Merge pull request #33 from opengovern/fix-framework-structure

fix: remove defaults from control-groups

Author: artaasadi

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1.yaml

@@ -3,10 +3,6 @@ control-group:
   title: ACSC Essential Eight Maturity Level 1
   description: The availability category refers to the accessibility of information used by the entity’s systems, as well as the products or services provided to its customers.
   section-code: ml_1
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_1_2
   - id: aws_acsc_essential_eight_ml_1_5

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2.yaml

@@ -3,9 +3,5 @@ control-group:
   title: "ACSC-EE-ML1-2: Patch applications ML1"
   description: A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities.
   section-code: "2"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_1_2_5

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2_5.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-2.5: Patch applications ML1"
   description: Patches, updates or vendor mitigations for security vulnerabilities in internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists.
   section-code: "5"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_ecs_service_fargate_using_latest_platform_version
   - aws_eks_cluster_with_latest_kubernetes_version

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-5: Restrict administrative privileges ML1"
   description: The restriction of administrative privileges is the practice of limiting the number of privileged accounts and the extent of their access to systems and data.
   section-code: "5"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_1_5_2
   - id: aws_acsc_essential_eight_ml_1_5_3

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_2.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-5.2: Restrict administrative privileges ML1"
   description: Privileged accounts (excluding privileged service accounts) are prevented from accessing the internet, email and web services.
   section-code: "2"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_codebuild_project_environment_privileged_mode_disabled
   - aws_ecs_task_definition_container_non_privileged

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_3.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-5.3: Restrict administrative privileges ML1"
   description: Privileged users use separate privileged and unprivileged operating environments.
   section-code: "3"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_codebuild_project_environment_privileged_mode_disabled
   - aws_codebuild_project_source_repo_oauth_configured

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_4.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-5.4: Restrict administrative privileges ML1"
   description: Unprivileged accounts cannot logon to privileged operating environments.
   section-code: "4"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_codebuild_project_source_repo_oauth_configured
   - aws_ec2_instance_iam_profile_attached

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_5.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-5.5: Restrict administrative privileges ML1"
   description: Privileged accounts (excluding local administrator accounts) cannot logon to unprivileged operating environments.
   section-code: "5"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_codebuild_project_environment_privileged_mode_disabled
   - aws_codebuild_project_source_repo_oauth_configured

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-6: Patch operating systems ML1"
   description: The patching of operating systems is the practice of applying patches, updates or vendor mitigations to security vulnerabilities in operating systems.
   section-code: "6"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_1_6_2
   - id: aws_acsc_essential_eight_ml_1_6_3

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_2.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-6.2: Patch operating systems ML1"
   description: A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities.
   section-code: "2"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_1test
   - aws_ecr_repository_image_scan_on_push_enabled