_group_restrict_ingress_ssh_all
+Tags: {}

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6.yaml

@@ -1,17 +1,13 @@
 ID: aws_acsc_essential_eight_ml_1_6
-Title: "ACSC-EE-ML1-6: Patch operating systems ML1"
-Description: "The patching of operating systems is the practice of applying patches,
-  updates or vendor mitigations to security vulnerabilities in operating systems."
+Title: 'ACSC-EE-ML1-6: Patch operating systems ML1'
+Description: The patching of operating systems is the practice of applying patches, updates or vendor mitigations to security vulnerabilities in operating systems.
 SectionCode: "6"
 Children:
-- aws_acsc_essential_eight_ml_1_6_2
-- aws_acsc_essential_eight_ml_1_6_3
-- aws_acsc_essential_eight_ml_1_6_4
-- aws_acsc_essential_eight_ml_1_6_5
-- aws_acsc_essential_eight_ml_1_6_6
-- aws_acsc_essential_eight_ml_1_6_7
-Tags: {}
-Enabled: false
-AutoAssign: false
+    - aws_acsc_essential_eight_ml_1_6_2
+    - aws_acsc_essential_eight_ml_1_6_3
+    - aws_acsc_essential_eight_ml_1_6_4
+    - aws_acsc_essential_eight_ml_1_6_5
+    - aws_acsc_essential_eight_ml_1_6_6
+    - aws_acsc_essential_eight_ml_1_6_7
 Controls: []
-TracksDriftEvents: false
+Tags: {}

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_2.yaml

@@ -1,12 +1,8 @@
 ID: aws_acsc_essential_eight_ml_1_6_2
-Title: "ACSC-EE-ML1-6.2: Patch operating systems ML1"
-Description: "A vulnerability scanner with an up-to-date vulnerability database is
-  used for vulnerability scanning activities."
+Title: 'ACSC-EE-ML1-6.2: Patch operating systems ML1'
+Description: A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities.
 SectionCode: "2"
 Children: []
-Tags: {}
-Enabled: false
-AutoAssign: false
 Controls:
-- aws_ecr_repository_image_scan_on_push_enabled
-TracksDriftEvents: false
+    - aws_ecr_repository_image_scan_on_push_enabled
+Tags: {}