diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1.yaml index 80ed08bbd..44f366a44 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1.yaml @@ -3,10 +3,6 @@ control-group: title: ACSC Essential Eight Maturity Level 1 description: The availability category refers to the accessibility of information used by the entity’s systems, as well as the products or services provided to its customers. section-code: ml_1 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_1_2 - id: aws_acsc_essential_eight_ml_1_5 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2.yaml index 27461c625..859c16bc0 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML1-2: Patch applications ML1" description: A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_1_2_5 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2_5.yaml index 3a4745f94..b51b0e3d6 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-2.5: Patch applications ML1" description: Patches, updates or vendor mitigations for security vulnerabilities in internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_service_fargate_using_latest_platform_version - aws_eks_cluster_with_latest_kubernetes_version diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5.yaml index 766a276ee..3baf9179f 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-5: Restrict administrative privileges ML1" description: The restriction of administrative privileges is the practice of limiting the number of privileged accounts and the extent of their access to systems and data. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_1_5_2 - id: aws_acsc_essential_eight_ml_1_5_3 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_2.yaml index 0dc0b05ce..0ff238393 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_2.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-5.2: Restrict administrative privileges ML1" description: Privileged accounts (excluding privileged service accounts) are prevented from accessing the internet, email and web services. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_ecs_task_definition_container_non_privileged diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_3.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_3.yaml index 7380ef2e7..0968d4234 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_3.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_3.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-5.3: Restrict administrative privileges ML1" description: Privileged users use separate privileged and unprivileged operating environments. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_codebuild_project_source_repo_oauth_configured diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_4.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_4.yaml index 13fd7c11d..d49415fa4 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_4.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_4.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-5.4: Restrict administrative privileges ML1" description: Unprivileged accounts cannot logon to privileged operating environments. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_source_repo_oauth_configured - aws_ec2_instance_iam_profile_attached diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_5.yaml index 6ba28dc55..bf8d7fed7 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-5.5: Restrict administrative privileges ML1" description: Privileged accounts (excluding local administrator accounts) cannot logon to unprivileged operating environments. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_codebuild_project_source_repo_oauth_configured diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6.yaml index 064798ad2..ec17cd28d 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-6: Patch operating systems ML1" description: The patching of operating systems is the practice of applying patches, updates or vendor mitigations to security vulnerabilities in operating systems. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_1_6_2 - id: aws_acsc_essential_eight_ml_1_6_3 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_2.yaml index 2757e412b..10d9a3aff 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_2.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-6.2: Patch operating systems ML1" description: A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_1test - aws_ecr_repository_image_scan_on_push_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_3.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_3.yaml index 13548eea9..909c516c0 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_3.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_3.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML1-6.3: Patch operating systems ML1" description: A vulnerability scanner is used at least daily to identify missing patches or updates for security vulnerabilities in operating systems of internet-facing services. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecr_repository_image_scan_on_push_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_4.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_4.yaml index 064c46ed8..7f1ad3b43 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_4.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_4.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML1-6.4: Patch operating systems ML1" description: A vulnerability scanner is used at least fortnightly to identify missing patches or updates for security vulnerabilities in operating systems of workstations, servers and network devices. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecr_repository_image_scan_on_push_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_5.yaml index ac735aeef..1ea8b4b0f 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-6.5: Patch operating systems ML1" description: Patches, updates or vendor mitigations for security vulnerabilities in operating systems of internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_service_fargate_using_latest_platform_version - aws_eks_cluster_with_latest_kubernetes_version diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_6.yaml index 39589ac2d..c037c008b 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-6.6: Patch operating systems ML1" description: Patches, updates or vendor mitigations for security vulnerabilities in operating systems of workstations, servers and network devices are applied within one month of release. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_service_fargate_using_latest_platform_version - aws_eks_cluster_with_latest_kubernetes_version diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_7.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_7.yaml index 9a8e38aa3..971a37598 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_7.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_7.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-6.7: Patch operating systems ML1" description: Operating systems that are no longer supported by vendors are replaced. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_service_fargate_using_latest_platform_version - aws_eks_cluster_with_latest_kubernetes_version diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7.yaml index 156d1c5e3..0b4743b70 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-7: Application control ML1" description: Application control is the practice of restricting the execution of applications to those that have been authorised and are known to be secure. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_1_7_1 - id: aws_acsc_essential_eight_ml_1_7_2 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_1.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_1.yaml index 22952453f..0a00e3958 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_1.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_1.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-7.1: Multi-factor authentication ML1" description: Multi-factor authentication is used by an organisation's users if they authenticate to their organisations internet-facing services. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_2.yaml index 42486b6f6..3e4f4f154 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_2.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-7.2: Multi-factor authentication ML1" description: Multi-factor authentication is used by an organisations users if they authenticate to third-party internet-facing services that process, store or communicate their organisation's sensitive data. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_3.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_3.yaml index 118da45af..89499a48d 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_3.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_3.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-7.3: Multi-factor authentication ML1" description: Multi-factor authentication (where available) is used by an organisations users if they authenticate to third-party internet-facing services that process, store or communicate their organisation's non-sensitive data. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_4.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_4.yaml index 0ce858af7..96c0e0b3d 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_4.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_4.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-7.4: Multi-factor authentication ML1" description: Multi-factor authentication is enabled by default for non-organisational users (but users can choose to opt out) if they authenticate to an organisations internet-facing services. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8.yaml index c453c9178..32dabe99c 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-8: Regular backups ML1" description: Regular backups of important data, software and configuration settings are performed and retained with a frequency and retention timeframe in accordance with business continuity requirements. section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_1_8_1 - id: aws_acsc_essential_eight_ml_1_8_2 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_1.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_1.yaml index 0a44209af..610579761 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_1.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_1.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-8.1: Regular backups ML1" description: Backups of important data, software and configuration settings are performed and retained with a frequency and retention timeframe in accordance with business continuity requirements. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_2.yaml index 71f2233ec..0dd773eab 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_2.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-8.2: Regular backups ML1" description: Backups of important data, software and configuration settings are synchronised to enable restoration to a common point in time. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_3.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_3.yaml index b24eb46bf..1fc4541c5 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_3.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_3.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-8.3: Regular backups ML1" description: Backups of important data, software and configuration settings are retained in a secure and resilient manner. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_5.yaml index 62f9c935a..431e0138c 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-8.5: Regular backups ML1" description: Unprivileged accounts cannot access backups belonging to other accounts. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_source_repo_oauth_configured - aws_ec2_instance_iam_profile_attached diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_6.yaml index 966c12757..052c446c0 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML1-8.6: Regular backups ML1" description: Unprivileged accounts are prevented from modifying and deleting backups. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_source_repo_oauth_configured - aws_ec2_instance_iam_profile_attached diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2.yaml index 5cd7afcaa..309bf32c7 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2.yaml @@ -3,10 +3,6 @@ control-group: title: ACSC Essential Eight Maturity Level 2 description: The Essential Eight Maturity Model is a prioritised list of strategies to mitigate cyber security incidents. The model consists of 8 essential strategies that organisations can implement to protect their systems from a range of adversaries. section-code: ml_2 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_2_1 - id: aws_acsc_essential_eight_ml_2_2 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_1.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_1.yaml index c1823d05f..eabaa0a2e 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_1.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_1.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML2-1: Patch applications ML2" description: An automated method of asset discovery is used at least weekly to support the detection of assets for subsequent vulnerability scanning activities. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_2_1_3 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_1_3.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_1_3.yaml index a56402245..bbb38167b 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_1_3.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_1_3.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-1.3: Application control ML2" description: Allowed and blocked execution events on workstations and internet-facing servers are logged. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_xray_tracing_enabled - aws_apigateway_stage_logging_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_2.yaml index c22eec9e1..6911180b4 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_2.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML2-2: Patch operating systems ML2" description: An automated method of asset discovery is used at least weekly to support the detection of assets for subsequent vulnerability scanning activities. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_2_2_5 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_2_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_2_5.yaml index 9f34dc12e..933d6fbfa 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_2_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_2_5.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML2-2.5: Patch applications ML2" description: A vulnerability scanner is used at least fortnightly to identify missing patches or updates for security vulnerabilities in other applications. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecr_repository_image_scan_on_push_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5.yaml index b0f121407..ddd0fefc9 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-5: Restrict administrative privileges ML2" description: Requests for privileged access to systems and applications are validated when first requested. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_2_5_2 - id: aws_acsc_essential_eight_ml_2_5_3 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_10.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_10.yaml index 30ab25a8b..63d0e8b35 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_10.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_10.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-5.10: Restrict administrative privileges ML2" description: Credentials for local administrator accounts and service accounts are long, unique, unpredictable and managed. section-code: "10" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_ecs_task_definition_container_non_privileged diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_11.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_11.yaml index 551ccf878..4d70e234a 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_11.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_11.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-5.11: Restrict administrative privileges ML2" description: Privileged access events are logged. section-code: "11" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_xray_tracing_enabled - aws_apigateway_stage_logging_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_12.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_12.yaml index 8d372fb25..83380c698 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_12.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_12.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-5.12: Restrict administrative privileges ML2" description: Privileged account and group management events are logged. section-code: "12" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_xray_tracing_enabled - aws_apigateway_stage_logging_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_2.yaml index 4c4f6f319..0584d4fb2 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_2.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-5.2: Restrict administrative privileges ML2" description: Privileged access to systems and applications is automatically disabled after 12 months unless revalidated. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_backup_recovery_point_manual_deletion_disabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_3.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_3.yaml index eabf5ed51..6d7795cf7 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_3.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_3.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-5.3: Restrict administrative privileges ML2" description: Privileged access to systems and applications is automatically disabled after 45 days of inactivity. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_backup_recovery_point_manual_deletion_disabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_4.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_4.yaml index 74eeed5d7..97c5cf9b6 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_4.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_4.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-5.4: Restrict administrative privileges ML2" description: Privileged accounts (excluding privileged service accounts) are prevented from accessing the internet, email and web services. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_ecs_task_definition_container_non_privileged diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_5.yaml index 8e3bcc0bc..01ae1e0f2 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-5.5: Restrict administrative privileges ML2" description: Privileged users use separate privileged and unprivileged operating environments. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_codebuild_project_source_repo_oauth_configured diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_6.yaml index 456d25cde..1175346cb 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-5.6: Restrict administrative privileges ML2" description: Privileged operating environments are not virtualised within unprivileged operating environments. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_codebuild_project_source_repo_oauth_configured diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_7.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_7.yaml index 6f9357720..35f4d990e 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_7.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_7.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-5.7: Restrict administrative privileges ML2" description: Unprivileged accounts cannot logon to privileged operating environments. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_source_repo_oauth_configured - aws_ec2_instance_iam_profile_attached diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_8.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_8.yaml index b64c7f0b6..9e50dd97c 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_8.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_8.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-5.8: Restrict administrative privileges ML2" description: Privileged accounts (excluding local administrator accounts) cannot logon to unprivileged operating environments. section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_codebuild_project_source_repo_oauth_configured diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_9.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_9.yaml index 8425bf18d..52452ecfd 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_9.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_9.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-5.9: Restrict administrative privileges ML2" description: Unprivileged accounts cannot logon to privileged operating environments. section-code: "9" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_source_repo_oauth_configured - aws_ec2_instance_iam_profile_attached diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6.yaml index 92ddbc4e8..b68d1c16e 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-6: Multi-factor authentication ML2" description: Multi-factor authentication is enabled for all users and administrators. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_2_6_2 - id: aws_acsc_essential_eight_ml_2_6_3 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_2.yaml index 6d1052907..5bf67d89e 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_2.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML2-6.2: Patch operating systems ML2" description: A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecr_repository_image_scan_on_push_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_3.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_3.yaml index e94b7e05f..c19b26f63 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_3.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_3.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML2-6.3: Patch operating systems ML2" description: A vulnerability scanner is used at least daily to identify missing patches or updates for security vulnerabilities in operating systems of internet-facing services. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecr_repository_image_scan_on_push_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_4.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_4.yaml index e36a13d30..a24a56d59 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_4.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_4.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML2-6.4: Patch operating systems ML2" description: A vulnerability scanner is used at least weekly to identify missing patches or updates for security vulnerabilities in operating systems of workstations, servers and network devices. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecr_repository_image_scan_on_push_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_5.yaml index 8a809e6f8..7c16bbb25 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-6.5: Patch operating systems ML2" description: Patches, updates or vendor mitigations for security vulnerabilities in operating systems of Internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_service_fargate_using_latest_platform_version - aws_eks_cluster_with_latest_kubernetes_version diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_6.yaml index ab37d6376..3008f06b2 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-6.6: Patch operating systems ML2" description: Patches, updates or vendor mitigations for security vulnerabilities in operating systems of workstations, servers and network devices are applied within two weeks of release. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_service_fargate_using_latest_platform_version - aws_eks_cluster_with_latest_kubernetes_version diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_7.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_7.yaml index 88f57f273..8456c3cc9 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_7.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_6_7.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-6.7: Patch operating systems ML2" description: Operating systems that are no longer supported by vendors are replaced. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_service_fargate_using_latest_platform_version - aws_eks_cluster_with_latest_kubernetes_version diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7.yaml index 82fdedef5..44f295bb0 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-7: Application control ML2" description: Allowed and blocked execution events on workstations and internet-facing servers are logged. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_2_7_1 - id: aws_acsc_essential_eight_ml_2_7_4 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_1.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_1.yaml index 103386c37..4fe506ce7 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_1.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_1.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-7.1: Multi-factor authentication ML2" description: Multi-factor authentication is used by an organisation's users if they authenticate to their organisations internet-facing services. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_4.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_4.yaml index 1ff632352..992a7575d 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_4.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_4.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-7.4: Multi-factor authentication ML2" description: Multi-factor authentication is enabled by default for non-organisational users (but users can choose to opt out) if they authenticate to an organisations internet-facing services. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_5.yaml index 2fb8aecb8..b85a4b55c 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-7.5: Multi-factor authentication ML2" description: Multi-factor authentication is used to authenticate privileged users of systems. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_6.yaml index 0d476207e..5fe739260 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-7.6: Multi-factor authentication ML2" description: "Multi-factor authentication uses either: something users have and something users know, or something users have that is unlocked by something users know or are." section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_7.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_7.yaml index 9544770d0..b841a0f42 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_7.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_7_7.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-7.7: Multi-factor authentication ML2" description: Successful and unsuccessful multi-factor authentication events are logged. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_xray_tracing_enabled - aws_apigateway_stage_logging_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8.yaml index 968dd4e0b..29f87f6da 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-8: Daily backups ML2" description: Backups are taken daily and retained for at least 7 days. section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_2_8_1 - id: aws_acsc_essential_eight_ml_2_8_2 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_1.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_1.yaml index bb4275a89..0bf5d63d9 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_1.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_1.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-8.1: Regular backups ML2" description: Backups of important data, software and configuration settings are performed and retained with a frequency and retention timeframe in accordance with business continuity requirements. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_2.yaml index 58818038f..6f63e79fe 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_2.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-8.2: Regular backups ML2" description: Backups of important data, software and configuration settings are synchronised to enable restoration to a common point in time. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_3.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_3.yaml index 3c6603f76..af227b53d 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_3.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_3.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-8.3: Regular backups ML2" description: Backups of important data, software and configuration settings are retained in a secure and resilient manner. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_5.yaml index e504f503d..b4f6e5234 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-8.5: Regular backups ML2" description: Unprivileged accounts cannot access backups belonging to other accounts. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_source_repo_oauth_configured - aws_ec2_instance_iam_profile_attached diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_6.yaml index acfa16eaf..617c440b9 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-8.6: Regular backups ML2" description: Privileged accounts (excluding backup administrator accounts) cannot access backups belonging to other accounts. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_recovery_point_manual_deletion_disabled - aws_cloudtrail_bucket_not_public diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_7.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_7.yaml index e309dab2a..085c6c0c8 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_7.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_7.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-8.7: Regular backups ML2" description: Unprivileged accounts are prevented from modifying and deleting backups. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_source_repo_oauth_configured - aws_ec2_instance_iam_profile_attached diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_8.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_8.yaml index 1aff742b8..0af28072a 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_8.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_8_8.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML2-8.8: Regular backups ML2" description: Privileged accounts (excluding backup administrator accounts) are prevented from modifying and deleting backups. section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_recovery_point_manual_deletion_disabled - aws_cloudtrail_bucket_not_public diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3.yaml index 23704d99c..37bff915b 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3.yaml @@ -3,10 +3,6 @@ control-group: title: ACSC Essential Eight Maturity Level 3 description: The Essential Eight Maturity Model is a prioritised list of strategies to mitigate cyber security incidents. The model consists of 8 essential strategies that organisations can implement to protect their systems from a range of adversaries. section-code: ml_3 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_3_1 - id: aws_acsc_essential_eight_ml_3_2 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1.yaml index a963f0138..8eaf176fb 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-1: Application control ML3" description: Application control is implemented on workstations and servers. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_3_1_6 - id: aws_acsc_essential_eight_ml_3_1_7 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1_6.yaml index 7aa787313..736374a2d 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-1.6: Application control ML3" description: Allowed and blocked execution events on workstations and servers are centrally logged. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1_7.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1_7.yaml index 122da333f..6f6d6116e 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1_7.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1_7.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-1.7: Application control ML3" description: Event logs are protected from unauthorised modification and deletion. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_bucket_not_public - aws_cloudtrail_security_trail_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1_8.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1_8.yaml index c9910ed91..55bd2a283 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1_8.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_1_8.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-1.8: Application control ML3" description: Event logs are monitored for signs of compromise and actioned when any signs of compromise are detected. section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_xray_tracing_enabled - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_2.yaml index e4486f0c7..a579cd6d8 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_2.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-2: Patch applications ML3" description: All workstations and servers have the latest security-relevant patches applied. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_3_2_2 - id: aws_acsc_essential_eight_ml_3_2_9 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_2_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_2_2.yaml index cb2b29f73..8ef3457d6 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_2_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_2_2.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML3-2.2: Patch applications ML3" description: A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecr_repository_image_scan_on_push_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_2_9.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_2_9.yaml index f23216bb5..c5af21883 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_2_9.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_2_9.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-2.9: Patch applications ML3" description: Applications that are no longer supported by vendors are removed. section-code: "9" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_service_fargate_using_latest_platform_version - aws_eks_cluster_with_latest_kubernetes_version diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_4.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_4.yaml index b74e7909b..9e700400c 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_4.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_4.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML3-4: User application hardening ML3" description: Web browsers do not process Java from the internet. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_3_4_18 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_4_18.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_4_18.yaml index b25b59fc3..2b89b7493 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_4_18.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_4_18.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-4.18: User application hardening ML3" description: Event logs are monitored for signs of compromise and actioned when any signs of compromise are detected. section-code: "18" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_xray_tracing_enabled - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5.yaml index 0bb3f772d..08d6d5f94 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5: Restrict administrative privileges ML3" description: Requests for privileged access to systems and applications are validated when first requested. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_3_5_2 - id: aws_acsc_essential_eight_ml_3_5_3 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_11.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_11.yaml index 56795cea0..1658c3015 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_11.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_11.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.11: Restrict administrative privileges ML3" description: Administrative activities are conducted through jump servers. section-code: "11" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_source_repo_oauth_configured - aws_ec2_instance_iam_profile_attached diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_12.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_12.yaml index f353c09c9..e84817942 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_12.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_12.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.12: Restrict administrative privileges ML3" description: Credentials for local administrator accounts and service accounts are long, unique, unpredictable and managed. section-code: "12" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_ecs_task_definition_container_non_privileged diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_14.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_14.yaml index a58abd537..fa7ef47b0 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_14.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_14.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.14: Restrict administrative privileges ML3" description: Privileged access events are centrally logged. section-code: "14" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_15.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_15.yaml index ed6f6bed8..bcaf85735 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_15.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_15.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.15: Restrict administrative privileges ML3" description: Privileged account and group management events are centrally logged. section-code: "15" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_16.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_16.yaml index b9c53748d..0fbb4c9b8 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_16.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_16.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.16: Restrict administrative privileges ML3" description: Event logs are protected from unauthorised modification and deletion. section-code: "16" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_bucket_not_public - aws_cloudtrail_security_trail_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_17.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_17.yaml index 33d188255..9019d387a 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_17.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_17.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.17: Restrict administrative privileges ML3" description: Event logs are monitored for signs of compromise and actioned when any signs of compromise are detected. section-code: "17" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_xray_tracing_enabled - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_2.yaml index fdde94567..94ab02f0f 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_2.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.2: Restrict administrative privileges ML3" description: Privileged access is restricted to the minimum number of people required. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_backup_recovery_point_manual_deletion_disabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_3.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_3.yaml index 43a62b2b3..145aa54d3 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_3.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_3.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.3: Restrict administrative privileges ML3" description: Privileged access to systems and applications is automatically disabled after 45 days of inactivity. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_backup_recovery_point_manual_deletion_disabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_4.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_4.yaml index bddb9ae1c..4a80b6fb1 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_4.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_4.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.4: Restrict administrative privileges ML3" description: Privileged access to systems and applications is limited to only what is required for users and services to undertake their duties. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_task_definition_container_readonly_root_filesystem - aws_iam_user_in_group diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_5.yaml index a0c7de648..14a5a5c5f 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.5: Restrict administrative privileges ML3" description: Privileged accounts are prevented from accessing the internet, email and web services. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_ecs_task_definition_container_non_privileged diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_6.yaml index 737cc459b..a53911642 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.6: Restrict administrative privileges ML3" description: Privileged users use separate privileged and unprivileged operating environments. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_codebuild_project_source_repo_oauth_configured diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_7.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_7.yaml index 43beadeb4..5ef9ed098 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_7.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_7.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.7: Restrict administrative privileges ML3" description: Privileged operating environments are not virtualised within unprivileged operating environments. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_codebuild_project_source_repo_oauth_configured diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_8.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_8.yaml index 34bb32d29..4933c9ff3 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_8.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_8.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.8: Restrict administrative privileges ML3" description: Unprivileged accounts cannot logon to privileged operating environments. section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_source_repo_oauth_configured - aws_ec2_instance_iam_profile_attached diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_9.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_9.yaml index fdecea8b0..7460b2a6e 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_9.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_5_9.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-5.9: Restrict administrative privileges ML3" description: Privileged accounts (excluding local administrator accounts) cannot logon to unprivileged operating environments. section-code: "9" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_codebuild_project_source_repo_oauth_configured diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6.yaml index a19a77991..14a675513 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-6: Patch operating systems ML3" description: An automated method of asset discovery is used at least fortnightly to support the detection of assets for subsequent vulnerability scanning activities. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_3_6_2 - id: aws_acsc_essential_eight_ml_3_6_3 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_2.yaml index 8a93211af..8e39ec47e 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_2.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML3-6.2: Patch operating systems ML3" description: A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecr_repository_image_scan_on_push_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_3.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_3.yaml index a99328f71..70414d8de 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_3.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_3.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML3-6.3: Patch operating systems ML3" description: A vulnerability scanner is used at least daily to identify missing patches or updates for security vulnerabilities in operating systems of internet-facing services. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecr_repository_image_scan_on_push_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_4.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_4.yaml index 7319f1f2a..394145ed1 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_4.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_4.yaml @@ -3,9 +3,5 @@ control-group: title: "ACSC-EE-ML3-6.4: Patch operating systems ML3" description: A vulnerability scanner is used at least weekly to identify missing patches or updates for security vulnerabilities in operating systems of workstations, servers and network devices. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecr_repository_image_scan_on_push_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_5.yaml index c3c2e0cf8..16da9077e 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-6.5: Patch operating systems ML3" description: Patches, updates or vendor mitigations for security vulnerabilities in operating systems of Internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_service_fargate_using_latest_platform_version - aws_eks_cluster_with_latest_kubernetes_version diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_6.yaml index e6c72567a..f215db702 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-6.6: Patch operating systems ML3" description: Patches, updates or vendor mitigations for security vulnerabilities in operating systems of workstations, servers and network devices are applied within two weeks of release, or within 48 hours if an exploit exists. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_service_fargate_using_latest_platform_version - aws_eks_cluster_with_latest_kubernetes_version diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_7.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_7.yaml index 875316428..e1557b2ca 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_7.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_7.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-6.7: Patch operating systems ML3" description: The latest release, or the previous release, of operating systems are used. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_service_fargate_using_latest_platform_version - aws_eks_cluster_with_latest_kubernetes_version diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_8.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_8.yaml index 45b68070d..04e4a9100 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_8.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_6_8.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-6.8: Patch operating systems ML3" description: Operating systems that are no longer supported by vendors are replaced. section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_service_fargate_using_latest_platform_version - aws_eks_cluster_with_latest_kubernetes_version diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7.yaml index 8e097ef3a..68ad0be98 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-7: Restrict administrative privileges ML3" description: Multi-factor authentication is used by an organisation's users if they authenticate to their organisations internet-facing services. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_3_7_1 - id: aws_acsc_essential_eight_ml_3_7_2 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_1.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_1.yaml index 170c08b90..faea6eab9 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_1.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_1.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-7.1: Multi-factor authentication ML3" description: Multi-factor authentication is used by an organisation's users if they authenticate to their organisations internet-facing services. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_10.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_10.yaml index b1f28b34f..d3e555aad 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_10.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_10.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-7.10: Multi-factor authentication ML3" description: Event logs are monitored for signs of compromise and actioned when any signs of compromise are detected. section-code: "10" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_xray_tracing_enabled - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_2.yaml index 6efd08568..e64ab8dc6 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_2.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-7.2: Multi-factor authentication ML3" description: Multi-factor authentication is used by an organisations users if they authenticate to third-party internet-facing services that process, store or communicate their organisation's sensitive data. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_3.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_3.yaml index df70e45c4..a5ad8c666 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_3.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_3.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-7.3: Multi-factor authentication ML3" description: Multi-factor authentication is enabled by default for non-organisational users (but users can choose to opt out) if they authenticate to an organisations internet-facing services. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_4.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_4.yaml index 2037b94c9..e818d2e0e 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_4.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_4.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-7.4: Multi-factor authentication ML3" description: Multi-factor authentication is enabled by default for non-organisational users (but users can choose to opt out) if they authenticate to an organisations internet-facing services. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_5.yaml index 4129ad9d7..66dfbcc08 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-7.5: Multi-factor authentication ML3" description: Multi-factor authentication is used to authenticate privileged users of systems. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_6.yaml index 955f15d55..a3fc298bf 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-7.6: Multi-factor authentication ML3" description: Multi-factor authentication is used to authenticate users accessing important data repositories. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_7.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_7.yaml index 7374e290c..76e0ed1d8 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_7.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_7.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-7.7: Multi-factor authentication ML3" description: "Multi-factor authentication is phishing-resistant and uses either: something users have and something users know, or something users have that is unlocked by something users know or are." section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_8.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_8.yaml index d5a8d0484..281b01b3c 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_8.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_8.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-7.8: Multi-factor authentication ML3" description: Successful and unsuccessful multi-factor authentication events are centrally logged. section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_9.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_9.yaml index 2d624420e..c7b50bddf 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_9.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_7_9.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-7.9: Multi-factor authentication ML3" description: Event logs are protected from unauthorised modification and deletion. section-code: "9" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_bucket_not_public - aws_cloudtrail_security_trail_enabled diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8.yaml index 94dd19660..f58a5fea7 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-8: Regular backups ML3" description: Backups of important data, software and configuration settings are performed and retained with a frequency and retention timeframe in accordance with business continuity requirements. section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_acsc_essential_eight_ml_3_8_1 - id: aws_acsc_essential_eight_ml_3_8_2 diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_1.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_1.yaml index ae0fc52e3..0bf2a96dc 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_1.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_1.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-8.1: Regular backups ML3" description: Backups of important data, software and configuration settings are performed and retained with a frequency and retention timeframe in accordance with business continuity requirements. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_2.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_2.yaml index 294341a18..bef7a017b 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_2.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_2.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-8.2: Regular backups ML3" description: Backups of important data, software and configuration settings are synchronised to enable restoration to a common point in time. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_3.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_3.yaml index fbe4fb957..00bc99f73 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_3.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_3.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-8.3: Regular backups ML3" description: Backups of important data, software and configuration settings are retained in a secure and resilient manner. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_5.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_5.yaml index 3210f00cf..fe043c523 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_5.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_5.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-8.5: Regular backups ML3" description: Unprivileged accounts cannot access backups belonging to other accounts, nor their own accounts. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_source_repo_oauth_configured - aws_ec2_instance_iam_profile_attached diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_6.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_6.yaml index 8664d4a02..c3f2de43b 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_6.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_6.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-8.6: Regular backups ML3" description: Privileged accounts (excluding backup administrator accounts) cannot access backups belonging to other accounts, nor their own accounts. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_recovery_point_manual_deletion_disabled - aws_cloudtrail_bucket_not_public diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_7.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_7.yaml index 6ad558b87..71927c3c2 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_7.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_7.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-8.7: Regular backups ML3" description: Unprivileged accounts are prevented from modifying and deleting backups. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_source_repo_oauth_configured - aws_ec2_instance_iam_profile_attached diff --git a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_8.yaml b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_8.yaml index ff0503c04..806ddb69e 100755 --- a/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_8.yaml +++ b/compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_3_8_8.yaml @@ -3,10 +3,6 @@ control-group: title: "ACSC-EE-ML3-8.8: Regular backups ML3" description: Privileged accounts (including backup administrator accounts) are prevented from modifying and deleting backups during their retention period. section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_recovery_point_manual_deletion_disabled - aws_cloudtrail_bucket_not_public diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_account.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_account.yaml index ba440b8b0..0e3688bb3 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_account.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_account.yaml @@ -3,10 +3,6 @@ control-group: title: Account description: This section contains recommendations for configuring Account resources. section-code: account - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_alternate_contact_security_registered - aws_account_part_of_organizations diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_acm.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_acm.yaml index 578cccec9..57eca858a 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_acm.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_acm.yaml @@ -3,10 +3,6 @@ control-group: title: ACM description: This section contains recommendations for configuring ACM resources. section-code: acm - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_acm_certificate_no_failed_certificate diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_apigateway.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_apigateway.yaml index 155c28e9a..487a2e894 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_apigateway.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_apigateway.yaml @@ -3,10 +3,6 @@ control-group: title: API Gateway description: This section contains recommendations for configuring API Gateway resources. section-code: apigateway - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_api_gateway_method_authorization_type_configured - aws_api_gateway_method_request_parameter_validated diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_appstream.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_appstream.yaml index e73abca2f..46f6867c4 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_appstream.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_appstream.yaml @@ -3,10 +3,6 @@ control-group: title: AppStream description: This section contains recommendations for configuring AppStream resources. section-code: appstream - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_appstream_fleet_default_internet_access_disabled - aws_appstream_fleet_idle_disconnect_timeout_600_seconds diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_appsync.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_appsync.yaml index 1ef71552c..dee85e601 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_appsync.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_appsync.yaml @@ -3,9 +3,5 @@ control-group: title: AppSync description: This section contains recommendations for configuring AppSync resources. section-code: appsync - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_appsync_graphql_api_field_level_logging_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_athena.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_athena.yaml index 14edbdc38..710a30087 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_athena.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_athena.yaml @@ -3,10 +3,6 @@ control-group: title: Athena description: This section contains recommendations for configuring Athena resources. section-code: athena - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_athena_workgroup_encryption_at_rest_enabled - aws_athena_workgroup_enforce_configuration_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_autoscaling.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_autoscaling.yaml index dd942a4ee..02fe47630 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_autoscaling.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_autoscaling.yaml @@ -3,10 +3,6 @@ control-group: title: Auto Scaling description: This section contains recommendations for configuring Auto Scaling resources. section-code: autoscaling - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_ec2_launch_configuration_no_sensitive_data - aws_autoscaling_group_multiple_az_configured diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_backup.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_backup.yaml index 2c403aca2..ba8756821 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_backup.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_backup.yaml @@ -3,10 +3,6 @@ control-group: title: Backup description: This section contains recommendations for configuring Backup resources. section-code: backup - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_plan_region_configured diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudformation.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudformation.yaml index 88925167e..d5305c066 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudformation.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudformation.yaml @@ -3,10 +3,6 @@ control-group: title: CloudFormation description: This section contains recommendations for configuring CloudFormation resources. section-code: cloudformation - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudformation_stack_drift_detection_check - aws_cloudformation_stack_notifications_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudfront.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudfront.yaml index dbe1093de..2e67fac4c 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudfront.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudfront.yaml @@ -3,10 +3,6 @@ control-group: title: CloudFront description: This section contains recommendations for configuring CloudFront resources. section-code: cloudfront - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudfront_distribution_configured_with_origin_failover - aws_cloudfront_distribution_custom_origins_encryption_in_transit_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudtrail.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudtrail.yaml index 1f95fbcad..4f40022ff 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudtrail.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudtrail.yaml @@ -3,10 +3,6 @@ control-group: title: CloudTrail description: This section contains recommendations for configuring CloudTrail resources. section-code: cloudtrail - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_bucket_not_public - aws_cloudtrail_multi_region_read_write_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudwatch.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudwatch.yaml index 67f261dfb..15ce8bafc 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudwatch.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_cloudwatch.yaml @@ -3,10 +3,6 @@ control-group: title: CloudWatch description: This section contains recommendations for configuring CloudWatch resources. section-code: cloudwatch - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_alarm_action_enabled - aws_cloudwatch_alarm_action_enabled_check diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_codebuild.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_codebuild.yaml index b983d7d13..bd9c569df 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_codebuild.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_codebuild.yaml @@ -3,10 +3,6 @@ control-group: title: CodeBuild description: This section contains recommendations for configuring CodeBuild resources. section-code: codebuild - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_artifact_encryption_enabled - aws_codebuild_project_build_greater_then_90_days diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_codedeploy.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_codedeploy.yaml index 27a953afc..a611df3f4 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_codedeploy.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_codedeploy.yaml @@ -3,7 +3,3 @@ control-group: title: CodeDeploy description: This section contains recommendations for configuring CodeDeploy resources. section-code: codedeploy - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_config.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_config.yaml index af0af2a7f..7ca5dcaa5 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_config.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_config.yaml @@ -3,10 +3,6 @@ control-group: title: Config description: This section contains recommendations for configuring Config resources. section-code: config - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_config_configuration_recorder_no_failed_deliver_logs - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dax.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dax.yaml index 40952aa95..8db0cf2d8 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dax.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dax.yaml @@ -3,9 +3,5 @@ control-group: title: DAX description: This section contains recommendations for configuring DAX resources. section-code: dax - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dax_cluster_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_directoryservice.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_directoryservice.yaml index a6f8fbeb2..a4cf36f05 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_directoryservice.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_directoryservice.yaml @@ -3,10 +3,6 @@ control-group: title: Directory Service description: This section contains recommendations for configuring Directory Service resources. section-code: directoryservice - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_directory_service_certificate_expires_90_days - aws_directory_service_directory_snapshots_limit_2 diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dlm.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dlm.yaml index a175e71a7..cca2bf68a 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dlm.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dlm.yaml @@ -3,9 +3,5 @@ control-group: title: DLM description: This section contains recommendations for configuring DLM resources. section-code: dlm - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dlm_ebs_snapshot_lifecycle_policy_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dms.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dms.yaml index 0fece0f78..f044e8647 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dms.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dms.yaml @@ -3,10 +3,6 @@ control-group: title: DMS description: This section contains recommendations for configuring DMS resources. section-code: dms - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_certificate_not_expired - aws_dms_endpoint_ssl_configured diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_docdb.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_docdb.yaml index 97ff15c6f..bc16572ef 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_docdb.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_docdb.yaml @@ -3,10 +3,6 @@ control-group: title: DocumentDB description: This section contains recommendations for configuring DocumentDB resources. section-code: docdb - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_docdb_cluster_backup_retention_period_7_days - aws_docdb_cluster_deletion_protection_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_drs.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_drs.yaml index 5fb5a2d9d..2671358af 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_drs.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_drs.yaml @@ -3,9 +3,5 @@ control-group: title: DRS description: This section contains recommendations for configuring DRS resources. section-code: drs - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_drs_job_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dynamodb.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dynamodb.yaml index 1eac0508d..b68e71c84 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dynamodb.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_dynamodb.yaml @@ -3,10 +3,6 @@ control-group: title: DynamoDB description: This section contains recommendations for configuring DynamoDB resources. section-code: dynamodb - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_dynamodb_table_deletion_protection_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ebs.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ebs.yaml index c70bd06b5..c57cebf9b 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ebs.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ebs.yaml @@ -3,10 +3,6 @@ control-group: title: EBS description: This section contains recommendations for configuring EBS resources. section-code: ebs - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ebs_attached_volume_delete_on_termination_enabled - aws_ebs_attached_volume_encryption_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ec2.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ec2.yaml index 3dec72fb3..3721b370c 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ec2.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ec2.yaml @@ -3,10 +3,6 @@ control-group: title: EC2 description: This section contains recommendations for configuring EC2 resources. section-code: ec2 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_ami_ebs_encryption_enabled - aws_ec2_ami_not_older_than_90_days diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ecr.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ecr.yaml index 7dfc4ddac..803e6312f 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ecr.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ecr.yaml @@ -3,10 +3,6 @@ control-group: title: ECR description: This section contains recommendations for configuring ECR resources. section-code: ecr - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecr_repository_image_scan_on_push_enabled - aws_ecr_repository_lifecycle_policy_configured diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ecs.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ecs.yaml index 3cf96f481..fd2cca4ff 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ecs.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ecs.yaml @@ -3,10 +3,6 @@ control-group: title: ECS description: This section contains recommendations for configuring ECS resources. section-code: ecs - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_cluster_container_insights_enabled - aws_ecs_cluster_container_instance_agent_connected diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_efs.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_efs.yaml index 2a8cda3dc..45c0dc568 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_efs.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_efs.yaml @@ -3,10 +3,6 @@ control-group: title: EFS description: This section contains recommendations for configuring EFS resources. section-code: efs - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_efs_access_point_enforce_root_directory - aws_efs_access_point_enforce_user_identity diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_eks.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_eks.yaml index 2d12844f1..95231afe8 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_eks.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_eks.yaml @@ -3,10 +3,6 @@ control-group: title: EKS description: This section contains recommendations for configuring EKS resources. section-code: eks - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_eks_cluster_control_plane_audit_logging_enabled - aws_eks_cluster_endpoint_public_access_restricted diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_elasticache.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_elasticache.yaml index 136ecc708..82b0a03a7 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_elasticache.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_elasticache.yaml @@ -3,10 +3,6 @@ control-group: title: ElastiCache description: This section contains recommendations for configuring ElastiCache resources. section-code: elasticache - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elasticache_cluster_auto_minor_version_upgrade_enabled - aws_elasticache_cluster_no_default_subnet_group diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_elasticbeanstalk.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_elasticbeanstalk.yaml index 539665130..4f3dbb6e2 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_elasticbeanstalk.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_elasticbeanstalk.yaml @@ -3,10 +3,6 @@ control-group: title: Elastic Beanstalk description: This section contains recommendations for configuring Elastic Beanstalk resources. section-code: elasticbeanstalk - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elastic_beanstalk_enhanced_health_reporting_enabled - aws_elastic_beanstalk_environment_logs_to_cloudwatch diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_elb.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_elb.yaml index e40b6c22c..70e7c456e 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_elb.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_elb.yaml @@ -3,10 +3,6 @@ control-group: title: ELB description: This section contains recommendations for configuring ELB resources. section-code: elb - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_classic_lb_connection_draining_enabled - aws_elb_application_classic_lb_logging_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_emr.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_emr.yaml index 64319c684..17366fd6a 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_emr.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_emr.yaml @@ -3,10 +3,6 @@ control-group: title: EMR description: This section contains recommendations for configuring EMR resources. section-code: emr - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_emr_account_public_access_blocked - aws_emr_cluster_encryption_at_rest_with_sse_kms diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_es.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_es.yaml index 8dd076ab2..aa865cbde 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_es.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_es.yaml @@ -3,10 +3,6 @@ control-group: title: Elasticsearch description: This section contains recommendations for configuring Elasticsearch resources. section-code: es - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_es_domain_audit_logging_enabled - aws_es_domain_cognito_authentication_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_eventbridge.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_eventbridge.yaml index 7c2212c8f..2e26dd640 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_eventbridge.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_eventbridge.yaml @@ -3,9 +3,5 @@ control-group: title: EventBridge description: This section contains recommendations for configuring EventBridge resources. section-code: eventbridge - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_eventbridge_custom_bus_resource_based_policy_attached diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_fsx.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_fsx.yaml index 45926ac6d..bf1750602 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_fsx.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_fsx.yaml @@ -3,10 +3,6 @@ control-group: title: FSx description: This section contains recommendations for configuring FSx resources. section-code: fsx - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_fsx_file_system_copy_tags_to_backup_and_volume_enabled - aws_fsx_file_system_protected_by_backup_plan diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_glacier.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_glacier.yaml index 4f868a801..b9d89ab1a 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_glacier.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_glacier.yaml @@ -3,9 +3,5 @@ control-group: title: Glacier description: This section contains recommendations for configuring Glacier resources. section-code: glacier - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_glacier_vault_restrict_public_access diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_glue.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_glue.yaml index e899c622a..3a6f6d598 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_glue.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_glue.yaml @@ -3,10 +3,6 @@ control-group: title: Glue description: This section contains recommendations for configuring Glue resources. section-code: glue - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_glue_connection_ssl_enabled - aws_glue_data_catalog_encryption_settings_metadata_encryption_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_guardduty.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_guardduty.yaml index 0f7e56a1c..ab26b981f 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_guardduty.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_guardduty.yaml @@ -3,10 +3,6 @@ control-group: title: GuardDuty description: This section contains recommendations for configuring GuardDuty resources. section-code: guardduty - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_iam.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_iam.yaml index fcef2e5db..d4e804970 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_iam.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_iam.yaml @@ -3,10 +3,6 @@ control-group: title: IAM description: This section contains recommendations for configuring IAM resources. section-code: iam - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_access_analyzer_enabled - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_kinesis.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_kinesis.yaml index 24afc80d4..c317a2509 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_kinesis.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_kinesis.yaml @@ -3,10 +3,6 @@ control-group: title: Kinesis description: This section contains recommendations for configuring Kinesis resources. section-code: kinesis - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_kinesis_firehose_delivery_stream_server_side_encryption_enabled - aws_kinesis_stream_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_kms.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_kms.yaml index 9f325afdc..cb7dcefba 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_kms.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_kms.yaml @@ -3,10 +3,6 @@ control-group: title: KMS description: This section contains recommendations for configuring KMS resources. section-code: kms - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_kms_cmk_policy_prohibit_public_access - aws_kms_cmk_rotation_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_lambda.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_lambda.yaml index d83d11c6d..ca95718c2 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_lambda.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_lambda.yaml @@ -3,10 +3,6 @@ control-group: title: Lambda description: This section contains recommendations for configuring Lambda resources. section-code: lambda - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_lambda_function_cloudtrail_logging_enabled - aws_lambda_function_cloudwatch_insights_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_lightsail.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_lightsail.yaml index cf9b88f11..febf72d1d 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_lightsail.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_lightsail.yaml @@ -3,9 +3,5 @@ control-group: title: Lightsail description: This section contains recommendations for configuring Lightsail resources. section-code: lightsail - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_lightsail_instance_ipv6_networking_disabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_mq.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_mq.yaml index 45cf311b1..ef0fe3305 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_mq.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_mq.yaml @@ -3,9 +3,5 @@ control-group: title: MQ description: This section contains recommendations for configuring MQ resources. section-code: mq - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_mq_broker_restrict_public_access diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_msk.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_msk.yaml index 660582375..cc2409448 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_msk.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_msk.yaml @@ -3,9 +3,5 @@ control-group: title: MSK description: This section contains recommendations for configuring MSK resources. section-code: msk - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_msk_cluster_encryption_in_transit_with_tls_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_neptune.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_neptune.yaml index 8a297d288..f81ddfe6f 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_neptune.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_neptune.yaml @@ -3,10 +3,6 @@ control-group: title: Neptune description: This section contains recommendations for configuring Neptune resources. section-code: neptune - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_neptune_db_cluster_audit_logging_enabled - aws_neptune_db_cluster_automated_backup_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_networkfirewall.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_networkfirewall.yaml index 34dbb8883..71f00c337 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_networkfirewall.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_networkfirewall.yaml @@ -3,10 +3,6 @@ control-group: title: Network Firewall description: This section contains recommendations for configuring Network Firewall resources. section-code: networkfirewall - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_networkfirewall_firewall_deletion_protection_enabled - aws_networkfirewall_firewall_in_vpc diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_opensearch.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_opensearch.yaml index 9179811bf..695f20275 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_opensearch.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_opensearch.yaml @@ -3,10 +3,6 @@ control-group: title: OpenSearch description: This section contains recommendations for configuring OpenSearch resources. section-code: opensearch - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_opensearch_domain_audit_logging_enabled - aws_opensearch_domain_cognito_authentication_enabled_for_kibana diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_organization.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_organization.yaml index 1934eafc1..3e180bbac 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_organization.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_organization.yaml @@ -3,9 +3,5 @@ control-group: title: Organization description: This section contains recommendations for configuring Organization resources. section-code: organization - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_organizational_tag_policies_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_pca.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_pca.yaml index 27aecb09e..5d84ab37e 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_pca.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_pca.yaml @@ -3,9 +3,5 @@ control-group: title: Private Certificate Authority description: This section contains recommendations for configuring Private Certificate Authority resources. section-code: pca - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acmpca_root_certificate_authority_disabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_rds.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_rds.yaml index efd539c68..fc202e036 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_rds.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_rds.yaml @@ -3,10 +3,6 @@ control-group: title: RDS description: This section contains recommendations for configuring RDS resources. section-code: rds - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_cluster_aurora_backtracking_enabled - aws_rds_db_cluster_aurora_mysql_audit_logging_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_redshift.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_redshift.yaml index c9fefa8d4..2d5fae270 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_redshift.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_redshift.yaml @@ -3,10 +3,6 @@ control-group: title: Redshift description: This section contains recommendations for configuring Redshift resources. section-code: redshift - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_redshift_cluster_audit_logging_enabled - aws_redshift_cluster_automatic_snapshots_min_7_days diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_route53.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_route53.yaml index c5983f101..9a4c556da 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_route53.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_route53.yaml @@ -3,10 +3,6 @@ control-group: title: Route 53 description: This section contains recommendations for configuring Route 53 resources. section-code: route53 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_route53_domain_auto_renew_enabled - aws_route53_domain_expires_30_days diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_s3.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_s3.yaml index 99151a52c..766f0a5ed 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_s3.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_s3.yaml @@ -3,10 +3,6 @@ control-group: title: S3 description: This section contains recommendations for configuring S3 resources. section-code: s3 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_s3_access_point_restrict_public_access - aws_s3_bucket_acls_should_prohibit_user_access diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sagemaker.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sagemaker.yaml index 3aad5fed3..72b5f7da0 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sagemaker.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sagemaker.yaml @@ -3,10 +3,6 @@ control-group: title: SageMaker description: This section contains recommendations for configuring SageMaker resources. section-code: sagemaker - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_sagemaker_endpoint_configuration_encryption_at_rest_enabled - aws_sagemaker_model_in_vpc diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_secretsmanager.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_secretsmanager.yaml index fb65a300c..ef510089d 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_secretsmanager.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_secretsmanager.yaml @@ -3,10 +3,6 @@ control-group: title: Secrets Manager description: This section contains recommendations for configuring Secrets Manager resources. section-code: secretsmanager - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_secretsmanager_secret_automatic_rotation_enabled - aws_secretsmanager_secret_automatic_rotation_lambda_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_securityhub.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_securityhub.yaml index a63c86bc6..d31884714 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_securityhub.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_securityhub.yaml @@ -3,9 +3,5 @@ control-group: title: Security Hub description: This section contains recommendations for configuring Security Hub resources. section-code: securityhub - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sfn.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sfn.yaml index fa23f0e84..f59ff20ea 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sfn.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sfn.yaml @@ -3,9 +3,5 @@ control-group: title: Step Functions description: This section contains recommendations for configuring Step Functions resources. section-code: sfn - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_sfn_state_machine_logging_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sns.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sns.yaml index 87200c08c..955136ecd 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sns.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sns.yaml @@ -3,10 +3,6 @@ control-group: title: SNS description: This section contains recommendations for configuring SNS resources. section-code: sns - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_sns_topic_encrypted_at_rest - aws_sns_topic_notification_delivery_status_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sqs.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sqs.yaml index 739e4aec4..ab380608d 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sqs.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_sqs.yaml @@ -3,10 +3,6 @@ control-group: title: SQS description: This section contains recommendations for configuring SQS resources. section-code: sqs - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_sqs_queue_dead_letter_queue_configured - aws_sqs_queue_encrypted_at_rest diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ssm.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ssm.yaml index d05805127..31102cf2b 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ssm.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_ssm.yaml @@ -3,10 +3,6 @@ control-group: title: SSM description: This section contains recommendations for configuring SSM resources. section-code: ssm - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_document_prohibit_public_access diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_vpc.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_vpc.yaml index 89d054547..eb6e66be4 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_vpc.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_vpc.yaml @@ -3,10 +3,6 @@ control-group: title: VPC description: This section contains recommendations for configuring VPC resources. section-code: vpc - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_vpc_configured_to_use_vpc_endpoints - aws_vpc_default_security_group_restricts_all_traffic diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_waf.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_waf.yaml index b13953cf3..a3934232b 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_waf.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_waf.yaml @@ -3,10 +3,6 @@ control-group: title: WAF description: This section contains recommendations for configuring WAF resources. section-code: waf - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_waf_regional_rule_condition_attached - aws_waf_regional_rule_group_rule_attached diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_wafv2.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_wafv2.yaml index ae83eb04d..b7e2f3904 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_wafv2.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_wafv2.yaml @@ -3,10 +3,6 @@ control-group: title: WAFv2 description: This section contains recommendations for configuring WAFv2 resources. section-code: wafv2 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_wafv2_rule_group_logging_enabled - aws_wafv2_web_acl_logging_enabled diff --git a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_workspaces.yaml b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_workspaces.yaml index d6223ac77..ce1ffb66d 100755 --- a/compliance/frameworks/aws/aws_all_controls/aws_all_controls_workspaces.yaml +++ b/compliance/frameworks/aws/aws_all_controls/aws_all_controls_workspaces.yaml @@ -3,9 +3,5 @@ control-group: title: WorkSpaces description: This section contains recommendations for configuring WorkSpaces resources. section-code: workspaces - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_workspaces_workspace_volume_encryption_enabled diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_instances.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_instances.yaml index 4c3b71722..8757cdd71 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_instances.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_instances.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_audit_manager_control_tower_disallow_instances_5_0_1 - id: aws_audit_manager_control_tower_disallow_instances_5_1_1 diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_instances_5_0_1.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_instances_5_0_1.yaml index d1813194a..dd5738581 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_instances_5_0_1.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_instances_5_0_1.yaml @@ -18,9 +18,5 @@ control-group: - AWS/RDS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_instance_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_instances_5_1_1.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_instances_5_1_1.yaml index a5a77e109..9be5190e8 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_instances_5_1_1.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_instances_5_1_1.yaml @@ -18,9 +18,5 @@ control-group: - AWS/S3 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_s3_bucket_versioning_enabled diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_internet_connection.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_internet_connection.yaml index 6e5b2b775..cf17f534a 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_internet_connection.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_internet_connection.yaml @@ -16,10 +16,6 @@ control-group: - AWS/VPC type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_audit_manager_control_tower_disallow_internet_connection_2_0_1 - id: aws_audit_manager_control_tower_disallow_internet_connection_2_0_2 diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_internet_connection_2_0_1.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_internet_connection_2_0_1.yaml index c9e470340..4456c334c 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_internet_connection_2_0_1.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_internet_connection_2_0_1.yaml @@ -18,9 +18,5 @@ control-group: - AWS/VPC type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_vpc_security_group_restrict_ingress_common_ports_all diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_internet_connection_2_0_2.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_internet_connection_2_0_2.yaml index ffc43bb2e..827b46e97 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_internet_connection_2_0_2.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_internet_connection_2_0_2.yaml @@ -18,9 +18,5 @@ control-group: - AWS/VPC type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_vpc_security_group_restrict_ingress_ssh_all diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access.yaml index f2fff9df5..07a9240b3 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_audit_manager_control_tower_disallow_public_access_4_0_1 - id: aws_audit_manager_control_tower_disallow_public_access_4_0_2 diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_0_1.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_0_1.yaml index 320c66a89..4ca36f4f3 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_0_1.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_0_1.yaml @@ -18,9 +18,5 @@ control-group: - AWS/RDS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_instance_prohibit_public_access diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_0_2.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_0_2.yaml index bc3513ca1..309bd9766 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_0_2.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_0_2.yaml @@ -18,9 +18,5 @@ control-group: - AWS/RDS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_snapshot_prohibit_public_access diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_1_1.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_1_1.yaml index 9b764fda0..1e093379d 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_1_1.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_1_1.yaml @@ -18,9 +18,5 @@ control-group: - AWS/S3 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_s3_bucket_restrict_public_read_access diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_1_2.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_1_2.yaml index 0f3290de4..0c10b5071 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_1_2.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_disallow_public_access_4_1_2.yaml @@ -18,9 +18,5 @@ control-group: - AWS/S3 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_s3_bucket_restrict_public_write_access diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks.yaml index 50ffdcbc6..156d8c5cc 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks.yaml @@ -16,10 +16,6 @@ control-group: - AWS/EBS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_audit_manager_control_tower_ebs_checks_1_0_1 - id: aws_audit_manager_control_tower_ebs_checks_1_0_2 diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks_1_0_1.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks_1_0_1.yaml index 62cdcc823..b0a8a3fc0 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks_1_0_1.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks_1_0_1.yaml @@ -18,9 +18,5 @@ control-group: - AWS/EBS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ebs_optimized diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks_1_0_2.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks_1_0_2.yaml index 589b6cb03..489d3be95 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks_1_0_2.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks_1_0_2.yaml @@ -18,9 +18,5 @@ control-group: - AWS/EBS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ebs_volume_unused diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks_1_0_3.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks_1_0_3.yaml index c709dc9b4..e289369f8 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks_1_0_3.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_ebs_checks_1_0_3.yaml @@ -18,9 +18,5 @@ control-group: - AWS/EBS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ebs_attached_volume_encryption_enabled diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication.yaml index 02ee0d769..ac9b7a662 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication.yaml @@ -16,10 +16,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_audit_manager_control_tower_multi_factor_authentication_3_0_1 - id: aws_audit_manager_control_tower_multi_factor_authentication_3_0_2 diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication_3_0_1.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication_3_0_1.yaml index c82d35d31..dd039cdf4 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication_3_0_1.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication_3_0_1.yaml @@ -18,9 +18,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication_3_0_2.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication_3_0_2.yaml index 01121c69d..a0fe61571 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication_3_0_2.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication_3_0_2.yaml @@ -18,9 +18,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_user_console_access_mfa_enabled diff --git a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication_3_0_3.yaml b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication_3_0_3.yaml index d3c3140d2..7bdea9e2b 100755 --- a/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication_3_0_3.yaml +++ b/compliance/frameworks/aws/aws_audit_manager_control_tower/aws_audit_manager_control_tower_multi_factor_authentication_3_0_3.yaml @@ -18,9 +18,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_1.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_1.yaml index cc100b1bb..bee495b32 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_1.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_controls_v8_ig1_1_1 - id: aws_cis_controls_v8_ig1_1_2 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_10.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_10.yaml index 5f910406b..d12f581ff 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_10.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_controls_v8_ig1_10_1 - id: aws_cis_controls_v8_ig1_10_2 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_10_1.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_10_1.yaml index bcd2f48b4..c985f807a 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_10_1.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_10_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_10_2.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_10_2.yaml index 88549f333..523d23fb4 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_10_2.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_10_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11.yaml index 641e2547f..58716b5ee 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_controls_v8_ig1_11_2 - id: aws_cis_controls_v8_ig1_11_3 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11_2.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11_2.yaml index 5ab9dee4d..230384103 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11_2.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_in_backup_plan - aws_dynamodb_table_point_in_time_recovery_enabled diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11_3.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11_3.yaml index 1f2716241..3f688d0eb 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11_3.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ebs_attached_volume_encryption_enabled - aws_ec2_ebs_default_encryption_enabled diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11_4.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11_4.yaml index 23f3a9f3c..63ed1f788 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11_4.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_11_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_in_backup_plan - aws_dynamodb_table_point_in_time_recovery_enabled diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_12.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_12.yaml index 634bbeb48..c46661343 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_12.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_12.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_controls_v8_ig1_12_1 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_12_1.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_12_1.yaml index a906826a1..2c5dd1550 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_12_1.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_12_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_patch_compliant diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_1_1.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_1_1.yaml index 6f1e73b9e..2df64d615 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_1_1.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_1_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_stopped_instance_30_days - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_1_2.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_1_2.yaml index 626e6e795..98c544439 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_1_2.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_1_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_3.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_3.yaml index 916312487..0b4a9c83d 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_3.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_controls_v8_ig1_3_3 - id: aws_cis_controls_v8_ig1_3_4 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_3_3.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_3_3.yaml index 66c696624..2fcc845cd 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_3_3.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_3_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_3_4.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_3_4.yaml index 21f756a92..88f5a7185 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_3_4.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_3_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4.yaml index a12d81ab8..1614b6d96 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_controls_v8_ig1_4_1 - id: aws_cis_controls_v8_ig1_4_6 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4_1.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4_1.yaml index a9e9850b7..09528c8fd 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4_1.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_cloudtrail_security_trail_enabled diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4_6.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4_6.yaml index 896fd1c6c..d49add8e6 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4_6.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_autoscaling_group_with_lb_use_health_check diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4_7.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4_7.yaml index 011fafe8f..170234bd8 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4_7.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_4_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_mfa_enabled - aws_vpc_security_group_restrict_ingress_ssh_all diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5.yaml index 32ffd306c..e034fe631 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_controls_v8_ig1_5_2 - id: aws_cis_controls_v8_ig1_5_3 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5_2.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5_2.yaml index 3fcba6d47..b42481b68 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5_2.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5_3.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5_3.yaml index b1100736f..528a7fb6f 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5_3.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5_3.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_user_unused_credentials_90 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5_4.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5_4.yaml index e235d6049..42a20c9e5 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5_4.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_5_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_policy_no_star_star - aws_iam_root_user_no_access_keys diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_6.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_6.yaml index ced7ecbb0..5e5370e30 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_6.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_6.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_controls_v8_ig1_6_5 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_6_5.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_6_5.yaml index eafeb13c7..3a55ab9a6 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_6_5.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_6_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_mfa_enabled - aws_iam_user_console_access_mfa_enabled diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_7.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_7.yaml index d6832b4ec..be728a930 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_7.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_controls_v8_ig1_7_1 - id: aws_cis_controls_v8_ig1_7_3 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_7_1.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_7_1.yaml index 9e87eb9e2..87312ecf5 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_7_1.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_7_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_7_3.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_7_3.yaml index 7470bf862..5a20517d1 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_7_3.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_7_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_redshift_cluster_maintenance_settings_check - aws_ssm_managed_instance_compliance_patch_compliant diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_8.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_8.yaml index e9fa583ce..27e9aa0de 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_8.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_controls_v8_ig1_8_1 - id: aws_cis_controls_v8_ig1_8_2 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_8_1.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_8_1.yaml index ec898ddfb..de85ff612 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_8_1.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_8_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_8_2.yaml b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_8_2.yaml index e7a5b3cdb..4649337e6 100755 --- a/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_8_2.yaml +++ b/compliance/frameworks/aws/aws_cis_controls_v8_ig1/aws_cis_controls_v8_ig1_8_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudfront_distribution_logging_enabled diff --git a/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_1.yaml b/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_1.yaml index 8048018b9..c4707aeab 100755 --- a/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_1.yaml +++ b/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v120_1_1 - aws_cis_v120_1_2 diff --git a/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_2.yaml b/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_2.yaml index c6afd3206..fc13fb8fb 100755 --- a/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_2.yaml +++ b/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_2.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v120_2_2 - aws_cis_v120_2_3 diff --git a/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_3.yaml b/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_3.yaml index f882ceecf..46db71139 100755 --- a/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_3.yaml +++ b/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_3.yaml @@ -18,9 +18,5 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v120_3_5 diff --git a/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_4.yaml b/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_4.yaml index 5601a9cf4..a86688a57 100755 --- a/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_4.yaml +++ b/compliance/frameworks/aws/aws_cis_v120/aws_cis_v120_4.yaml @@ -18,10 +18,6 @@ control-group: - AWS/VPC type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v120_4_1 - aws_cis_v120_4_2 diff --git a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_1.yaml b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_1.yaml index 8f0f09091..4bea2487f 100755 --- a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_1.yaml +++ b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v130_1_1 - aws_cis_v130_1_2 diff --git a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_2.yaml b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_2.yaml index 8a2d95ff1..a3ed23781 100755 --- a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_2.yaml +++ b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_2.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_v130_2_1 - id: aws_cis_v130_2_2 diff --git a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_2_1.yaml b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_2_1.yaml index dcef5b0f4..b291ea19e 100755 --- a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_2_1.yaml +++ b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_2_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS/S3 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v130_2_1_1 - aws_cis_v130_2_1_2 diff --git a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_2_2.yaml b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_2_2.yaml index 6bb5d4cdc..32563e4d5 100755 --- a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_2_2.yaml +++ b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_2_2.yaml @@ -18,9 +18,5 @@ control-group: - AWS/EBS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v130_2_2_1 diff --git a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_3.yaml b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_3.yaml index 48d5f9777..80bd40dfa 100755 --- a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_3.yaml +++ b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_3.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v130_3_2 - aws_cis_v130_3_3 diff --git a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_4.yaml b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_4.yaml index 624509cad..1457ce3f7 100755 --- a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_4.yaml +++ b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_4.yaml @@ -18,10 +18,6 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v130_4_3 - aws_cis_v130_4_8 diff --git a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_5.yaml b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_5.yaml index ea77ad587..fa0b83a8d 100755 --- a/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_5.yaml +++ b/compliance/frameworks/aws/aws_cis_v130/aws_cis_v130_5.yaml @@ -18,10 +18,6 @@ control-group: - AWS/VPC type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v130_5_2 - aws_cis_v130_5_4 diff --git a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_1.yaml b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_1.yaml index be41517da..75757239c 100755 --- a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_1.yaml +++ b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v140_1_1 - aws_cis_v140_1_2 diff --git a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2.yaml b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2.yaml index 862c103f5..46df60f10 100755 --- a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2.yaml +++ b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_v140_2_1 - id: aws_cis_v140_2_2 diff --git a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2_1.yaml b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2_1.yaml index 4f38a8c4a..e7908240e 100755 --- a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2_1.yaml +++ b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS/S3 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v140_2_1_1 - aws_cis_v140_2_1_2 diff --git a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2_2.yaml b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2_2.yaml index c2eae856c..0ae80dec5 100755 --- a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2_2.yaml +++ b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2_2.yaml @@ -18,9 +18,5 @@ control-group: - AWS/EBS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v140_2_2_1 diff --git a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2_3.yaml b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2_3.yaml index dbadf7327..7476d8209 100755 --- a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2_3.yaml +++ b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_2_3.yaml @@ -18,9 +18,5 @@ control-group: - AWS/RDS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v140_2_3_1 diff --git a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_3.yaml b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_3.yaml index e5745642f..cbec155d5 100755 --- a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_3.yaml +++ b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_3.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v140_3_2 - aws_cis_v140_3_3 diff --git a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_4.yaml b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_4.yaml index e80bc3315..42d8fc803 100755 --- a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_4.yaml +++ b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_4.yaml @@ -18,10 +18,6 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v140_4_5 - aws_cis_v140_4_7 diff --git a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_5.yaml b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_5.yaml index be4117563..99a7c2dce 100755 --- a/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_5.yaml +++ b/compliance/frameworks/aws/aws_cis_v140/aws_cis_v140_5.yaml @@ -18,10 +18,6 @@ control-group: - AWS/VPC type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v140_5_1 - aws_cis_v140_5_2 diff --git a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_1.yaml b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_1.yaml index 885f33b52..de06a1dda 100755 --- a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_1.yaml +++ b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v150_1_1 - aws_cis_v150_1_2 diff --git a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2.yaml b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2.yaml index 32aa2dc8d..ecaeac815 100755 --- a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2.yaml +++ b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_v150_2_1 - id: aws_cis_v150_2_2 diff --git a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_1.yaml b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_1.yaml index 738841dc4..c6a830c6d 100755 --- a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_1.yaml +++ b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS/S3 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v150_2_1_1 - aws_cis_v150_2_1_2 diff --git a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_2.yaml b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_2.yaml index 94762ecc7..b16925f12 100755 --- a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_2.yaml +++ b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_2.yaml @@ -18,9 +18,5 @@ control-group: - AWS/EBS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v150_2_2_1 diff --git a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_3.yaml b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_3.yaml index 01d209e0d..742315645 100755 --- a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_3.yaml +++ b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_3.yaml @@ -18,10 +18,6 @@ control-group: - AWS/RDS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v150_2_3_1 - aws_cis_v150_2_3_2 diff --git a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_4.yaml b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_4.yaml index be783f359..5ec4149a2 100755 --- a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_4.yaml +++ b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_2_4.yaml @@ -18,9 +18,5 @@ control-group: - AWS/EFS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v150_2_4_1 diff --git a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_3.yaml b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_3.yaml index 2ca7336ec..d693f07a2 100755 --- a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_3.yaml +++ b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_3.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v150_3_2 - aws_cis_v150_3_3 diff --git a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_4.yaml b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_4.yaml index 16464b7ae..ac16d11bb 100755 --- a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_4.yaml +++ b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_4.yaml @@ -18,10 +18,6 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v150_4_3 - aws_cis_v150_4_5 diff --git a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_5.yaml b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_5.yaml index 0b800cbca..2ab1d081d 100755 --- a/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_5.yaml +++ b/compliance/frameworks/aws/aws_cis_v150/aws_cis_v150_5.yaml @@ -18,10 +18,6 @@ control-group: - AWS/VPC type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v150_5_2 - aws_cis_v150_5_3 diff --git a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_1.yaml b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_1.yaml index 76acf0f2a..fbb7446f1 100755 --- a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_1.yaml +++ b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v200_1_1 - aws_cis_v200_1_2 diff --git a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2.yaml b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2.yaml index 431ad5e66..940c00327 100755 --- a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2.yaml +++ b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_v200_2_1 - id: aws_cis_v200_2_2 diff --git a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_1.yaml b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_1.yaml index 46d145a6d..a48eb2448 100755 --- a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_1.yaml +++ b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS/S3 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v200_2_1_1 - aws_cis_v200_2_1_2 diff --git a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_2.yaml b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_2.yaml index 2f23f78a6..d0a27b88a 100755 --- a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_2.yaml +++ b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_2.yaml @@ -18,9 +18,5 @@ control-group: - AWS/EBS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v200_2_2_1 diff --git a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_3.yaml b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_3.yaml index faf0c1811..0dbc47578 100755 --- a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_3.yaml +++ b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_3.yaml @@ -18,10 +18,6 @@ control-group: - AWS/RDS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v200_2_3_1 - aws_cis_v200_2_3_2 diff --git a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_4.yaml b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_4.yaml index 40b9f6416..00d8881e0 100755 --- a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_4.yaml +++ b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_2_4.yaml @@ -18,9 +18,5 @@ control-group: - AWS/EFS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v200_2_4_1 diff --git a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_3.yaml b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_3.yaml index fad4382fa..38b96daea 100755 --- a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_3.yaml +++ b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_3.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v200_3_2 - aws_cis_v200_3_3 diff --git a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_4.yaml b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_4.yaml index d9717109c..d4f072ced 100755 --- a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_4.yaml +++ b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_4.yaml @@ -18,10 +18,6 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v200_4_3 - aws_cis_v200_4_6 diff --git a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_5.yaml b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_5.yaml index 8995718f2..c8d9a3c66 100755 --- a/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_5.yaml +++ b/compliance/frameworks/aws/aws_cis_v200/aws_cis_v200_5.yaml @@ -18,10 +18,6 @@ control-group: - AWS/VPC type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v200_5_2 - aws_cis_v200_5_3 diff --git a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_1.yaml b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_1.yaml index bea68b2cb..c0f3c49f7 100755 --- a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_1.yaml +++ b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v300_1_1 - aws_cis_v300_1_2 diff --git a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2.yaml b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2.yaml index c10b1439c..ed140c9d5 100755 --- a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2.yaml +++ b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cis_v300_2_1 - id: aws_cis_v300_2_2 diff --git a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_1.yaml b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_1.yaml index bff311191..d4eda6d22 100755 --- a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_1.yaml +++ b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS/S3 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v300_2_1_1 - aws_cis_v300_2_1_2 diff --git a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_2.yaml b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_2.yaml index f89073a1d..7f6207915 100755 --- a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_2.yaml +++ b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_2.yaml @@ -18,9 +18,5 @@ control-group: - AWS/EBS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v300_2_2_1 diff --git a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_3.yaml b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_3.yaml index d91e3b7eb..684b70712 100755 --- a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_3.yaml +++ b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_3.yaml @@ -18,10 +18,6 @@ control-group: - AWS/RDS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v300_2_3_1 - aws_cis_v300_2_3_2 diff --git a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_4.yaml b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_4.yaml index 1d0da7193..1607da9c3 100755 --- a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_4.yaml +++ b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_2_4.yaml @@ -18,9 +18,5 @@ control-group: - AWS/EFS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v300_2_4_1 diff --git a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_3.yaml b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_3.yaml index ec5c7da1c..796b2eedc 100755 --- a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_3.yaml +++ b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_3.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v300_3_2 - aws_cis_v300_3_3 diff --git a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_4.yaml b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_4.yaml index 61b3a3f42..7afda3082 100755 --- a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_4.yaml +++ b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_4.yaml @@ -18,7 +18,3 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false diff --git a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_5.yaml b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_5.yaml index 9c0fcde3c..cacb10aa1 100755 --- a/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_5.yaml +++ b/compliance/frameworks/aws/aws_cis_v300/aws_cis_v300_5.yaml @@ -18,10 +18,6 @@ control-group: - AWS/VPC type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cis_v300_5_2 - aws_cis_v300_5_3 diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first.yaml index 59b5b98e1..c4ecdb717 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cisa_cyber_essentials_booting_up_things_to_do_first_1 - id: aws_cisa_cyber_essentials_booting_up_things_to_do_first_2 diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first_1.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first_1.yaml index 13a162ef7..b07de21e8 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first_1.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first_2.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first_2.yaml index 9d3a7b94f..29a46bed0 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first_2.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first_3.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first_3.yaml index 9781591ec..7b1aa1a2a 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first_3.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_booting_up_things_to_do_first_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_instance_automatic_minor_version_upgrade_enabled - aws_redshift_cluster_maintenance_settings_check diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_crisis_response.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_crisis_response.yaml index 98a6c05a7..3eb628224 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_crisis_response.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_crisis_response.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cisa_cyber_essentials_your_crisis_response_2 diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_crisis_response_2.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_crisis_response_2.yaml index 4f520de00..d2b37fd45 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_crisis_response_2.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_crisis_response_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data.yaml index a16a1bd47..7f09514cc 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cisa_cyber_essentials_your_data_1 - id: aws_cisa_cyber_essentials_your_data_2 diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_1.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_1.yaml index b8100362f..6a6ab686c 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_1.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_2.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_2.yaml index c23f02f42..881fda507 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_2.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_apigateway_rest_api_stage_use_ssl_certificate diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_3.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_3.yaml index 764531305..47203f94d 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_3.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_3.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elb_application_lb_waf_enabled diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_4.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_4.yaml index 06eb43499..4a2df81c5 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_4.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_5.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_5.yaml index 414986361..f73886be3 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_5.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_data_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_recovery_point_encryption_enabled - aws_backup_recovery_point_manual_deletion_disabled diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings.yaml index 3c199b683..c15f9f31c 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cisa_cyber_essentials_your_surroundings_1 - id: aws_cisa_cyber_essentials_your_surroundings_2 diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_1.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_1.yaml index fe6d5f6a5..398032baf 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_1.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_vpc_eip_associated - aws_vpc_flow_logs_enabled diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_2.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_2.yaml index 5688e8149..a65399c3f 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_2.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_3.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_3.yaml index 57ab1d564..d5852f433 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_3.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elb_application_network_lb_use_ssl_certificate - aws_iam_group_user_role_no_inline_policies diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_4.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_4.yaml index 5d473bdcc..cb06f24ff 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_4.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_surroundings_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems.yaml index 45d2d6294..19aa6a385 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_cisa_cyber_essentials_your_systems_1 - id: aws_cisa_cyber_essentials_your_systems_2 diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems_1.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems_1.yaml index 8a1bc2818..f77859c6f 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems_1.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ebs_volume_unused - aws_ec2_instance_ssm_managed diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems_2.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems_2.yaml index d9fef97a9..74f189910 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems_2.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_instance_automatic_minor_version_upgrade_enabled - aws_redshift_cluster_maintenance_settings_check diff --git a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems_3.yaml b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems_3.yaml index 9f1dda78f..538209fa2 100755 --- a/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems_3.yaml +++ b/compliance/frameworks/aws/aws_cisa_cyber_essentials/aws_cisa_cyber_essentials_your_systems_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_apigateway_stage_cache_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac.yaml index 357289556..a32da32e6 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_low_rev_4_ac_2 - id: aws_fedramp_low_rev_4_ac_3 diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac_17.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac_17.yaml index 216b05272..80916bc11 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac_17.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac_17.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac_2.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac_2.yaml index 73160cbd9..53a95703f 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac_3.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac_3.yaml index 1858cc08a..190ac2d60 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac_3.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ac_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au.yaml index 882865f91..49612352f 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_low_rev_4_au_2 - id: aws_fedramp_low_rev_4_au_9 diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au_11.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au_11.yaml index 97ddcb197..5ee7f205f 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au_11.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au_11.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au_2.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au_2.yaml index 6eab5b5ec..2f1bf329c 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au_9.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au_9.yaml index 01e7f6350..38b1edadb 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au_9.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_au_9.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ca.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ca.yaml index c7eb990fc..07f444a7f 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ca.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ca.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_low_rev_4_ca_7 diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ca_7.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ca_7.yaml index 334d37092..1d272c8cc 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ca_7.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ca_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cm.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cm.yaml index d606b006e..aa9d6c3c6 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cm.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cm.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_low_rev_4_cm_2 - id: aws_fedramp_low_rev_4_cm_8 diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cm_2.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cm_2.yaml index 1ee063440..1f090047a 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cm_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cm_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_use_waf_web_acl - aws_autoscaling_launch_config_public_ip_disabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cm_8.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cm_8.yaml index 2d63ab765..07870d975 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cm_8.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cm_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cp.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cp.yaml index 07d9c0122..47a8bf8f0 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cp.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cp.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_low_rev_4_cp_9 - id: aws_fedramp_low_rev_4_cp_10 diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cp_10.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cp_10.yaml index 4b9f8a355..bba207ea9 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cp_10.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cp_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_dynamodb_table_auto_scaling_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cp_9.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cp_9.yaml index 01f51a70d..41957cd60 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cp_9.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_cp_9.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_dynamodb_table_point_in_time_recovery_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ia.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ia.yaml index 3f10055a2..5a24788aa 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ia.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ia.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_low_rev_4_ia_2 diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ia_2.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ia_2.yaml index 6aa530dee..0822f760f 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ia_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ia_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 - aws_iam_root_user_hardware_mfa_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ir.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ir.yaml index 6b2280de6..f1adf7588 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ir.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ir.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_low_rev_4_ir_4 diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ir_4.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ir_4.yaml index ae0088e72..9a834704b 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ir_4.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_ir_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sa.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sa.yaml index c1f971c7a..0f3adfa27 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sa.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sa.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_low_rev_4_sa_3 diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sa_3.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sa_3.yaml index 32aa15c36..8e08598d0 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sa_3.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sa_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values - aws_codebuild_project_source_repo_oauth_configured diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc.yaml index 75d50fb3a..00acbccc6 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_low_rev_4_sc_5 - id: aws_fedramp_low_rev_4_sc_7 diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_12.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_12.yaml index 214921432..d147ec3cd 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_12.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_kms_cmk_rotation_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_13.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_13.yaml index 1a9224b09..ce7b5d193 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_13.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_13.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_kms_key_not_pending_deletion - aws_redshift_cluster_kms_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_5.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_5.yaml index 90026b7d1..484809a7a 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_5.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_dynamodb_table_auto_scaling_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_7.yaml b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_7.yaml index 1eaf25ff1..d27dc373b 100755 --- a/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_7.yaml +++ b/compliance/frameworks/aws/aws_fedramp_low_rev_4/aws_fedramp_low_rev_4_sc_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac.yaml index 28bc38276..4ac0e1858 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ac_2 - id: aws_fedramp_moderate_rev_4_ac_3 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_17.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_17.yaml index 47eac8110..167d7a71c 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_17.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_17.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ac_17_1 - id: aws_fedramp_moderate_rev_4_ac_17_2 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_17_1.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_17_1.yaml index bd7f04879..070b4f4af 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_17_1.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_17_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_17_2.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_17_2.yaml index ef85deb32..52789e915 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_17_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_17_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2.yaml index bc316cd40..c9f1b311f 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ac_2_1 - id: aws_fedramp_moderate_rev_4_ac_2_4 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_21.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_21.yaml index b9f9e74a5..4a1955d2a 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_21.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_21.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ac_21_b diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_21_b.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_21_b.yaml index 38f40f9c8..9fa3f464c 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_21_b.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_21_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_1.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_1.yaml index da38a2f95..93e2a7f81 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_1.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_12.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_12.yaml index bf64a238a..145b134b8 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_12.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_12.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ac_2_12_a diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_12_a.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_12_a.yaml index f22907fc4..5ee52d00f 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_12_a.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_12_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_3.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_3.yaml index a39186ec4..e04c9cd2e 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_3.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 - aws_iam_user_unused_credentials_90 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_4.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_4.yaml index f9ab94f66..000eaa1e5 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_4.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_f.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_f.yaml index 45ed44c3b..6897c764f 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_f.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_f.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 - aws_iam_all_policy_no_service_wild_card diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_g.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_g.yaml index 00bfa0ebb..031bd4df9 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_g.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_g.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_j.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_j.yaml index 58cb79df5..304970a68 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_j.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_2_j.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_task_definition_user_for_host_mode_check - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_3.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_3.yaml index 3d8949028..1716878c7 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_3.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_4.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_4.yaml index 54773ae47..c6e738b7d 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_4.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_5.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_5.yaml index 9383dea48..95d97f0db 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_5.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_5.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ac_5_c diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_5_c.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_5_c.yaml index 77b5a3f6f..45549ec40 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_5_c.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_5_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_task_definition_user_for_host_mode_check - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_6.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_6.yaml index d32876f40..dda1b76ce 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_6.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ac_6_10 controls: diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_6_10.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_6_10.yaml index 601f89e0d..e3843b562 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_6_10.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ac_6_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_all_policy_no_service_wild_card - aws_iam_policy_no_star_star diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au.yaml index 148343ae1..fe2f435d3 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_au_2 - id: aws_fedramp_moderate_rev_4_au_3 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_11.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_11.yaml index a522a4f17..9353a9a8b 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_11.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_11.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_12.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_12.yaml index fde3b68cb..72f3267d1 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_12.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_12.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_au_12_a_c diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_12_a_c.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_12_a_c.yaml index 6dfbe508a..1b4b4d6f0 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_12_a_c.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_12_a_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_2.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_2.yaml index 609d69a08..88473d3d1 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_au_2_a_d diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_2_a_d.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_2_a_d.yaml index 779df5448..bfb148496 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_2_a_d.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_2_a_d.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_3.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_3.yaml index 06a9cace3..7eea0195c 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_3.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_6.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_6.yaml index fad43f36f..acfd56bb9 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_6.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_6.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_au_6_1_3 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_6_1_3.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_6_1_3.yaml index 51879d399..71852143e 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_6_1_3.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_6_1_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_7.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_7.yaml index 5148a96e1..bfcf9fcde 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_7.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_au_7_1 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_7_1.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_7_1.yaml index 8820a1c27..286121140 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_7_1.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_7_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_9.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_9.yaml index 0bdf3a490..54aa3ba40 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_9.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_9.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_au_9_2 controls: diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_9_2.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_9_2.yaml index 8bbde2563..4a17764a8 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_9_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_au_9_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/S3 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_s3_bucket_cross_region_replication_enabled - aws_s3_bucket_versioning_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ca.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ca.yaml index 566607ba1..833e36a32 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ca.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ca.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ca_7 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ca_7.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ca_7.yaml index 86552bf2d..6bdaa6550 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ca_7.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ca_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ca_7_a_b diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ca_7_a_b.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ca_7_a_b.yaml index b8fb3f1af..a37ed87f1 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ca_7_a_b.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ca_7_a_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm.yaml index 1bd244638..209a0640b 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_cm_2 - id: aws_fedramp_moderate_rev_4_cm_7 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_2.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_2.yaml index e409a278f..4bf5b3022 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_use_waf_web_acl - aws_autoscaling_launch_config_public_ip_disabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_7.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_7.yaml index 8e1e7b00a..8ff6f43a6 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_7.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_cm_7_a diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_7_a.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_7_a.yaml index 1f10fee4e..dfb6255cd 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_7_a.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_7_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8.yaml index 8235ab489..539e70290 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_cm_8_1 - id: aws_fedramp_moderate_rev_4_cm_8_3 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8_1.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8_1.yaml index f2a9c7680..a31b76a29 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8_1.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8_3.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8_3.yaml index abdad92df..fc56ea85c 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8_3.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8_3.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_cm_8_3_a diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8_3_a.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8_3_a.yaml index c9b3a7533..256562607 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8_3_a.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cm_8_3_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp.yaml index 89c11e854..532a32e9b 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_cp_9 - id: aws_fedramp_moderate_rev_4_cp_10 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp_10.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp_10.yaml index 0e7d13f4f..9a02cabac 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp_10.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_dynamodb_table_auto_scaling_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp_9.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp_9.yaml index a86d14a8d..7dcc46c7d 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp_9.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp_9.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_cp_9_b diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp_9_b.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp_9_b.yaml index 641b72b49..45992ebc6 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp_9_b.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_cp_9_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_dynamodb_table_point_in_time_recovery_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia.yaml index b352edba9..fb223e355 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ia_2 - id: aws_fedramp_moderate_rev_4_ia_5 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_2.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_2.yaml index 1e8b42cc9..94815078b 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ia_2_1 controls: diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_2_1.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_2_1.yaml index 2b0a02ae6..1935775fa 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_2_1.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_2_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ia_2_1_2 controls: diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_2_1_2.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_2_1_2.yaml index f328fdd12..26359b41a 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_2_1_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_2_1_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_mfa_enabled - aws_iam_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5.yaml index 1ea3c4a50..52ff5af7e 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ia_5_1 - id: aws_fedramp_moderate_rev_4_ia_5_4 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_1.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_1.yaml index 4f6903146..764eca09c 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_1.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ia_5_1_a_d_e diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_1_a_d_e.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_1_a_d_e.yaml index 8e96d8984..ddcb0f640 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_1_a_d_e.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_1_a_d_e.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_4.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_4.yaml index 93f77282a..e6617afc3 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_4.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_7.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_7.yaml index 14a71533f..10e9751e2 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_7.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ia_5_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CodeBuild type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir.yaml index 2ef282501..434086a82 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ir_4 - id: aws_fedramp_moderate_rev_4_ir_6 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_4.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_4.yaml index cc99e127c..491584763 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_4.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ir_4_1 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_4_1.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_4_1.yaml index 6778df5d1..8959f2379 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_4_1.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_4_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_6.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_6.yaml index 5e92eadab..68c468e9b 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_6.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_6.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ir_6_1 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_6_1.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_6_1.yaml index bf9461f3d..f233cdd57 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_6_1.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_6_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_7.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_7.yaml index 5c12bf6d4..dd4554663 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_7.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ir_7_1 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_7_1.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_7_1.yaml index 9a486d281..ec0c9d687 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_7_1.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ir_7_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ra.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ra.yaml index 1f2bed348..fee2f8ee9 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ra.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ra.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_ra_5 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ra_5.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ra_5.yaml index 0e27fd8c3..e761098f4 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ra_5.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_ra_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa.yaml index d81ffc060..fad9adbdb 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_sa_3 - id: aws_fedramp_moderate_rev_4_sa_10 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa_10.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa_10.yaml index dbb8b94cf..99f6b1985 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa_10.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa_3.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa_3.yaml index d64c696bc..eb521dfd6 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa_3.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa_3.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_sa_3_a diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa_3_a.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa_3_a.yaml index e263bd798..40421f7da 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa_3_a.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sa_3_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values - aws_codebuild_project_source_repo_oauth_configured diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc.yaml index 435f54eb1..b78ac8f77 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_sc_2 - id: aws_fedramp_moderate_rev_4_sc_4 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_12.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_12.yaml index a33e34885..00ba014bf 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_12.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_kms_cmk_rotation_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_13.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_13.yaml index a8724531f..b69866673 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_13.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_13.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_kms_key_not_pending_deletion - aws_redshift_cluster_kms_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_2.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_2.yaml index 8f6294b94..bca5974e8 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_group_not_empty - aws_iam_group_user_role_no_inline_policies diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_23.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_23.yaml index 1bb1ad5d8..6cc205331 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_23.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_23.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_28.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_28.yaml index 7f70d675a..8059080c4 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_28.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_28.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_4.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_4.yaml index 09d93d6c7..f8cbb19d5 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_4.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_5.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_5.yaml index 86a2c9760..2bdc77113 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_5.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elb_classic_lb_cross_zone_load_balancing_enabled - aws_rds_db_instance_deletion_protection_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_7.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_7.yaml index 14040db36..6fbe159a3 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_7.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_sc_7_3 controls: diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_7_3.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_7_3.yaml index cf5531244..04cb4fb78 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_7_3.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_7_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_8.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_8.yaml index 9d9c11301..2f1e9ebca 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_8.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_sc_8_1 controls: diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_8_1.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_8_1.yaml index 100da6f6c..5313ac474 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_8_1.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_sc_8_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si.yaml index 42cb61608..6d0cb080d 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_si_2 - id: aws_fedramp_moderate_rev_4_si_4 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_12.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_12.yaml index 4f3b68210..aed481f08 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_12.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_2.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_2.yaml index 31ed015e5..cf854ccc9 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_si_2_2 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_2_2.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_2_2.yaml index b043197d6..1ebed3a97 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_2_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_2_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4.yaml index 4575a8858..7acdefd1d 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_si_4_1 - id: aws_fedramp_moderate_rev_4_si_4_16 diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_1.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_1.yaml index 8f1017c55..b3a5d1806 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_1.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_16.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_16.yaml index c59836a5e..9eb64e455 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_16.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_16.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_2.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_2.yaml index ba268c0dd..29fc3a9a2 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_2.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_4.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_4.yaml index 98e9d9416..c51ae14fd 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_4.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_5.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_5.yaml index b1d98196a..0f635d8b5 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_5.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_a_b_c.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_a_b_c.yaml index cc59e124c..87e0fb443 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_a_b_c.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_4_a_b_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_use_waf_web_acl - aws_cloudtrail_trail_integrated_with_logs diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_7.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_7.yaml index 0d04fbc9d..87e68753c 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_7.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_fedramp_moderate_rev_4_si_7_1 controls: diff --git a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_7_1.yaml b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_7_1.yaml index 21f842de6..9bbb676b5 100755 --- a/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_7_1.yaml +++ b/compliance/frameworks/aws/aws_fedramp_moderate_rev_4/aws_fedramp_moderate_rev_4_si_7_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled - aws_ec2_instance_ssm_managed diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1.yaml index 4bc267383..3e18e48a6 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_1_g - id: aws_ffiec_d_1_rm diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_g.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_g.yaml index b79a3ba32..880ee0833 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_g.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_g.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_1_g_it_b_1 diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_g_it_b_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_g_it_b_1.yaml index 9056ab7d7..db01f5cd0 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_g_it_b_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_g_it_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ebs_attached_volume_delete_on_termination_enabled - aws_ebs_volume_unused diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_rm.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_rm.yaml index 000b9ad46..93e4e1236 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_rm.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_rm.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_1_rm_ra_b_2 - id: aws_ffiec_d_1_rm_rm_b_1 diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_rm_ra_b_2.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_rm_ra_b_2.yaml index d15a6dbcd..6fce2fff1 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_rm_ra_b_2.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_rm_ra_b_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_rm_rm_b_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_rm_rm_b_1.yaml index 0f110dcb7..2bbfc7346 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_rm_rm_b_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_1_rm_rm_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_backup_plan_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2.yaml index 3207e1c85..3ba4fbe1e 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_2_is - id: aws_ffiec_d_2_ma diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_is.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_is.yaml index cce4bb177..816ce17cb 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_is.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_is.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_2_is_is_b_1 diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_is_is_b_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_is_is_b_1.yaml index 7e41d5006..69d2d8db5 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_is_is_b_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_is_is_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ma.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ma.yaml index 936838f39..8ec57c1b8 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ma.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ma.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_2_ma_ma_b_1 - id: aws_ffiec_d_2_ma_ma_b_2 diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ma_ma_b_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ma_ma_b_1.yaml index 0157f8bb4..89718d037 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ma_ma_b_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ma_ma_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ma_ma_b_2.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ma_ma_b_2.yaml index 0bbcf48f6..3db7e769e 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ma_ma_b_2.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ma_ma_b_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti.yaml index d7167e994..ab9d94206 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_2_ti_ti_b_1 - id: aws_ffiec_d_2_ti_ti_b_2 diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti_ti_b_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti_ti_b_1.yaml index 8e917a621..51e7316bd 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti_ti_b_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti_ti_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti_ti_b_2.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti_ti_b_2.yaml index 888ab7171..fd907501f 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti_ti_b_2.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti_ti_b_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti_ti_b_3.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti_ti_b_3.yaml index f85535712..2c5de884c 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti_ti_b_3.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_2_ti_ti_b_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3.yaml index f473fcac6..3facf35aa 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_3_cc - id: aws_ffiec_d_3_dc diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_cc.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_cc.yaml index 9104b2245..acc73292f 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_cc.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_cc.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_3_cc_pm_b_1 - id: aws_ffiec_d_3_cc_pm_b_3 diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_cc_pm_b_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_cc_pm_b_1.yaml index d68fa0dfd..bd810290a 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_cc_pm_b_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_cc_pm_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_instance_automatic_minor_version_upgrade_enabled - aws_redshift_cluster_maintenance_settings_check diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_cc_pm_b_3.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_cc_pm_b_3.yaml index e9955af75..18125429c 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_cc_pm_b_3.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_cc_pm_b_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_instance_automatic_minor_version_upgrade_enabled - aws_redshift_cluster_maintenance_settings_check diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc.yaml index fede9de43..b3dfec608 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_3_dc_an_b_1 - id: aws_ffiec_d_3_dc_an_b_2 diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_1.yaml index 8ee9345c5..1628a2019 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_2.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_2.yaml index 8a95b014f..b20dc137a 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_2.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_3.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_3.yaml index 3d06b3dd1..bbfa423cb 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_3.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_4.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_4.yaml index b7fa86c93..3d8bbd076 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_4.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_5.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_5.yaml index b65630517..1dd73e1b3 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_5.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_an_b_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled - aws_cloudtrail_trail_integrated_with_logs diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_ev_b_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_ev_b_1.yaml index 0254b78ac..011df66bd 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_ev_b_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_ev_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_ev_b_2.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_ev_b_2.yaml index d9a2b82b8..32282c63b 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_ev_b_2.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_ev_b_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_ev_b_3.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_ev_b_3.yaml index 1a5d90055..f72a473c3 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_ev_b_3.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_ev_b_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_th_b_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_th_b_1.yaml index ce05b97f9..0c99763b5 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_th_b_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_dc_th_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc.yaml index daed842dc..1f9105077 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_3_pc_am_b_1 - id: aws_ffiec_d_3_pc_am_b_10 diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_1.yaml index 18aee6927..ce6f79619 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_iam_profile_attached - aws_ecs_task_definition_user_for_host_mode_check diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_10.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_10.yaml index b38c857c1..4b579fbaa 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_10.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_in_vpc - aws_vpc_security_group_restrict_ingress_common_ports_all diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_12.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_12.yaml index 129d30efb..bc1614a56 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_12.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_13.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_13.yaml index 194eb8eb1..205d5fbdc 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_13.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_13.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_15.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_15.yaml index ea5f9d5c5..1552cc043 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_15.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_15.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_16.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_16.yaml index b7bd08c19..d12bbfab1 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_16.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_16.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_all_policy_no_service_wild_card - aws_iam_group_not_empty diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_2.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_2.yaml index e8bde2bc5..3764d2208 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_2.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_all_policy_no_service_wild_card - aws_iam_policy_no_star_star diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_3.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_3.yaml index 1a67ba95c..36d0f8021 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_3.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_all_policy_no_service_wild_card - aws_iam_group_not_empty diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_6.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_6.yaml index 4a3c6a8d3..4caf8b529 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_6.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_iam_all_policy_no_service_wild_card diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_7.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_7.yaml index 4ba6cfc27..51a0261f6 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_7.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_8.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_8.yaml index 4f568dfa0..e8f89c4bc 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_8.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_am_b_8.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_no_access_keys diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_1.yaml index b40e0a5a4..4b33fa084 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_apigateway_stage_use_waf_web_acl diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_2.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_2.yaml index 15669d58a..c6cfbf41f 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_2.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_use_waf_web_acl - aws_elb_application_lb_waf_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_3.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_3.yaml index 351845d77..b503c2c40 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_3.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_trail_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_5.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_5.yaml index 35cdfe977..5963ec6af 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_5.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_6.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_6.yaml index 2928199e7..ac66bff52 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_6.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_vpc_default_security_group_restricts_all_traffic - aws_vpc_security_group_restrict_ingress_common_ports_all diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_7.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_7.yaml index 31ba5f0e8..72e221b58 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_7.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_im_b_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled - aws_cloudtrail_trail_integrated_with_logs diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_se_b_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_se_b_1.yaml index 734c55adb..8a4dd36e9 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_se_b_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_3_pc_se_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values - aws_codebuild_project_source_repo_oauth_configured diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_4.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_4.yaml index 019df6f6c..339562824 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_4.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_4_c diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_4_c.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_4_c.yaml index 3e4d3fbd4..b5523b6eb 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_4_c.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_4_c.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_4_c_co_b_2 diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_4_c_co_b_2.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_4_c_co_b_2.yaml index 6ec2f45e7..5b2cfa492 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_4_c_co_b_2.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_4_c_co_b_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_vpc_default_security_group_restricts_all_traffic - aws_vpc_security_group_restrict_ingress_common_ports_all diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5.yaml index 8288f896a..aa7e0b751 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_5_dr - id: aws_ffiec_d_5_er diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr.yaml index 4a92fd69d..35f8a1a16 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_5_dr_de_b_1 - id: aws_ffiec_d_5_dr_de_b_2 diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr_de_b_1.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr_de_b_1.yaml index 110d8633d..489fb11f7 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr_de_b_1.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr_de_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_alarm_action_enabled - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr_de_b_2.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr_de_b_2.yaml index 6040299cf..330ecdc27 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr_de_b_2.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr_de_b_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_lambda_function_dead_letter_queue_configured diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr_de_b_3.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr_de_b_3.yaml index 624b3dfd6..fb352eef4 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr_de_b_3.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_dr_de_b_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_er.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_er.yaml index dd8594769..66bfb9f8e 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_er.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_er.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_5_er_es_b_4 diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_er_es_b_4.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_er_es_b_4.yaml index 1b017c8dc..cc303b1fd 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_er_es_b_4.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_er_es_b_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_ir.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_ir.yaml index 7add54ee4..062f9ac58 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_ir.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_ir.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_ffiec_d_5_ir_pi_b_6 diff --git a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_ir_pi_b_6.yaml b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_ir_pi_b_6.yaml index dc222fc7a..8fc93799e 100755 --- a/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_ir_pi_b_6.yaml +++ b/compliance/frameworks/aws/aws_ffiec/aws_ffiec_d_5_ir_pi_b_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_backup_plan_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_account.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_account.yaml index 7938ad848..331db2033 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_account.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_account.yaml @@ -14,9 +14,5 @@ control-group: - AWS/Account type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_account_1 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_acm.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_acm.yaml index 14304c0c5..df838763d 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_acm.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_acm.yaml @@ -14,10 +14,6 @@ control-group: - AWS/ACM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_acm_1 - aws_foundational_security_acm_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_apigateway.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_apigateway.yaml index 825d34d48..960bff005 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_apigateway.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_apigateway.yaml @@ -14,10 +14,6 @@ control-group: - AWS/APIGateway type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_apigateway_1 - aws_foundational_security_apigateway_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_appsync.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_appsync.yaml index 351056936..6ef611b15 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_appsync.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_appsync.yaml @@ -3,9 +3,5 @@ control-group: title: AppSync description: AppSync section-code: appsync - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_appsync_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_athena.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_athena.yaml index de4d094d3..94ac27234 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_athena.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_athena.yaml @@ -3,9 +3,5 @@ control-group: title: Athena description: Athena section-code: athena - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_athena_1 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_autoscaling.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_autoscaling.yaml index 747cf2c02..c13e7612a 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_autoscaling.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_autoscaling.yaml @@ -14,10 +14,6 @@ control-group: - AWS/AutoScaling type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_autoscaling_1 - aws_foundational_security_autoscaling_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_backup.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_backup.yaml index 19bf7a25a..1f4c6b3c0 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_backup.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_backup.yaml @@ -3,9 +3,5 @@ control-group: title: Backup description: Backup section-code: backup - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_backup_1 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_cloudformation.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_cloudformation.yaml index 800911c13..05c3eaa02 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_cloudformation.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_cloudformation.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudFormation type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_cloudformation_1 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_cloudfront.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_cloudfront.yaml index 70bc25356..53a4eaa98 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_cloudfront.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_cloudfront.yaml @@ -14,10 +14,6 @@ control-group: - AWS/CloudFront type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_cloudfront_1 - aws_foundational_security_cloudfront_3 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_cloudtrail.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_cloudtrail.yaml index 718cce94b..b5a4388a9 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_cloudtrail.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_cloudtrail.yaml @@ -14,10 +14,6 @@ control-group: - AWS/CloudTrail type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_cloudtrail_1 - aws_foundational_security_cloudtrail_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_codebuild.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_codebuild.yaml index 20227cfaa..13cb66bed 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_codebuild.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_codebuild.yaml @@ -14,10 +14,6 @@ control-group: - AWS/CodeBuild type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_codebuild_1 - aws_foundational_security_codebuild_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_config.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_config.yaml index 6bb1d4f72..6c40255ea 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_config.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_config.yaml @@ -14,9 +14,5 @@ control-group: - AWS/Config type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_config_1 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_dms.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_dms.yaml index 99a09d893..606b2e1ac 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_dms.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_dms.yaml @@ -14,10 +14,6 @@ control-group: - AWS/DMS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_dms_1 - aws_foundational_security_dms_6 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_docdb.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_docdb.yaml index 0c5aa367e..47d3a64f1 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_docdb.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_docdb.yaml @@ -3,10 +3,6 @@ control-group: title: DocumentDB description: DocumentDB section-code: docdb - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_docdb_1 - aws_foundational_security_docdb_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_dynamodb.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_dynamodb.yaml index fda951287..2445fbcb6 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_dynamodb.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_dynamodb.yaml @@ -14,10 +14,6 @@ control-group: - AWS/DynamoDB type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_dynamodb_1 - aws_foundational_security_dynamodb_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ec2.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ec2.yaml index 2dada828f..7c185076d 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ec2.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ec2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/EC2 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_ec2_1 - aws_foundational_security_ec2_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ecr.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ecr.yaml index 74a7b3f7e..276cc1a4c 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ecr.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ecr.yaml @@ -14,10 +14,6 @@ control-group: - AWS/ECR type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_ecr_1 - aws_foundational_security_ecr_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ecs.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ecs.yaml index d78d83673..33d33990a 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ecs.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ecs.yaml @@ -14,10 +14,6 @@ control-group: - AWS/ECS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_ecs_1 - aws_foundational_security_ecs_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_efs.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_efs.yaml index aaaf2a0af..e888ac840 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_efs.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_efs.yaml @@ -14,10 +14,6 @@ control-group: - AWS/EFS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_efs_1 - aws_foundational_security_efs_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_eks.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_eks.yaml index 6c708ec2e..4dc33ecb3 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_eks.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_eks.yaml @@ -14,10 +14,6 @@ control-group: - AWS/EKS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_eks_1 - aws_foundational_security_eks_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_elasticache.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_elasticache.yaml index 189bb46c3..f24c4216c 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_elasticache.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_elasticache.yaml @@ -14,10 +14,6 @@ control-group: - AWS/ElastiCache type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_elasticache_1 - aws_foundational_security_elasticache_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_elasticbeanstalk.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_elasticbeanstalk.yaml index 107a7c4de..0b780c31d 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_elasticbeanstalk.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_elasticbeanstalk.yaml @@ -14,10 +14,6 @@ control-group: - AWS/ElasticBeanstalk type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_elasticbeanstalk_1 - aws_foundational_security_elasticbeanstalk_3 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_elb.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_elb.yaml index 2510dc7ba..da636ab71 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_elb.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_elb.yaml @@ -14,10 +14,6 @@ control-group: - AWS/ELB type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_elb_1 - aws_foundational_security_elb_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_emr.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_emr.yaml index 6ef089894..10f90c038 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_emr.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_emr.yaml @@ -14,10 +14,6 @@ control-group: - AWS/EMR type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_emr_1 - aws_foundational_security_emr_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_es.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_es.yaml index 15ba9a3fb..25574c93e 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_es.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_es.yaml @@ -14,10 +14,6 @@ control-group: - AWS/ES type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_es_1 - aws_foundational_security_es_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_eventbridge.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_eventbridge.yaml index 570d8a22d..c138e7730 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_eventbridge.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_eventbridge.yaml @@ -3,9 +3,5 @@ control-group: title: EventBridge description: EventBridge section-code: eventbridge - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_eventbridge_3 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_fsx.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_fsx.yaml index f54a333ca..5323c0447 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_fsx.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_fsx.yaml @@ -3,9 +3,5 @@ control-group: title: FSx description: FSx section-code: fsx - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_fsx_1 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_guardduty.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_guardduty.yaml index eb2d3cab5..520a9a983 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_guardduty.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_guardduty.yaml @@ -14,7 +14,3 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_iam.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_iam.yaml index aa04f63dc..3d07d0f90 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_iam.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_iam.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_iam_1 - aws_foundational_security_iam_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_kinesis.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_kinesis.yaml index 4f903a126..6d0ddc2f4 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_kinesis.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_kinesis.yaml @@ -14,9 +14,5 @@ control-group: - AWS/Kinesis type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_kinesis_1 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_kms.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_kms.yaml index da4005a8e..b61240a90 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_kms.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_kms.yaml @@ -14,10 +14,6 @@ control-group: - AWS/KMS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_kms_1 - aws_foundational_security_kms_3 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_lambda.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_lambda.yaml index a8a35cc99..b78adb3f3 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_lambda.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_lambda.yaml @@ -14,10 +14,6 @@ control-group: - AWS/Lambda type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_lambda_1 - aws_foundational_security_lambda_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_msk.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_msk.yaml index 0b9a97844..13a083f03 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_msk.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_msk.yaml @@ -3,9 +3,5 @@ control-group: title: MSK description: MSK section-code: msk - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_msk_1 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_neptune.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_neptune.yaml index a69d54991..6e18d4503 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_neptune.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_neptune.yaml @@ -3,10 +3,6 @@ control-group: title: Neptune description: Neptune section-code: neptune - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_neptune_1 - aws_foundational_security_neptune_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_networkfirewall.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_networkfirewall.yaml index 753a23f60..8cc99a39b 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_networkfirewall.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_networkfirewall.yaml @@ -14,10 +14,6 @@ control-group: - AWS/NetworkFirewall type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_networkfirewall_2 - aws_foundational_security_networkfirewall_3 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_opensearch.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_opensearch.yaml index 9590f4e40..bd1f1eedb 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_opensearch.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_opensearch.yaml @@ -14,10 +14,6 @@ control-group: - AWS/OpenSearch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_opensearch_1 - aws_foundational_security_opensearch_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_pca.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_pca.yaml index 621bb4a4e..f4d2b7f45 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_pca.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_pca.yaml @@ -3,9 +3,5 @@ control-group: title: Private Certificate Authority description: Private Certificate Authority section-code: pca - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_pca_1 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_rds.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_rds.yaml index 655b4a7a6..edb122419 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_rds.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_rds.yaml @@ -14,10 +14,6 @@ control-group: - AWS/RDS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_rds_2 - aws_foundational_security_rds_3 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_redshift.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_redshift.yaml index 31f6bf343..0596b29f7 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_redshift.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_redshift.yaml @@ -14,10 +14,6 @@ control-group: - AWS/Redshift type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_redshift_1 - aws_foundational_security_redshift_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_route53.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_route53.yaml index 92f416a63..8365981a1 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_route53.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_route53.yaml @@ -3,9 +3,5 @@ control-group: title: Route53 description: Route53 section-code: route53 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_route53_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_s3.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_s3.yaml index 86e2a9a87..911ca174f 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_s3.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_s3.yaml @@ -14,10 +14,6 @@ control-group: - AWS/S3 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_s3_1 - aws_foundational_security_s3_5 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sagemaker.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sagemaker.yaml index 3678df327..07fe20acb 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sagemaker.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sagemaker.yaml @@ -14,10 +14,6 @@ control-group: - AWS/SageMaker type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_sagemaker_1 - aws_foundational_security_sagemaker_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_secretsmanager.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_secretsmanager.yaml index dc4f4f3fd..085b17d4a 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_secretsmanager.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_secretsmanager.yaml @@ -14,10 +14,6 @@ control-group: - AWS/SecretsManager type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_secretsmanager_1 - aws_foundational_security_secretsmanager_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sfn.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sfn.yaml index 1fc6b0aec..98cc040be 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sfn.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sfn.yaml @@ -3,9 +3,5 @@ control-group: title: Step Functions description: Step Functions section-code: sfn - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_sfn_1 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sns.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sns.yaml index 54a1fe9cf..ab57f2bc6 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sns.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sns.yaml @@ -14,10 +14,6 @@ control-group: - AWS/SNS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_sns_1 - aws_foundational_security_sns_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sqs.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sqs.yaml index 65eb23678..e75fedcd7 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sqs.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_sqs.yaml @@ -14,9 +14,5 @@ control-group: - AWS/SQS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_sqs_1 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ssm.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ssm.yaml index 48e1b9c13..4aaa5e01b 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ssm.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_ssm.yaml @@ -14,10 +14,6 @@ control-group: - AWS/SSM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_ssm_1 - aws_foundational_security_ssm_2 diff --git a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_waf.yaml b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_waf.yaml index ef6a79c92..8ad43123e 100755 --- a/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_waf.yaml +++ b/compliance/frameworks/aws/aws_foundational_security/aws_foundational_security_waf.yaml @@ -14,10 +14,6 @@ control-group: - AWS/WAF type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_foundational_security_waf_1 - aws_foundational_security_waf_2 diff --git a/compliance/frameworks/aws/aws_gdpr/aws_article_25.yaml b/compliance/frameworks/aws/aws_gdpr/aws_article_25.yaml index d005cb9d9..f97b9ce74 100755 --- a/compliance/frameworks/aws/aws_gdpr/aws_article_25.yaml +++ b/compliance/frameworks/aws/aws_gdpr/aws_article_25.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_bucket_not_public - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_gdpr/aws_article_30.yaml b/compliance/frameworks/aws/aws_gdpr/aws_article_30.yaml index 76b2589be..786b7310c 100755 --- a/compliance/frameworks/aws/aws_gdpr/aws_article_30.yaml +++ b/compliance/frameworks/aws/aws_gdpr/aws_article_30.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_gdpr/aws_article_32.yaml b/compliance/frameworks/aws/aws_gdpr/aws_article_32.yaml index b7a6b1fb4..7de5b689a 100755 --- a/compliance/frameworks/aws/aws_gdpr/aws_article_32.yaml +++ b/compliance/frameworks/aws/aws_gdpr/aws_article_32.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_apigateway_stage_cache_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10.yaml index cf3f06b6e..70be16501 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_gxp_21_cfr_part_11_11_10_a - id: aws_gxp_21_cfr_part_11_11_10_c diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_a.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_a.yaml index 24d2491a1..546af06c8 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_a.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_c.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_c.yaml index c97764dfe..8c964cb68 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_c.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_d.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_d.yaml index 1eb28e20b..776142fcb 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_d.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_d.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_e.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_e.yaml index b88ea063f..32076843d 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_e.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_e.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_g.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_g.yaml index 56290b810..a7a310dbc 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_g.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_g.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_h.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_h.yaml index 41586f037..a0d3c844d 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_h.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_h.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_k.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_k.yaml index cc5c322a9..0ea11d044 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_k.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_10_k.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_200.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_200.yaml index 8df16f44f..e67d51686 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_200.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_200.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_gxp_21_cfr_part_11_11_200_a diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_200_a.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_200_a.yaml index 2ca16001a..6de5a2e76 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_200_a.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_200_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_iam_root_user_hardware_mfa_enabled diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_30.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_30.yaml index f92fea62e..ec9d62344 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_30.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_30.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_apigateway_stage_cache_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_300.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_300.yaml index 00641d7f5..6f4f6bd3e 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_300.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_300.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_gxp_21_cfr_part_11_11_300_b - id: aws_gxp_21_cfr_part_11_11_300_d diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_300_b.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_300_b.yaml index 406db78bc..2f5b2d05f 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_300_b.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_300_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_emr_cluster_kerberos_enabled - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_300_d.yaml b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_300_d.yaml index 1c8565ccd..59229851f 100755 --- a/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_300_d.yaml +++ b/compliance/frameworks/aws/aws_gxp_21_cfr_part_11/aws_gxp_21_cfr_part_11_11_300_d.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled - aws_cloudtrail_trail_integrated_with_logs diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_general.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_general.yaml index e463c775a..ca839d85f 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_general.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_general.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_gxp_eu_annex_11_general_1 diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_general_1.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_general_1.yaml index 1b2cead02..ea75477c7 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_general_1.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_general_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase.yaml index 3b52dcf04..f15dbdce4 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_gxp_eu_annex_11_operational_phase_5 - id: aws_gxp_eu_annex_11_operational_phase_7 diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_10.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_10.yaml index 843ed642e..84bb7fa59 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_10.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_10.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_12.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_12.yaml index 8b6a7be51..c098d71dd 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_12.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_12.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_gxp_eu_annex_11_operational_phase_12_4 diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_12_4.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_12_4.yaml index 02684000e..29ffa023b 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_12_4.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_12_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_13.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_13.yaml index 0f42a2abd..cd09448c7 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_13.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_13.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_security_trail_enabled - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_16.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_16.yaml index af37a702a..38fb1ec27 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_16.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_16.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_17.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_17.yaml index 3a17ef821..8d09d4017 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_17.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_17.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_5.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_5.yaml index b9ff86081..f77fb728a 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_5.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_7.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_7.yaml index 6d994f4b7..62f57e8e6 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_7.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_gxp_eu_annex_11_operational_phase_7_1 - id: aws_gxp_eu_annex_11_operational_phase_7_2 diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_7_1.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_7_1.yaml index b96ddf304..c6b049992 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_7_1.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_7_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_cloudfront_distribution_custom_origins_encryption_in_transit_enabled diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_7_2.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_7_2.yaml index bdcc15ae4..539c2acf9 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_7_2.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_7_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_8.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_8.yaml index 4ffbd2f9c..88013345f 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_8.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_8.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_gxp_eu_annex_11_operational_phase_8_2 diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_8_2.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_8_2.yaml index 19ec650e1..4298f8e20 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_8_2.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_8_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_9.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_9.yaml index 3120e4f8c..8ec0059f8 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_9.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_operational_phase_9.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase.yaml index f688742b8..7e5841632 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_gxp_eu_annex_11_project_phase_4 diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4.yaml index 62eefd70f..d58286b35 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_gxp_eu_annex_11_project_phase_4_2 - id: aws_gxp_eu_annex_11_project_phase_4_5 diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_2.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_2.yaml index 0b7669d40..096c86acf 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_2.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_5.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_5.yaml index f0112ed2e..e606dbbcc 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_5.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_5.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_6.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_6.yaml index aca95f828..01dcff2e7 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_6.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_6.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_8.yaml b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_8.yaml index 4ca7fdf1a..815253917 100755 --- a/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_8.yaml +++ b/compliance/frameworks/aws/aws_gxp_eu_annex_11/aws_gxp_eu_annex_11_project_phase_4_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308.yaml index 07c05363b..d7867efa1 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_a - id: aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_b diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_a.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_a.yaml index 9ec59e2af..a44c9ad93 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_a.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_a.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_b.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_b.yaml index ae85d690d..fc69cca3a 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_b.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_b.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_autoscaling_group_with_lb_use_health_check diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_d.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_d.yaml index a51003c9e..b5f329c2e 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_d.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_d.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudfront_distribution_logging_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_i.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_i.yaml index 4d5b671ab..9aedae781 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_i.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_i.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_a.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_a.yaml index f914b011c..4fd73c0f1 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_a.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_a.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_b.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_b.yaml index ca3166573..61fb71903 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_b.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_b.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_emr_cluster_kerberos_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_c.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_c.yaml index b8a431ede..8b441c042 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_c.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_3_ii_c.yaml @@ -18,9 +18,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_user_access_key_age_90 diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_i.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_i.yaml index 8fd984907..c0ccdba9f 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_i.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_i.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_emr_cluster_kerberos_enabled - aws_iam_all_policy_no_service_wild_card diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_a.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_a.yaml index 454afeffb..89ad7410a 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_a.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_a.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_apigateway_stage_cache_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_b.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_b.yaml index 5883210f1..e5f8e3ea1 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_b.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_b.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_iam_profile_attached - aws_emr_cluster_kerberos_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_c.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_c.yaml index 6121f0e0b..f0b8cfcac 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_c.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_c.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_b.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_b.yaml index 58b4cf45b..650a25403 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_b.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_b.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_c.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_c.yaml index 0ab45c958..b8ae10679 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_c.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_c.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled - aws_cloudtrail_trail_integrated_with_logs diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_d.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_d.yaml index 0c2ca75a8..1f62efd83 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_d.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_d.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_iam_user_access_key_age_90 diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_6_i.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_6_i.yaml index 364f8b545..f50dc3e98 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_6_i.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_6_i.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_alarm_action_enabled - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_6_ii.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_6_ii.yaml index 5fff55cbc..583e73ff7 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_6_ii.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_6_ii.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_i.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_i.yaml index 83f4c9f2f..c69194508 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_i.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_i.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_backup_plan_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_a.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_a.yaml index 35ab114d1..f4121c5c2 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_a.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_a.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_backup_plan_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_b.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_b.yaml index 3e4ddb2d6..fcd0fe52a 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_b.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_b.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_backup_plan_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_c.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_c.yaml index 77352ae20..f47812f70 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_c.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_c.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_backup_plan_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_8.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_8.yaml index aa29d596f..385ac931f 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_8.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_308_a_8.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_310.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_310.yaml index 7d64d3e4c..111263467 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_310.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_310.yaml @@ -16,9 +16,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_hipaa_final_omnibus_security_rule_2013_164_310_d_2_iv diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_310_d_2_iv.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_310_d_2_iv.yaml index 7b803a9f5..a959444da 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_310_d_2_iv.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_310_d_2_iv.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312.yaml index 2517a5d4d..3ddfca84f 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_hipaa_final_omnibus_security_rule_2013_164_312_a_1 - id: aws_hipaa_final_omnibus_security_rule_2013_164_312_a_2_i diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_1.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_1.yaml index 96caa4158..eac947ddf 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_1.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_2_i.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_2_i.yaml index 2ef00522f..5998d6d3d 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_2_i.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_2_i.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_s3_data_events_enabled - aws_iam_root_user_no_access_keys diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_2_ii.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_2_ii.yaml index 145971c75..e6e641784 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_2_ii.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_2_ii.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_2_iv.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_2_iv.yaml index 3aa62bcd3..732bce378 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_2_iv.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_a_2_iv.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_apigateway_stage_cache_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_b.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_b.yaml index ef0ff97f3..6144dfa05 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_b.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_b.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_xray_tracing_enabled - aws_apigateway_stage_logging_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_c_1.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_c_1.yaml index fb3606325..f2fbf149a 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_c_1.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_c_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_c_2.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_c_2.yaml index 10cc5070d..1ca23c41f 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_c_2.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_c_2.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_d.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_d.yaml index f7af15c56..b3711ef7c 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_d.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_d.yaml @@ -18,10 +18,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_iam_root_user_hardware_mfa_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_e_1.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_e_1.yaml index 7a7d1ae8d..bcc68628d 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_e_1.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_e_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_apigateway_rest_api_stage_use_ssl_certificate diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_e_2_i.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_e_2_i.yaml index 6ed1589c0..8d666ee48 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_e_2_i.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_e_2_i.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_e_2_ii.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_e_2_ii.yaml index 2d1b84389..78481516b 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_e_2_ii.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_312_e_2_ii.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_apigateway_stage_cache_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314.yaml index 05db8988d..20fd67b72 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_hipaa_final_omnibus_security_rule_2013_164_314_b_1 - id: aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2 diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_1.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_1.yaml index c1eb483f3..bef7cafc1 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_1.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_dax_cluster_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2.yaml index cd7e3c9a5..16431194a 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_dax_cluster_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_i.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_i.yaml index 6f9a5fb3f..baf483e99 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_i.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_i.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_dax_cluster_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_ii.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_ii.yaml index e4ef5eaab..32ccb2418 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_ii.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_ii.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_dax_cluster_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_iii.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_iii.yaml index b84a44da0..289eb5481 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_iii.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_iii.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_dax_cluster_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_iv.yaml b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_iv.yaml index f25eb9c5b..9d143fb5a 100755 --- a/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_iv.yaml +++ b/compliance/frameworks/aws/aws_hipaa_final_omnibus_security_rule_2013/aws_hipaa_final_omnibus_security_rule_2013_164_314_b_2_iv.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_dax_cluster_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308.yaml index 0a9488f45..12405e85d 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_hipaa_security_rule_2003_164_308_a_1_ii_a - id: aws_hipaa_security_rule_2003_164_308_a_1_ii_b diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_1_ii_a.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_1_ii_a.yaml index 10c29f381..d7a43be3a 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_1_ii_a.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_1_ii_a.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_1_ii_b.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_1_ii_b.yaml index aef059328..04679514b 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_1_ii_b.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_1_ii_b.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_autoscaling_group_with_lb_use_health_check diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_1_ii_d.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_1_ii_d.yaml index b902564b8..51a346a05 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_1_ii_d.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_1_ii_d.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudfront_distribution_logging_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_i.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_i.yaml index 7acdd02f8..a8fc694fb 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_i.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_i.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_ii_a.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_ii_a.yaml index 269901602..f4dce5b6e 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_ii_a.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_ii_a.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_ii_b.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_ii_b.yaml index 64ce061e8..d40d7699c 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_ii_b.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_ii_b.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_group_not_empty - aws_iam_policy_no_star_star diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_ii_c.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_ii_c.yaml index 7cc669af1..d89df2fe5 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_ii_c.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_3_ii_c.yaml @@ -18,9 +18,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_user_access_key_age_90 diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_i.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_i.yaml index 38034287b..9877f16c0 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_i.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_i.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_group_not_empty - aws_iam_policy_no_star_star diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_ii_a.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_ii_a.yaml index abd0e0a52..b4d50836b 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_ii_a.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_ii_a.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_apigateway_stage_cache_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_ii_b.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_ii_b.yaml index fc096e614..44b978447 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_ii_b.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_ii_b.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_group_not_empty - aws_iam_policy_no_star_star diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_ii_c.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_ii_c.yaml index f035552a5..147a72661 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_ii_c.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_4_ii_c.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_iam_group_not_empty diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_5_ii_b.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_5_ii_b.yaml index 8dffc1dfd..a0676335a 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_5_ii_b.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_5_ii_b.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_5_ii_c.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_5_ii_c.yaml index 00ee291e5..66bf0f604 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_5_ii_c.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_5_ii_c.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled - aws_cloudtrail_trail_integrated_with_logs diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_5_ii_d.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_5_ii_d.yaml index cf3560a92..87178cab6 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_5_ii_d.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_5_ii_d.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_iam_user_access_key_age_90 diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_6_i.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_6_i.yaml index 962ca74d6..61a0c79a0 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_6_i.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_6_i.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_alarm_action_enabled - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_6_ii.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_6_ii.yaml index 07989a291..fb9a5f06c 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_6_ii.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_6_ii.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_i.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_i.yaml index 71456c00a..21e873e2a 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_i.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_i.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_backup_plan_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_ii_a.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_ii_a.yaml index be896036e..5058e2a93 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_ii_a.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_ii_a.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_backup_plan_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_ii_b.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_ii_b.yaml index f5a9a20a8..40cd7fa4c 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_ii_b.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_ii_b.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_backup_plan_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_ii_c.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_ii_c.yaml index d3193e563..ed82a2f8e 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_ii_c.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_7_ii_c.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_backup_plan_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_8.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_8.yaml index 20d9f788e..2bab705d5 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_8.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_308_a_8.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_310.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_310.yaml index aa239b001..8e4d00a65 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_310.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_310.yaml @@ -16,9 +16,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_hipaa_security_rule_2003_164_310_d_2_iv diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_310_d_2_iv.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_310_d_2_iv.yaml index 1f6ffe836..40485e5f8 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_310_d_2_iv.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_310_d_2_iv.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312.yaml index c9182ccf6..5146b3a0f 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_hipaa_security_rule_2003_164_312_a_1 - id: aws_hipaa_security_rule_2003_164_312_a_2_i diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_1.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_1.yaml index 6d538d077..296773cb3 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_1.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_2_i.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_2_i.yaml index 84bd27ec7..734587ef5 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_2_i.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_2_i.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_s3_data_events_enabled - aws_iam_root_user_no_access_keys diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_2_ii.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_2_ii.yaml index 7c5149a01..12bc2b6b1 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_2_ii.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_2_ii.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_2_iv.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_2_iv.yaml index fc09de2fb..73ea38b36 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_2_iv.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_a_2_iv.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_b.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_b.yaml index f87a61c16..636a32a59 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_b.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_b.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_c_1.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_c_1.yaml index 611672046..b8ddd7bf9 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_c_1.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_c_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_c_2.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_c_2.yaml index 9bea1f776..19fd66af2 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_c_2.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_c_2.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_d.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_d.yaml index de6a94e35..3dee4dbdc 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_d.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_d.yaml @@ -18,10 +18,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_iam_root_user_hardware_mfa_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_e_1.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_e_1.yaml index e0417d422..891414412 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_e_1.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_e_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_apigateway_stage_cache_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_e_2_i.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_e_2_i.yaml index b182820ef..62aefb709 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_e_2_i.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_e_2_i.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_e_2_ii.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_e_2_ii.yaml index b14217bd7..b3f75e399 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_e_2_ii.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_312_e_2_ii.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_314.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_314.yaml index 314941683..fe020ffd9 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_314.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_314.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_hipaa_security_rule_2003_164_314_b_1 - id: aws_hipaa_security_rule_2003_164_314_b_2 diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_314_b_1.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_314_b_1.yaml index 7dd42db65..84651eaee 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_314_b_1.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_314_b_1.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_dax_cluster_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_314_b_2.yaml b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_314_b_2.yaml index a8ce6ab27..236272f70 100755 --- a/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_314_b_2.yaml +++ b/compliance/frameworks/aws/aws_hipaa_security_rule_2003/aws_hipaa_security_rule_2003_164_314_b_2.yaml @@ -18,10 +18,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_dax_cluster_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_2.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_2.yaml index 72baa36ef..1d36a4244 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_171_rev_2_2_2 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_2_2.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_2_2.yaml index 69f1e1c74..f0b40f521 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_2_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_2_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_config_enabled_all_regions - aws_ec2_instance_ssm_managed diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1.yaml index d8f09d08f..373506ee4 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_171_rev_2_3_1_1 - id: aws_nist_800_171_rev_2_3_1_2 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_11.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_11.yaml index cef4c98d9..57091967d 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_11.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_11.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_171_rev_2_3_11_2 - id: aws_nist_800_171_rev_2_3_11_3 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_11_2.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_11_2.yaml index 25971df80..c30031589 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_11_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_11_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_11_3.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_11_3.yaml index b9ca283a6..f14858c86 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_11_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_11_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12.yaml index eaca016cd..734840e78 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_171_rev_2_3_12_1 - id: aws_nist_800_171_rev_2_3_12_3 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12_1.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12_1.yaml index 8539998a6..96d9609bb 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_bucket_not_public - aws_cloudtrail_multi_region_read_write_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12_3.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12_3.yaml index e22ad6f94..dd66be288 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_bucket_not_public - aws_cloudtrail_multi_region_read_write_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12_4.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12_4.yaml index aab491c07..ee4cdef94 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_12_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_bucket_not_public - aws_cloudtrail_multi_region_read_write_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13.yaml index 7d1533a38..4333143e7 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_171_rev_2_3_13_1 - id: aws_nist_800_171_rev_2_3_13_2 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_1.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_1.yaml index e6630cc11..21b94bd27 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_apigateway_stage_logging_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_10.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_10.yaml index 21c020027..5b755e061 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_10.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_kms_cmk_rotation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_11.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_11.yaml index 1102aed50..a1cdd8c2f 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_11.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_11.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_15.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_15.yaml index ca2806dc8..70d760e6e 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_15.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_15.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elb_application_lb_drop_http_headers - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_16.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_16.yaml index c2d1c0911..6d08fb117 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_16.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_16.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_2.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_2.yaml index 3019ea78b..1bc0ed0e1 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_autoscaling_group_with_lb_use_health_check diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_3.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_3.yaml index 06b7aebd2..428959bd8 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_group_not_empty - aws_iam_policy_no_star_star diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_4.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_4.yaml index 2f87c25f8..e4584c370 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ebs_volume_unused diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_5.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_5.yaml index 05bbbba6a..95535ef26 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_6.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_6.yaml index 903e3b6b3..d1f1153db 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_vpc_security_group_restrict_ingress_common_ports_all - aws_vpc_security_group_restrict_ingress_ssh_all diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_8.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_8.yaml index 882daad9c..070e99fee 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_13_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_apigateway_rest_api_stage_use_ssl_certificate diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14.yaml index 8cb276dc2..9cdf58e49 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_171_rev_2_3_14_1 - id: aws_nist_800_171_rev_2_3_14_2 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_1.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_1.yaml index 26790aab3..b556223ba 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_2.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_2.yaml index 0e4d7df9d..3ff62c7bb 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_elb_application_lb_waf_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_3.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_3.yaml index 6d2f9da03..9ef77478e 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_redshift_cluster_maintenance_settings_check diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_4.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_4.yaml index 15faccee0..48da644c3 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_6.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_6.yaml index e138a6df3..9ce934f19 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_apigateway_stage_use_waf_web_acl diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_7.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_7.yaml index 5c46feba0..84165707e 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_14_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_1.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_1.yaml index 6becca3dd..be06c04d8 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_12.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_12.yaml index d18493e50..dc3d40552 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_13.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_13.yaml index f230d5f83..862aa48b4 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_13.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_13.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elb_application_lb_redirect_http_request_to_https - aws_elb_classic_lb_use_ssl_certificate diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_14.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_14.yaml index 4c39715bc..db7aba85f 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_14.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_14.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_2.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_2.yaml index d53a7367d..916d41562 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_20.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_20.yaml index a45a38897..b0ce7deed 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_20.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_20.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_s3_bucket_policy_restrict_public_access - aws_s3_public_access_block_account diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_3.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_3.yaml index 16bc2ef4d..be9beb065 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_4.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_4.yaml index 57a5350f3..a1ada9c43 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_iam_profile_attached - aws_ecs_task_definition_user_for_host_mode_check diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_5.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_5.yaml index 4ee058c25..47a6afec5 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_iam_profile_attached - aws_emr_cluster_kerberos_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_6.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_6.yaml index 3b52057b8..36ef933ee 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_policy_no_star_star - aws_iam_root_user_no_access_keys diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_7.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_7.yaml index 1fa1d9c44..4395a9af1 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_1_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_emr_cluster_kerberos_enabled - aws_iam_group_not_empty diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3.yaml index 0cc794858..aeb001934 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_171_rev_2_3_3_1 - id: aws_nist_800_171_rev_2_3_3_2 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_1.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_1.yaml index 143fd0ad8..759c2bcfc 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_2.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_2.yaml index 0f65cddc2..69668e7b1 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_3.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_3.yaml index dfb94c4ba..f272d3ba8 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_4.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_4.yaml index 65ef6e17f..0b61d7be3 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_5.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_5.yaml index 3fbf661bb..513a69939 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_8.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_8.yaml index 6a1e35139..736747a4b 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_3_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4.yaml index be6386967..0e0012770 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_171_rev_2_3_4_1 - id: aws_nist_800_171_rev_2_3_4_2 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_1.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_1.yaml index 5a63465e2..01b2ed7fa 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_security_trail_enabled - aws_ebs_volume_unused diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_2.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_2.yaml index adec95b2d..4c93a4d90 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_config_enabled_all_regions - aws_ebs_volume_unused diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_3.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_3.yaml index 892742fcc..f64fe9e0b 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_3.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_4.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_4.yaml index 09357dc10..c46dd0809 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_5.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_5.yaml index a70509164..f72e79be6 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_5.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_6.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_6.yaml index 77027761d..414b1eb67 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_7.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_7.yaml index 89375f629..ab8e508b3 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_vpc_default_security_group_restricts_all_traffic - aws_vpc_security_group_restrict_ingress_common_ports_all diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_9.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_9.yaml index e323dcd46..7e39c1cfc 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_4_9.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5.yaml index 42f481c5e..164ec4f76 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_171_rev_2_3_5_1 - id: aws_nist_800_171_rev_2_3_5_2 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_1.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_1.yaml index 0c27c19e7..72e5df13d 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_2.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_2.yaml index 0923801a6..c8162aad7 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_iam_user_console_access_mfa_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_3.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_3.yaml index f2d367ad0..4c95b4d22 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_4.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_4.yaml index 4b4f03b9c..fedb0c232 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_5.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_5.yaml index 6d678fef4..bbeed3f89 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_5.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_6.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_6.yaml index 9bca44624..52ce40b2e 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_iam_user_unused_credentials_90 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_7.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_7.yaml index ed9ac7b44..84bb3b12d 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_8.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_8.yaml index 7285938cc..585e7a13c 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_8.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_9.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_9.yaml index 40502599a..83a880827 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_5_9.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_6.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_6.yaml index a2cfd9ca7..a53d04c81 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_171_rev_2_3_6_1 - id: aws_nist_800_171_rev_2_3_6_2 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_6_1.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_6_1.yaml index 2e9bff4e5..eef87b9ec 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_6_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_6_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_security_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_6_2.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_6_2.yaml index 9fff66878..24fa421f4 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_6_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_6_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_security_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_8.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_8.yaml index d7c7c8159..2a276ba66 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_8.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_171_rev_2_3_8_9 diff --git a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_8_9.yaml b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_8_9.yaml index ddaedcea5..e92e5e7ac 100755 --- a/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_8_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_171_rev_2/aws_nist_800_171_rev_2_3_8_9.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_1.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_1.yaml index 2181b31ff..1a67f715a 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_1.yaml @@ -3,9 +3,5 @@ control-group: title: Access Control description: The access control family consists of security requirements detailing system logging. This includes who has access to what assets and reporting capabilities like account management, system privileges, and remote access logging to determine when users have access to the system and their level of access. section-code: "3_1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_172_3_1_3_e diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_11.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_11.yaml index 18437398c..5b9680f2e 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_11.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_11.yaml @@ -3,10 +3,6 @@ control-group: title: Risk Assessment description: The RA control family relates to an organization's risk assessment policies and vulnerability scanning capabilities. Using an integrated risk management solution like CyberStrong can help streamline and automate your NIST 800 53 compliance efforts. section-code: "3_11" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_172_3_11_1_e - id: aws_nist_800_172_3_11_2_e diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_11_1_e.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_11_1_e.yaml index 30b6f1728..966d2d249 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_11_1_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_11_1_e.yaml @@ -3,9 +3,5 @@ control-group: title: "11.1e Employ [Assignment: organization-defined sources of threat intelligence] as part of a risk assessment to guide and inform the development of organizational systems, security architectures, selection of security solutions, monitoring, threat hunting, and response and recovery activities" description: The constant evolution and increased sophistication of adversaries, especially the APT, makes it more likely that adversaries can successfully compromise or breach organizational systems. Accordingly, threat intelligence can be integrated into each step of the risk management process throughout the system development life cycle. This risk management process includes defining system security requirements, developing system and security architectures, selecting security solutions, monitoring (including threat hunting), and remediation efforts. section-code: 1_e - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_11_2_e.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_11_2_e.yaml index 7c77721b0..d465ebe7d 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_11_2_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_11_2_e.yaml @@ -3,7 +3,3 @@ control-group: title: "11.2e Conduct cyber threat hunting activities [Selection (one or more): [Assignment: organizationdefined frequency]; [Assignment: organization-defined event]] to search for indicators of compromise in [Assignment: organization-defined systems] and detect, track, and disrupt threats that evade existing controls" description: Threat hunting is an active means of defense that contrasts with traditional protection measures, such as firewalls, intrusion detection and prevention systems, quarantining malicious code in sandboxes, and Security Information and Event Management (SIEM) technologies and systems. Cyber threat hunting involves proactively searching organizational systems, networks, and infrastructure for advanced threats. The objective is to track and disrupt cyber adversaries as early as possible in the attack sequence and to measurably improve the speed and accuracy of organizational responses. Indicators of compromise are forensic artifacts from intrusions that are identified on organizational systems at the host or network level and can include unusual network traffic, unusual file changes, and the presence of malicious code. section-code: 2_e - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_13.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_13.yaml index 63127313f..57b8ffed3 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_13.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_13.yaml @@ -3,9 +3,5 @@ control-group: title: System and Communications Protection description: The SC control family is responsible for systems and communications protection procedures. This includes boundary protection, protection of information at rest, collaborative computing devices, cryptographic protection, denial of service protection, and many others. section-code: "3_13" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_172_3_13_4_e diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_13_4_e.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_13_4_e.yaml index f078a425a..c0ff38e49 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_13_4_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_13_4_e.yaml @@ -3,10 +3,6 @@ control-group: title: "13.4e Employ [Selection: (one or more): [Assignment: organization-defined physical isolation techniques]; [Assignment: organization-defined logical isolation techniques]] in organizational systems and system components" description: A mix of physical and logical isolation techniques (described below) implemented as part of the system architecture can limit the unauthorized flow of CUI, reduce the system attack surface, constrain the number of system components that must be secure, and impede the movement of an adversary. When implemented with a set of managed interfaces, physical and logical isolation techniques for organizational systems and components can isolate CUI into separate security domains where additional protections can be implemented. Any communications across the managed interfaces (i.e., across security domains), including for management or administrative purposes, constitutes remote access even if the communications remain within the organization. Separating system components with boundary protection mechanisms allows for the increased protection of individual components and more effective control of information flows between those components. This enhanced protection limits the potential harm from and susceptibility to hostile cyber-attacks and errors. The degree of isolation can vary depending on the boundary protection mechanisms selected. Boundary protection mechanisms include routers, gateways, and firewalls separating system components into physically separate networks or subnetworks; virtualization and micro-virtualization techniques; encrypting information flows among system components using distinct encryption keys; cross-domain devices separating subnetworks; and complete physical separation (i.e., air gaps). section-code: 4_e - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14.yaml index 201606837..8fde5e16d 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14.yaml @@ -3,10 +3,6 @@ control-group: title: System and Information integrity description: The SI control family correlates to controls that protect system and information integrity. These include flaw remediation, malicious code protection, information system monitoring, security alerts, software and firmware integrity, and spam protection. section-code: "3_14" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_172_3_14_1_e - id: aws_nist_800_172_3_14_2_e diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_1_e.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_1_e.yaml index 74756aa99..ca238280b 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_1_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_1_e.yaml @@ -3,9 +3,5 @@ control-group: title: "14.1e Verify the integrity of [Assignment: organization-defined security critical or essential software] using root of trust mechanisms or cryptographic signatures" description: Verifying the integrity of the organization’s security-critical or essential software is an important capability since corrupted software is the primary attack vector used by adversaries to undermine or disrupt the proper functioning of organizational systems. There are many ways to verify software integrity throughout the system development life cycle. Root of trust mechanisms (e.g., secure boot, trusted platform modules, Unified Extensible Firmware Interface [UEFI]), verify that only trusted code is executed during boot processes. This capability helps system components protect the integrity of boot firmware in organizational systems by verifying the integrity and authenticity of updates to the firmware prior to applying changes to the system component and preventing unauthorized processes from modifying the boot firmware. The employment of cryptographic signatures ensures the integrity and authenticity of critical and essential software that stores, processes, or transmits, CUI. Cryptographic signatures include digital signatures and the computation and application of signed hashes using asymmetric cryptography, protecting the confidentiality of the key used to generate the hash, and using the public key to verify the hash information. Hardware roots of trust are considered to be more secure. section-code: 1_e - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_2_e.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_2_e.yaml index e6707118c..eaa57a015 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_2_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_2_e.yaml @@ -3,10 +3,6 @@ control-group: title: 14.2e Monitor organizational systems and system components on an ongoing basis for anomalous or suspicious behavior description: Monitoring is used to identify unusual, suspicious, or unauthorized activities or conditions related to organizational systems and system components. Such activities or conditions can include unusual internal systems communications traffic, unauthorized exporting of information,signaling to external systems, large file transfers, long-time persistent connections, attempts to access information from unexpected locations, unusual protocols and ports in use, and attempted communications with suspected malicious external addresses. The correlation of physical, time, or geolocation audit record information to the audit records from systems may assist organizations in identifying examples of anomalous behavior. For example, the correlation of an individual’s identity for logical access to certain systems with the additional information that the individual was not present at the facility when the logical access occurred is indicative of anomalous behavior. section-code: 2_e - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_6_e.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_6_e.yaml index 0261f7a44..84a06d952 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_6_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_6_e.yaml @@ -3,9 +3,5 @@ control-group: title: "14.6e Use threat indicator information and effective mitigations obtained from [Assignment: organization-defined external organizations] to guide and inform intrusion detection and threat hunting" description: Threat information related to specific threat events (e.g., TTPs, targets) that organizations have experienced, threat mitigations that organizations have found to be effective against certain types of threats, and threat intelligence (i.e., indications and warnings about threats that can occur) are sourced from and shared with trusted organizations. This threat information can be used by organizational Security Operations Centers (SOC) and incorporated into monitoring capabilities. Threat information sharing includes threat indicators, signatures, and adversary TTPs from organizations participating in threat-sharing consortia, government-commercial cooperatives, and government-government cooperatives (e.g., CERTCC, CISA/US-CERT, FIRST, ISAO, DIB CS Program). Unclassified indicators, based on classified information but which can be readily incorporated into organizational intrusion detection systems, are available to qualified nonfederal organizations from government sources. section-code: 6_e - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_7_e.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_7_e.yaml index e2e1d9d93..41d969a11 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_7_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_14_7_e.yaml @@ -3,10 +3,6 @@ control-group: title: "14.7e Verify the correctness of [Assignment: organization-defined security critical or essential software, firmware, and hardware components] using [Assignment: organization-defined verification methods or techniques]." description: Verification methods have varying degrees of rigor in determining the correctness of software, firmware, and hardware components. For example, formal verification involves proving that a software program satisfies some formal property or set of properties. The nature of formal verification is generally time-consuming and not employed for commercial operating systems and applications. Therefore, it would likely only be applied to some very limited uses, such as verifying cryptographic protocols. However, in cases where software, firmware, or hardware components exist with formal verification of the component’s security properties, such components provide greater assurance and trustworthiness and are preferred over similar components that have not been formally verified. section-code: 7_e - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ssm_managed_instance_compliance_association_compliant - aws_ssm_managed_instance_compliance_patch_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_1_3_e.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_1_3_e.yaml index cb2106084..64e04e1a8 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_1_3_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_1_3_e.yaml @@ -3,10 +3,6 @@ control-group: title: "1.3e Employ [Assignment: organization-defined secure information transfer solutions] to control information flows between security domains on connected systems" description: Organizations employ information flow control policies and enforcement mechanisms to control the flow of information between designated sources and destinations within systems and between connected systems. Flow control is based on the characteristics of the information and/or the information path. Enforcement occurs, for example, in boundary protection devices that employ rule sets or establish configuration settings that restrict system services, provide a packet-filtering capability based on header information, or provide a message-filtering capability based on message content. Organizations also consider the trustworthiness of filtering and inspection mechanisms (i.e., hardware, firmware, and software components) that are critical to information flow enforcement. Transferring information between systems in different security domains with different security policies introduces the risk that the transfers violate one or more domain security policies. In such situations, information owners or information stewards provide guidance at designated policy enforcement points between connected systems. Organizations mandate specific architectural solutions when required to enforce logical or physical separation between systems in different security domains. Enforcement includes prohibiting information transfers between connected systems, employing hardware mechanisms to enforce one-way information flows, verifying write permissions before accepting information from another security domain or connected system, and implementing trustworthy regrading mechanisms to reassign security attributes and labels. section-code: 3_e - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_autoscaling_launch_config_public_ip_disabled diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_4.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_4.yaml index 80ed92015..4c45688b2 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_4.yaml @@ -3,10 +3,6 @@ control-group: title: Configuration Management description: CM controls are specific to an organization's configuration management policies. This includes a baseline configuration to operate as the basis for future builds or changes to information systems. Additionally, this includes information system component inventories and a security impact analysis control. section-code: "3_4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_172_3_4_2_e - id: aws_nist_800_172_3_4_3_e diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_4_2_e.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_4_2_e.yaml index 6dc75e5d1..49c7a7d72 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_4_2_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_4_2_e.yaml @@ -3,10 +3,6 @@ control-group: title: "4.2e Employ automated mechanisms to detect misconfigured or unauthorized system components; after detection, [Selection (one or more): remove the components; place the components in a quarantine or remediation network] to facilitate patching, re-configuration, or other mitigations" description: System components used to process, store, transmit, or protect CUI are monitored and checked against the authoritative source (i.e., hardware and software inventory and associated baseline configurations). From an automated assessment perspective, the system description provided by the authoritative source is referred to as the desired state. Using automated tools, the desired state is compared to the actual state to check for compliance or deviations. Security responses to system components that are unknown or that deviate from approved configurations can include removing the components; halting system functions or processing; placing the system components in a quarantine or remediation network that facilitates patching, re-configuration, or other mitigations; or issuing alerts and/or notifications to personnel when there is an unauthorized modification of an organization-defined configuration item. Responses can be automated, manual, or procedural. Components that are removed from the system are rebuilt from the trusted configuration baseline established by the authoritative source. section-code: 2_e - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_instance_automatic_minor_version_upgrade_enabled - aws_redshift_cluster_maintenance_settings_check diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_4_3_e.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_4_3_e.yaml index 5847efea5..b2d796468 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_4_3_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_4_3_e.yaml @@ -3,10 +3,6 @@ control-group: title: 4.3e Employ automated discovery and management tools to maintain an up-to-date, complete, accurate, and readily available inventory of system components description: The system component inventory includes system-specific information required for component accountability and to provide support to identify, control, monitor, and verify configuration items in accordance with the authoritative source. The information necessary for effective accountability of system components includes the system name, hardware and software component owners,hardware inventory specifications,software license information,software version numbers, and—for networked components—the machine names and network addresses. Inventory specifications include the manufacturer, supplier information, component type, date of receipt, cost, model, serial number, and physical location. Organizations also use automated mechanisms to implement and maintain authoritative (i.e., up-to-date, complete, accurate, and available) baseline configurations for systems that include hardware and software inventory tools, configuration management tools, and network management tools. Tools can be used to track version numbers on operating systems, applications, types of software installed, and current patch levels. section-code: 3_e - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ebs_volume_unused - aws_ec2_instance_ssm_managed diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_5.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_5.yaml index c0825b8ab..fd508b31c 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_5.yaml @@ -3,9 +3,5 @@ control-group: title: Identification and Authentication description: IA controls are specific to the identification and authentication policies in an organization. This includes the identification and authentication of organizational and non-organizational users and how the management of those systems. section-code: "3_5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_172_3_5_2_e diff --git a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_5_2_e.yaml b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_5_2_e.yaml index 0742daa09..eb8371fa2 100755 --- a/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_5_2_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_172/aws_nist_800_172_3_5_2_e.yaml @@ -3,10 +3,6 @@ control-group: title: 5.2e Employ automated mechanisms for the generation, protection, rotation, and management of passwords for systems and system components that do not support multifactor authentication or complex account management description: In situations where static passwords or personal identification numbers (PIN) are used (e.g., certain system components do not support multifactor authentication or complex account management, such as separate system accounts for each user and logging), automated mechanisms (e.g., password managers) can automatically generate, rotate, manage, and store strong and different passwords for users and device accounts. For example, a router might have one administrator account, but an organization typically has multiple network administrators. Therefore, access management and accountability are problematic. A password manager uses techniques such as automated password rotation (in this example, for the router password) to allow a specific user to temporarily gain access to a device by checking out a temporary password and then checking the password back in to end the access. The password manager simultaneously logs these actions. One of the risks in using password managers is that an adversary may target the collection of passwords that the device generates. Therefore, it is important that these passwords are secured. Methods for protecting passwords include the use of multi-factor authentication to the password manager, encryption, or secured hardware (e.g., a hardware security module). section-code: 2_e - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_secretsmanager_secret_rotated_as_scheduled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac.yaml index 98bc03bab..00ad3433f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_ac_2 - id: aws_nist_800_53_rev_4_ac_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17.yaml index dd9440d6a..16a245e66 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_ac_17_1 - id: aws_nist_800_53_rev_4_ac_17_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17_1.yaml index 0ec850328..de5de51ee 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17_2.yaml index 593cc54d0..cb60b8c33 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_elb_application_lb_drop_http_headers diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17_3.yaml index b1a53631a..475c7e4e2 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_17_3.yaml @@ -14,9 +14,5 @@ control-group: - AWS/VPC type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_vpc_igw_attached_to_authorized_vpc diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2.yaml index a97788838..680eefc5c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_ac_2_1 - id: aws_nist_800_53_rev_4_ac_2_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_21.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_21.yaml index 6ca18c0d2..268345193 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_21.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_21.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_1.yaml index bebd3bd1a..59a36fb06 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_12.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_12.yaml index 1afd38229..90fac641c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_3.yaml index 7b5567fab..db4b31e9d 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_3.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_user_unused_credentials_90 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_4.yaml index 11374234b..e89ce777e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_2_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_3.yaml index 711e3c9a6..d9b6132c0 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_4.yaml index 6ec0e4b51..907a2394f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_5.yaml index 30fbff46d..d81a9ca8c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_emr_cluster_kerberos_enabled - aws_iam_group_not_empty diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_6.yaml index f5066f292..412d38be7 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_ac_6_10 controls: diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_6_10.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_6_10.yaml index c6596cd1a..205f69e2d 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_6_10.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ac_6_10.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_no_access_keys diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au.yaml index 4a0fa0a65..52be220a7 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_au_2 - id: aws_nist_800_53_rev_4_au_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_11.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_11.yaml index c4cd1426a..1f41521fe 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_11.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_11.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_12.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_12.yaml index 81e29c70d..330faee50 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_2.yaml index ee69c4c1e..773dfb18e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_3.yaml index 495c636ab..4880b26fe 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_6.yaml index cfe6bca4e..8b8d9aacd 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_au_6_1 - id: aws_nist_800_53_rev_4_au_6_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_6_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_6_1.yaml index 8deeeb813..58b85b4ff 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_6_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_6_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_6_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_6_3.yaml index 373b99cfa..a1daaa0b4 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_6_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_6_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_7.yaml index 4be9e8e95..a5b0d4efd 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_au_7_1 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_7_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_7_1.yaml index 6ac8d6262..08eb7aa60 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_7_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_7_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_alarm_action_enabled - aws_cloudtrail_trail_integrated_with_logs diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_9.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_9.yaml index 7f2de248d..f2b6e9db9 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_9.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_au_9_2 controls: diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_9_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_9_2.yaml index f575b94b5..75366cd98 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_9_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_au_9_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS/S3 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_s3_bucket_cross_region_replication_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ca.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ca.yaml index 5f9bb094d..1df8daa6f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ca.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ca.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_ca_7 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ca_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ca_7.yaml index d64f7127a..dd5e7a9f5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ca_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ca_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm.yaml index 1d6e803f6..c69d9fb7a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_cm_2 - id: aws_nist_800_53_rev_4_cm_7 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_2.yaml index e553843d5..73b9be9a2 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_security_trail_enabled - aws_ebs_attached_volume_delete_on_termination_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_7.yaml index 1f5d49468..b0bc725a8 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_8.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_8.yaml index 6441d982b..fbecffcf9 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_cm_8_1 - id: aws_nist_800_53_rev_4_cm_8_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_8_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_8_1.yaml index 8963380b3..ecb317433 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_8_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_8_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/EC2 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_8_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_8_3.yaml index 7b7e88d92..7b48c3567 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_8_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cm_8_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cp.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cp.yaml index 83d66d3ca..241dcec43 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cp.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cp.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_cp_9 - id: aws_nist_800_53_rev_4_cp_10 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cp_10.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cp_10.yaml index 2b606bcb1..4371c67bf 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cp_10.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cp_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_dynamodb_table_in_backup_plan diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cp_9.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cp_9.yaml index 6a298793b..7d0a6c4e6 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cp_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_cp_9.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_in_backup_plan - aws_dynamodb_table_point_in_time_recovery_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia.yaml index 1cf07edf3..aa50ccbc5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_ia_2 - id: aws_nist_800_53_rev_4_ia_5 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2.yaml index f71a4399c..67e2927ca 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_ia_2_1 - id: aws_nist_800_53_rev_4_ia_2_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2_1.yaml index 5f7c71756..6c24b52b2 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2_11.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2_11.yaml index 7c5628d68..875e1d496 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2_11.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2_11.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2_2.yaml index 43b383296..c4cc7e68c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_2_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_user_console_access_mfa_enabled - aws_iam_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5.yaml index 566845f1f..78e70c0e1 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_ia_5_1 - id: aws_nist_800_53_rev_4_ia_5_4 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5_1.yaml index 8801dbb73..deec4ee1f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5_4.yaml index d01f1248d..d8223ea09 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5_7.yaml index ba999c496..13d082770 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ia_5_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CodeBuild type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir.yaml index b2a5a0111..c78b4475d 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_ir_4 - id: aws_nist_800_53_rev_4_ir_6 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_4.yaml index 966b819e3..2c4d4794f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_ir_4_1 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_4_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_4_1.yaml index e9cec49c4..6ae4bcbb4 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_4_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_4_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_alarm_action_enabled - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_6.yaml index 24e04caa6..239f5df66 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_6.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_ir_6_1 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_6_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_6_1.yaml index a61612b1b..ab02e9c44 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_6_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_6_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_7.yaml index cc3d42711..c432a56d5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_ir_7_1 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_7_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_7_1.yaml index b920602b5..1518dcc5a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_7_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ir_7_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ra.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ra.yaml index ae2c09d9b..2547f64a6 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ra.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ra.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_ra_5 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ra_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ra_5.yaml index 213b77801..10d8465d7 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ra_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_ra_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sa.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sa.yaml index dea5a575d..4bbc26575 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sa.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sa.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_sa_3 - id: aws_nist_800_53_rev_4_sa_10 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sa_10.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sa_10.yaml index ccf42d017..23c9b64eb 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sa_10.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sa_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sa_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sa_3.yaml index e5919d534..8ea61ff8a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sa_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sa_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values - aws_codebuild_project_source_repo_oauth_configured diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc.yaml index 588955f5a..33a9264bc 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_sc_2 - id: aws_nist_800_53_rev_4_sc_4 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_12.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_12.yaml index c0b889076..b046762de 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_kms_cmk_rotation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_13.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_13.yaml index c33945b9d..a0eaa914c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_13.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_13.yaml @@ -14,9 +14,5 @@ control-group: - AWS/DynamoDB type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_encrypted_with_kms diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_2.yaml index dc5441a5c..27a1622d7 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_group_not_empty - aws_iam_policy_no_star_star diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_23.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_23.yaml index 39c5a1c98..dac52e5ab 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_23.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_23.yaml @@ -14,10 +14,6 @@ control-group: - AWS/ELB type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elb_application_lb_drop_http_headers - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_28.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_28.yaml index ecafb0f03..5e3bf7465 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_28.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_28.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_4.yaml index 1a37de8e9..be849df55 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS/EBS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ebs_attached_volume_delete_on_termination_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_5.yaml index e53ce3d75..a699fc311 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_dynamodb_table_auto_scaling_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_7.yaml index 6bb538ee5..497b6caaa 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_sc_7_3 controls: diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_7_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_7_3.yaml index 07dc74c9a..4b428294e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_7_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_7_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_8.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_8.yaml index b555f923d..0e8a9e1a1 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_sc_8_1 controls: diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_8_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_8_1.yaml index 60ab2ea3b..622b57aaa 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_8_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_sc_8_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elb_application_lb_drop_http_headers - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si.yaml index 0b919f906..39bc01576 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_si_2 - id: aws_nist_800_53_rev_4_si_4 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_12.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_12.yaml index c84934219..c0e1afb18 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_log_group_retention_period_365 - aws_dynamodb_table_in_backup_plan diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_2.yaml index 60b98fa36..88bd9a258 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_si_2_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_2_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_2_2.yaml index 094ae1d22..3432cb778 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_2_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_2_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4.yaml index f4dff0672..680e8cf04 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_si_4_1 - id: aws_nist_800_53_rev_4_si_4_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_1.yaml index b028902be..280bbb6d7 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_16.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_16.yaml index c875ab5b1..ca97b18b8 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_16.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_16.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_2.yaml index 0e62156be..ef8906039 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_4.yaml index bad5b4767..fcf6ef749 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_5.yaml index 8919696dd..5b1a87025 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_4_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_7.yaml index 521475102..fa3cb84be 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_4_si_7_1 controls: diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_7_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_7_1.yaml index 28d17aa1f..c9fa9115d 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_7_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_4/aws_nist_800_53_rev_4_si_7_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled - aws_ec2_instance_ssm_managed diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac.yaml index dfc4eecd1..b10d3b59a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_2 - id: aws_nist_800_53_rev_5_ac_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_16.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_16.yaml index a2261f5f3..38c446a93 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_16.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_16.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_16_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_16_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_16_b.yaml index 3fb7760d9..c136c5df2 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_16_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_16_b.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17.yaml index b3d57acc5..67f973039 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_17_1 - id: aws_nist_800_53_rev_5_ac_17_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_1.yaml index c8e51dd4a..7e225c523 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_10.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_10.yaml index 6c79f65ff..e676790b0 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_10.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_2.yaml index 96c797871..1cf842a7c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_4.yaml index 3343cbcfa..3f2a45ed0 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_17_4_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_4_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_4_a.yaml index a497a1818..02b992d17 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_4_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_4_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_9.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_9.yaml index 6021f87b3..5a80cc0ff 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_9.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_b.yaml index 5d1191069..2be5b33e7 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_17_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2.yaml index b451392b6..3f78ee4f8 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_2_1 - id: aws_nist_800_53_rev_5_ac_2_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_24.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_24.yaml index d07f6f22c..c510effbb 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_24.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_24.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_24_1 controls: diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_24_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_24_1.yaml index a4adab785..46a94efb4 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_24_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_24_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_1.yaml index d80debcfd..eb85db436 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 - aws_iam_group_user_role_no_inline_policies diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_12.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_12.yaml index 05bbb8533..950eae1dc 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_12.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_2_12_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_12_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_12_a.yaml index a84bf6a3f..644f742e5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_12_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_12_a.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3.yaml index 439d9bce6..ac2a2f769 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_2_3_a - id: aws_nist_800_53_rev_5_ac_2_3_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_a.yaml index eca231733..df3f04540 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 - aws_iam_user_unused_credentials_90 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_b.yaml index 6151e4e55..5de7ea535 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 - aws_iam_user_unused_credentials_90 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_c.yaml index ccdfa91bd..516985e5b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 - aws_iam_user_unused_credentials_90 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_d.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_d.yaml index b581be527..663ab4f40 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_d.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_3_d.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 - aws_iam_user_unused_credentials_90 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_4.yaml index 3bc4bd75e..8aaca8c0e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_6.yaml index e86fc53c9..872a305b5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_d_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_d_1.yaml index cad1cd53b..7e5eee487 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_d_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_d_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_g.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_g.yaml index 6efd5e0b1..460fec6ac 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_g.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_g.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_user_unused_credentials_90 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_i_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_i_2.yaml index e207cdb6f..b92889322 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_i_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_i_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_group_user_role_no_inline_policies - aws_iam_policy_no_star_star diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_j.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_j.yaml index ea468dfbe..c623e893c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_j.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_2_j.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_user_unused_credentials_90 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3.yaml index 323558970..f55c9b912 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_3_1 - id: aws_nist_800_53_rev_5_ac_3_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_1.yaml index 14148bff4..956f8de3f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_trail_integrated_with_logs diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_10.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_10.yaml index caff4ac9a..3c78be82c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_10.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_12.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_12.yaml index 0ee088adf..4cb940cf8 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_3_12_a - id: aws_nist_800_53_rev_5_ac_3_12_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_12_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_12_a.yaml index 3b57acbad..dd6d7d918 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_12_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_12_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_12_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_12_b.yaml index 6cb3eab9e..818fe247f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_12_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_12_b.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_13.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_13.yaml index 3a8641458..be115e0cb 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_13.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_13.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_15.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_15.yaml index f6063ef0c..f26a3d617 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_15.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_15.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_3_15_a - id: aws_nist_800_53_rev_5_ac_3_15_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_15_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_15_a.yaml index 8a5b716ce..644df64fa 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_15_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_15_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_15_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_15_b.yaml index 1660e2673..2a7f31012 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_15_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_15_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_2.yaml index bc6915a0c..57edad387 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3.yaml index a942302ff..b481d9dda 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_3_3_a - id: aws_nist_800_53_rev_5_ac_3_3_b_1 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_a.yaml index aeff3aa42..e47cce8b0 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_1.yaml index d9cc6fe3c..0cb12496c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_2.yaml index 9247446f5..c2f9517ff 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_3.yaml index 6c50f93f4..fb979d96f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_4.yaml index 524fb6834..553fc731f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_5.yaml index a98843314..1407d0db6 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_b_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_c.yaml index cd1fd0ff5..c921a1061 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_3_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4.yaml index b5d6f08b9..d5e00c4c9 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_3_4_a - id: aws_nist_800_53_rev_5_ac_3_4_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_a.yaml index 45ef3173b..1441cffbf 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_b.yaml index 7218ba017..8dc1af1ab 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_secretsmanager_secret_unused_90_day - aws_secretsmanager_secret_rotated_as_scheduled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_c.yaml index 0bd12b449..b5072463b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_d.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_d.yaml index e951cf594..a8446951b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_d.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_d.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_e.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_e.yaml index 08ca61064..82417c089 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_4_e.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_7.yaml index 7c676cbcc..6f78582a3 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_s3_bucket_restrict_public_read_access - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_8.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_8.yaml index ef6852277..d4f146cdf 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_3_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4.yaml index 6d1e4de46..85a05a163 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_4_21 - id: aws_nist_800_53_rev_5_ac_4_22 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_21.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_21.yaml index c09843f2f..f9e006fbb 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_21.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_21.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_use_waf_web_acl - aws_autoscaling_launch_config_public_ip_disabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_22.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_22.yaml index 6a183a655..11ab2387f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_22.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_22.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_26.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_26.yaml index 30c174197..6b88d0086 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_26.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_26.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_28.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_28.yaml index 98440125f..417cc0203 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_28.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_4_28.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_5.yaml index f8d2fadde..bf518d1d3 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_5.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_5_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_5_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_5_b.yaml index 548d6c44e..a5f477535 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_5_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_5_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ecs_task_definition_user_for_host_mode_check - aws_iam_all_policy_no_service_wild_card diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6.yaml index 878686934..71391c571 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_6_2 - id: aws_nist_800_53_rev_5_ac_6_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_10.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_10.yaml index 3bee4ab83..1c22aa338 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_10.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_all_policy_no_service_wild_card - aws_iam_policy_no_star_star diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_2.yaml index 102d596d1..efa8587d1 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_all_policy_no_service_wild_card - aws_iam_policy_no_star_star diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_3.yaml index ae4108a04..36be8fd81 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_group_user_role_no_inline_policies - aws_iam_policy_no_star_star diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_9.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_9.yaml index b21bad49b..bd6b2e8af 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_6_9.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_7.yaml index ef13fb423..b80741016 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_7_4 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_7_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_7_4.yaml index 552eaeca6..d4ab0438f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_7_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_7_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ac_7_4_a controls: diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_7_4_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_7_4_a.yaml index ac40a25dc..00215e824 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_7_4_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ac_7_4_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 - aws_iam_root_user_hardware_mfa_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au.yaml index e258198a2..ef2ff7cf5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_au_2 - id: aws_nist_800_53_rev_5_au_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_10.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_10.yaml index e4b579e7d..f10478de5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_10.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_11.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_11.yaml index 0bf7d86f7..29668dacd 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_11.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_11.yaml @@ -14,10 +14,6 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_au_11_1 controls: diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_11_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_11_1.yaml index 3784a8e01..c44e7675f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_11_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_11_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12.yaml index a4e836984..0ff41cc8f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_au_12_1 - id: aws_nist_800_53_rev_5_au_12_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_1.yaml index e001f8f81..d819f9373 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_2.yaml index 18a6582bc..a946b7ce0 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_3.yaml index 3b7bb6a42..67b6b1d3e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_autoscaling_group_with_lb_use_health_check diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_4.yaml index fc4f072a8..591771549 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_a.yaml index 2ef1edb01..cd33083a5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_c.yaml index d6d6ac017..4a0c5f802 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_12_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14.yaml index 537cba735..8206d1926 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_au_14_3 - id: aws_nist_800_53_rev_5_au_14_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14_3.yaml index 3e4c368aa..17ef9f107 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14_a.yaml index a6f82ff65..ddb0d3934 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_autoscaling_group_with_lb_use_health_check diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14_b.yaml index 7027cfe26..07a033f95 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_14_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_autoscaling_group_with_lb_use_health_check diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_16.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_16.yaml index 2e9b50204..ea17454ff 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_16.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_16.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_2.yaml index f68ef8e17..9a811842f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_au_2_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_2_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_2_b.yaml index 1359646da..a7961e556 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_2_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_2_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3.yaml index 7dc2d871f..c0e1abd85 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_au_3_1 - id: aws_nist_800_53_rev_5_au_3_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_1.yaml index fc1d2f83d..7db405344 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_a.yaml index 783e2a501..0db79d520 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_b.yaml index 0bf448288..ece54b01e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_c.yaml index 7895a247c..52986ee2a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_d.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_d.yaml index 39f90fc4c..2747d3c01 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_d.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_d.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_e.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_e.yaml index 6fca4d4da..f3a0edbad 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_e.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_f.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_f.yaml index a30e5f6be..278d1e86d 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_f.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_3_f.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_4.yaml index 9be8527ad..c3fa67b8e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_au_4_1 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_4_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_4_1.yaml index 181d7c462..b716376f4 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_4_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_4_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6.yaml index 10c781051..dc64158a3 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_au_6_1 - id: aws_nist_800_53_rev_5_au_6_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_1.yaml index f464fc3da..810e51be2 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_3.yaml index fb6082034..8ba020bc6 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_4.yaml index 84c856fd4..6a8c1acc6 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_5.yaml index c929cdbdb..3dfaceff8 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_6.yaml index 80fcbd172..ce9088764 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_9.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_9.yaml index 54f83ee6d..3af6db352 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_6_9.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_7.yaml index f0562fa66..74eb00df8 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_au_7_1 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_7_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_7_1.yaml index 103e1736d..2b93970e6 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_7_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_7_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_8.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_8.yaml index 2fe0d42f7..25b40f98c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_8.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_au_8_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_8_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_8_b.yaml index d4e9db3d7..76ab83404 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_8_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_8_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9.yaml index d6308edae..ac5002582 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_au_9_2 - id: aws_nist_800_53_rev_5_au_9_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_2.yaml index 0cc96023e..7f744f9f4 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/S3 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_s3_bucket_cross_region_replication_enabled - aws_s3_bucket_versioning_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_3.yaml index 0de30df9a..069a16334 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_apigateway_stage_cache_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_7.yaml index 1cff9bd94..b89ab3616 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_a.yaml index 7ea997c69..38bef466b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_au_9_a.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca.yaml index 83c581e8f..2c5307882 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ca_2 - id: aws_nist_800_53_rev_5_ca_7 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_2.yaml index cfb81439f..9a62e8af9 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ca_2_2 - id: aws_nist_800_53_rev_5_ca_2_d diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_2_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_2_2.yaml index 8e9fee7f6..65d0db7cc 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_2_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_2_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_2_d.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_2_d.yaml index 2e88e6a83..48a5c9929 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_2_d.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_2_d.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_securityhub_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7.yaml index a4a6636cd..f14346262 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ca_7_4 - id: aws_nist_800_53_rev_5_ca_7_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7_4.yaml index 9a6ab9534..75138f590 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ca_7_4_c diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7_4_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7_4_c.yaml index 95bc016e0..04c17c71c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7_4_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7_4_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elb_application_lb_deletion_protection_enabled - aws_rds_db_instance_deletion_protection_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7_b.yaml index a2285c7e0..4bb8ae1d9 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_7_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_autoscaling_group_with_lb_use_health_check diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_9.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_9.yaml index 3544f3a3c..cb65fe342 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_9.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ca_9_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_9_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_9_b.yaml index e9afdfa16..b5fdf5b43 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_9_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ca_9_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm.yaml index b31d8664f..8c1b68c15 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cm_2 - id: aws_nist_800_53_rev_5_cm_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_12.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_12.yaml index 7e8931ab2..87e122c64 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_12.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cm_12_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_12_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_12_b.yaml index cee1d289c..9fe041010 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_12_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_12_b.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2.yaml index b33058f4b..a735b620b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cm_2_2 - id: aws_nist_800_53_rev_5_cm_2_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_2.yaml index 1b9184923..061932988 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ebs_volume_unused - aws_ec2_instance_ssm_managed diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_a.yaml index 20b0c19d5..31fd436c2 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ebs_volume_unused - aws_ec2_instance_ssm_managed diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b.yaml index 464e9c83c..42a8632a5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cm_2_b_1 - id: aws_nist_800_53_rev_5_cm_2_b_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b_1.yaml index 0cb4f0e98..33dd94253 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_ebs_volume_unused diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b_2.yaml index 1833a1fd5..9e7ca5da3 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_ebs_volume_unused diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b_3.yaml index b3422f069..dbfccd984 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_2_b_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_ebs_volume_unused diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_3.yaml index ee2cc3e1a..5d6bdfd97 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cm_3_3 - id: aws_nist_800_53_rev_5_cm_3_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_3_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_3_3.yaml index d285e2f82..1c517ebc5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_3_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_3_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_ebs_volume_unused diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_3_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_3_a.yaml index 2d898a757..7f6cf1756 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_3_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_3_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elb_application_lb_deletion_protection_enabled - aws_rds_db_instance_deletion_protection_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5.yaml index 567dccb22..ea08dc2a1 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cm_5_1 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5_1.yaml index ec3b26557..b6747c5a1 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cm_5_1_a - id: aws_nist_800_53_rev_5_cm_5_1_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5_1_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5_1_a.yaml index a7818e2b3..dde5c5fd8 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5_1_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5_1_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_iam_profile_attached - aws_ec2_instance_uses_imdsv2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5_1_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5_1_b.yaml index d52f71539..ca27c17a2 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5_1_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_5_1_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_6.yaml index 5196a0cfc..b718369fd 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cm_6_a controls: diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_6_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_6_a.yaml index 6762947fb..16d5e10c2 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_6_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_6_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_autoscaling_group_with_lb_use_health_check diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_7.yaml index cbdd51140..5a5243e16 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cm_7_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_7_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_7_b.yaml index 053a76667..3b94d657c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_7_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_7_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_vpc_route_table_restrict_public_access_to_igw - aws_vpc_security_group_restrict_ingress_common_ports_all diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8.yaml index 0d204bb24..670685a98 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cm_8_1 - id: aws_nist_800_53_rev_5_cm_8_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_1.yaml index 78dae1d7e..96e42b69d 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_2.yaml index 8be362936..4e2b5bcb0 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_3.yaml index d0c988f84..d071e34fa 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_3.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cm_8_3_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_3_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_3_a.yaml index 79369ef38..89e2ce5ed 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_3_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_3_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_6.yaml index bee8d9add..f142becb7 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ebs_volume_unused - aws_ec2_instance_ssm_managed diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a.yaml index ba5872859..9d81c054d 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cm_8_a_1 - id: aws_nist_800_53_rev_5_cm_8_a_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_1.yaml index 169e706b5..3a45b2e01 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_2.yaml index 627826785..b4457db9b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_3.yaml index 50e1914e9..f189f3674 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_4.yaml index c51296ed7..42ff661ea 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_5.yaml index a2aad19da..596c90720 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_a_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_b.yaml index 6df019ec7..d5921ffeb 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_8_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_9.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_9.yaml index d5f267ab9..bb28328cb 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_9.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cm_9_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_9_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_9_b.yaml index 02fcf4602..4e0135b49 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_9_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cm_9_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_account_part_of_organizations - aws_autoscaling_group_with_lb_use_health_check diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp.yaml index 172e082f3..cbf1cf2e0 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cp_1 - id: aws_nist_800_53_rev_5_cp_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1.yaml index 0268003ad..b6a25bd89 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cp_1_2 - id: aws_nist_800_53_rev_5_cp_1_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_10.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_10.yaml index 598ef4f6c..637c8eb18 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_10.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_10.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cp_10_2 controls: diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_10_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_10_2.yaml index 410c8176b..9d8f99b11 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_10_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_10_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_in_backup_plan - aws_dynamodb_table_point_in_time_recovery_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_2.yaml index 0ae52a91f..8078ef8c2 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_in_backup_plan - aws_ebs_volume_in_backup_plan diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_a.yaml index f3bc3d6e9..a13caa3c2 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cp_1_a_2 - id: aws_nist_800_53_rev_5_cp_1_a_1_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_a_1_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_a_1_b.yaml index 0959a4a8c..364d59a75 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_a_1_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_a_1_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_elb_application_lb_deletion_protection_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_a_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_a_2.yaml index 68016c77f..d5b9f5bab 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_a_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_1_a_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_elb_application_lb_deletion_protection_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2.yaml index 8c7244fe9..eb1979c98 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cp_2_a - id: aws_nist_800_53_rev_5_cp_2_d diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_5.yaml index cac93e9dd..25688a55a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_dynamodb_table_in_backup_plan diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_6.yaml index 3dc798119..ea4f70f2c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_elb_classic_lb_cross_zone_load_balancing_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_a.yaml index 19f4717fa..3a2f40585 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cp_2_a_6 - id: aws_nist_800_53_rev_5_cp_2_a_7 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_a_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_a_6.yaml index 7e08cf53c..cb5d00a59 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_a_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_a_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_elb_application_lb_deletion_protection_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_a_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_a_7.yaml index f43c62c15..dd37e7521 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_a_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_a_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_elb_application_lb_deletion_protection_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_d.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_d.yaml index 3ac66707f..4b2af8d3a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_d.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_d.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_elb_application_lb_deletion_protection_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_e.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_e.yaml index 6b151e3f0..f4deb9b29 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_e.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_2_e.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_elb_application_lb_deletion_protection_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6.yaml index 0dcc1970a..8ff1c472a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cp_6_1 - id: aws_nist_800_53_rev_5_cp_6_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6_1.yaml index d55bab177..71472ab03 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_in_backup_plan - aws_ebs_volume_in_backup_plan diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6_2.yaml index 14127e398..0af90dc13 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_dynamodb_table_in_backup_plan diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6_a.yaml index b273764ca..6f04876da 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_6_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_in_backup_plan - aws_ebs_volume_in_backup_plan diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9.yaml index ce83be2c2..9d46ce9ec 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_cp_9_8 - id: aws_nist_800_53_rev_5_cp_9_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_8.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_8.yaml index 8fe8e9834..dc00ae3e9 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_snapshot_encrypted_at_rest - aws_s3_bucket_default_encryption_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_a.yaml index 3ae5dc623..6c82a470a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_in_backup_plan - aws_dynamodb_table_point_in_time_recovery_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_b.yaml index fbdad092e..a6c7b1883 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_in_backup_plan - aws_dynamodb_table_point_in_time_recovery_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_c.yaml index 2180bd314..88bf38a4b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_in_backup_plan - aws_ebs_volume_in_backup_plan diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_d.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_d.yaml index cb92bcf2e..c6dfdd1a4 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_d.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_cp_9_d.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia.yaml index e03f61626..d3becd49b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ia_2 - id: aws_nist_800_53_rev_5_ia_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2.yaml index 94498c279..3fa9528e2 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ia_2_1 - id: aws_nist_800_53_rev_5_ia_2_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_1.yaml index 53c522373..0b2df6a68 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_2.yaml index a80dc4789..a5e2ffc04 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_6.yaml index d7e92d86f..7c92dda15 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ia_2_6_a controls: diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_6_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_6_a.yaml index 481b8aac2..a651f6a1e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_6_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_6_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_8.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_8.yaml index d9ef530d2..40535e9da 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_2_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_root_user_mfa_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_3.yaml index 097181e6a..1a7eb7c46 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_3.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ia_3_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_3_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_3_3.yaml index d6ea7346c..1670c1aef 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_3_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_3_3.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ia_3_3_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_3_3_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_3_3_b.yaml index c6ba509e8..ac181214b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_3_3_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_3_3_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_wafv2_web_acl_logging_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4.yaml index 642ac105e..58e47561f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ia_4_8 - id: aws_nist_800_53_rev_5_ia_4_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_4.yaml index fcf32f2e4..1ad5928a6 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_no_access_keys diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_8.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_8.yaml index 3c19249be..87c177c68 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_8.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_no_access_keys diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_b.yaml index 510b35a9b..5efdf7596 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_b.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_no_access_keys diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_d.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_d.yaml index 24210b125..da1b950d0 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_d.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_4_d.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5.yaml index d48164fac..96b5ae876 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ia_5_1 - id: aws_nist_800_53_rev_5_ia_5_8 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1.yaml index 9729ea528..713426220 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ia_5_1_c - id: aws_nist_800_53_rev_5_ia_5_1_f diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_18.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_18.yaml index c5109e76c..1441a2a0b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_18.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_18.yaml @@ -14,10 +14,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ia_5_18_a - id: aws_nist_800_53_rev_5_ia_5_18_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_18_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_18_a.yaml index f1766a8bb..7093c7417 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_18_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_18_a.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_18_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_18_b.yaml index 42b8709ce..4c1a76562 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_18_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_18_b.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_c.yaml index 81adef0b5..50e4caaea 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_f.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_f.yaml index c089df12c..3b9a0a737 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_f.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_f.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_g.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_g.yaml index 543618c20..4cdede242 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_g.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_g.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_h.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_h.yaml index 8cfb64ded..c96467cca 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_h.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_1_h.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_8.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_8.yaml index 77bb68e9f..0f6129832 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_8.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_no_access_keys diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_b.yaml index 931ee6c42..73377d483 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_b.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_c.yaml index 7958a4f06..042c9a479 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_c.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_d.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_d.yaml index 3e2ef19eb..5da99ab1b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_d.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_d.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_f.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_f.yaml index 184ce027e..cf7c1c32e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_f.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_f.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_h.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_h.yaml index 3f00c5670..a38a48a7a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_h.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_5_h.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_8.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_8.yaml index dc30bb6ae..ddec2cca0 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_8.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ia_8_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_8_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_8_2.yaml index 622d9cb6d..a2e6c61b1 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_8_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_8_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ia_8_2_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_8_2_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_8_2_b.yaml index c253f70e4..5a78e6988 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_8_2_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ia_8_2_b.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ir.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ir.yaml index d96d2abd6..40cf9ecc7 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ir.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ir.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ir_4 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ir_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ir_4.yaml index c7d785022..78108a0ed 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ir_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ir_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ir_4_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ir_4_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ir_4_a.yaml index 415c946e0..58316bd66 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ir_4_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ir_4_a.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma.yaml index 91f91108b..17978c76a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ma_4 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4.yaml index 6268cc47d..323035c8f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ma_4_1 - id: aws_nist_800_53_rev_5_ma_4_c diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4_1.yaml index ab0f9c33c..5dcb2aad8 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ma_4_1_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4_1_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4_1_a.yaml index 18bca9171..39ac85c5e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4_1_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4_1_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4_c.yaml index be4f3dd96..844edbac6 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ma_4_c.yaml @@ -14,9 +14,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_mp.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_mp.yaml index 5c70313fb..a03050711 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_mp.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_mp.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_mp_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_mp_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_mp_2.yaml index 538ec2dec..3d4d3b0f1 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_mp_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_mp_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe.yaml index 88bd17abb..59dcafc8c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_pe_6 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe_6.yaml index f03177521..147667efb 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_pe_6_2 - id: aws_nist_800_53_rev_5_pe_6_4 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe_6_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe_6_2.yaml index 34e0631c5..6de55936a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe_6_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe_6_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe_6_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe_6_4.yaml index 445f4053d..1b02a7b3e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe_6_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pe_6_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm.yaml index aa5b30900..42bcabb9a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_pm_11 - id: aws_nist_800_53_rev_5_pm_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_11.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_11.yaml index a95f6f47b..cef02316f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_11.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_11.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_pm_11_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_11_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_11_b.yaml index 0748edba6..101180406 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_11_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_11_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled - aws_s3_bucket_default_encryption_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_14.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_14.yaml index ad0976e48..9281d25fd 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_14.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_14.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_pm_14_a_1 - id: aws_nist_800_53_rev_5_pm_14_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_14_a_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_14_a_1.yaml index dd9bf7ec7..42e92e854 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_14_a_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_14_a_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_autoscaling_group_with_lb_use_health_check diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_14_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_14_b.yaml index 1db4cadbb..a388c1929 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_14_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_14_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_autoscaling_group_with_lb_use_health_check diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_16.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_16.yaml index a2ab44f95..2a524d522 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_16.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_16.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_17.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_17.yaml index 95e359aa8..61a99ca8a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_17.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_17.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_pm_17_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_17_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_17_b.yaml index 0dba762bd..0474f1523 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_17_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_17_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_21.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_21.yaml index 78a25e787..39f01b599 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_21.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_21.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_pm_21_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_21_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_21_b.yaml index e6902bf56..b6eb988dc 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_21_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_21_b.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_31.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_31.yaml index 705784782..c15cbbc1a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_31.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_pm_31.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_autoscaling_group_with_lb_use_health_check diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra.yaml index df98f28cb..d58742c36 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ra_1 - id: aws_nist_800_53_rev_5_ra_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1.yaml index 56c67a61a..1b307dce1 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ra_1_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10.yaml index 16c67e047..8b1922d50 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ra_10_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10_a.yaml index 3b83d31b9..56fdf6ac2 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ra_10_a_1 - id: aws_nist_800_53_rev_5_ra_10_a_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10_a_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10_a_1.yaml index 8966847f8..0510c4428 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10_a_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10_a_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10_a_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10_a_2.yaml index ca82762a0..b8455a011 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10_a_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_10_a_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1_a.yaml index 5f53604e0..43e2d5284 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ra_1_a_1 - id: aws_nist_800_53_rev_5_ra_1_a_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1_a_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1_a_1.yaml index 8aa9a21bd..5a3c30efc 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1_a_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1_a_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1_a_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1_a_2.yaml index f0dd0e197..d18004f45 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1_a_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_1_a_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_3.yaml index afca679a9..dc0704b16 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ra_3_4 - id: aws_nist_800_53_rev_5_ra_3_a_1 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_3_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_3_4.yaml index 1ff61a001..e1ee48e65 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_3_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_3_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_3_a_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_3_a_1.yaml index f2245b46e..f142bb8ba 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_3_a_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_3_a_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_ssm_managed_instance_compliance_patch_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_5.yaml index e80d5701a..37e6420e4 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_ra_5_4 - id: aws_nist_800_53_rev_5_ra_5_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_5_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_5_4.yaml index b0b2a3522..565d21e7a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_5_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_5_4.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_5_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_5_a.yaml index 100c8889c..761ee3495 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_5_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_ra_5_a.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa.yaml index 126cc0ec3..402e666a1 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sa_1 - id: aws_nist_800_53_rev_5_sa_9 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_1.yaml index 5b5438750..8294edc80 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudTrail type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sa_1_1 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_10.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_10.yaml index f676618b8..bdb284b13 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_10.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_10.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudTrail type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sa_10_1 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_10_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_10_1.yaml index a1f4f9bf5..621320849 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_10_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_10_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudTrail type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_15.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_15.yaml index bb8d58b04..4d4d9072e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_15.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_15.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sa_15_a_4 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_15_a_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_15_a_4.yaml index 9cf96f408..23f110b12 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_15_a_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_15_a_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elb_application_lb_deletion_protection_enabled - aws_rds_db_instance_deletion_protection_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_1_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_1_1.yaml index 762e4871b..dd19e2993 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_1_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_1_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudTrail type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_9.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_9.yaml index f5cb0e160..7a9c7e04c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_9.yaml @@ -14,9 +14,5 @@ control-group: - AWS/KMS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sa_9_6 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_9_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_9_6.yaml index a6f332d74..3c7b35dad 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_9_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sa_9_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS/KMS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_kms_key_not_pending_deletion - aws_kms_cmk_rotation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc.yaml index 13075d383..b1b8e626a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_5 - id: aws_nist_800_53_rev_5_sc_6 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_12.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_12.yaml index 67606cecd..4e6700a14 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS/KMS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_12_2 - id: aws_nist_800_53_rev_5_sc_12_6 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_12_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_12_2.yaml index f8eaf1e00..9ccbc740c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_12_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_12_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS/KMS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_kms_cmk_rotation_enabled - aws_kms_key_not_pending_deletion diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_12_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_12_6.yaml index 13e86f04c..61b18c287 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_12_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_12_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS/KMS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_kms_cmk_rotation_enabled - aws_kms_key_not_pending_deletion diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_13.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_13.yaml index 14d1e6d09..c271fd5cf 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_13.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_13.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_13_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_13_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_13_a.yaml index b34a36882..740621d50 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_13_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_13_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_apigateway_stage_cache_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_16.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_16.yaml index 527c5071e..a2ecbb519 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_16.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_16.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_16_1 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_16_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_16_1.yaml index c09df6cfc..36a15b548 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_16_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_16_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled - aws_s3_bucket_default_encryption_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_22.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_22.yaml index 4c424c148..d2257dc26 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_22.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_22.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_elb_application_lb_deletion_protection_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_23.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_23.yaml index 583e8a46b..0fbea52e7 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_23.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_23.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_23_3 - id: aws_nist_800_53_rev_5_sc_23_5 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_23_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_23_3.yaml index ff2ead554..7f0181faa 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_23_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_23_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_uses_imdsv2 - aws_iam_account_password_policy_min_length_14 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_23_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_23_5.yaml index 4737dcf0d..f38b0f558 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_23_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_23_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS/ELB type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elb_application_network_lb_use_ssl_certificate - aws_elb_classic_lb_use_ssl_certificate diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_25.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_25.yaml index 949266fc2..6919cb2aa 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_25.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_25.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_28.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_28.yaml index c2ec80f5c..19425fb61 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_28.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_28.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_28_1 - id: aws_nist_800_53_rev_5_sc_28_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_28_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_28_1.yaml index e1c2e10b7..8e97c6445 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_28_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_28_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_28_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_28_2.yaml index 521ac1304..7bbca8164 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_28_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_28_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_36.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_36.yaml index 7509349bc..fd28206e9 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_36.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_36.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_36_1_a controls: diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_36_1_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_36_1_a.yaml index beabf2ec0..1d4d79b63 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_36_1_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_36_1_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_43.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_43.yaml index 60dd477f9..02d446ab9 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_43.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_43.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_43_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_43_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_43_b.yaml index 1f5146258..fb3e6301d 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_43_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_43_b.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5.yaml index 4d8e6ab53..72c11f30a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_5_1 - id: aws_nist_800_53_rev_5_sc_5_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_1.yaml index 8ecc43cc6..0ae617387 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_2.yaml index af6905021..80bbca121 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_dynamodb_table_in_backup_plan diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_3.yaml index acb661599..1991d5d1d 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_5_3_a - id: aws_nist_800_53_rev_5_sc_5_3_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_3_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_3_a.yaml index 9a2545952..d80503625 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_3_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_3_a.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_3_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_3_b.yaml index 23a3d5ecb..8aa6da4cd 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_3_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_3_b.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_a.yaml index 9ac0ab7ee..5030fc435 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_a.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_b.yaml index 33ab7cfd0..722d5e36f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_5_b.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_6.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_6.yaml index f5600cf64..c5c075f99 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_6.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_6.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_dynamodb_table_auto_scaling_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7.yaml index 731ec3f49..26490a00f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_7_2 - id: aws_nist_800_53_rev_5_sc_7_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_11.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_11.yaml index 6c7126c4e..24fb27415 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_11.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_11.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_12.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_12.yaml index ca63b44b7..02a0da7f7 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_12.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_16.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_16.yaml index dd49afe2a..1bc6f078b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_16.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_16.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_2.yaml index 25c9a6d69..2d090e027 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_20.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_20.yaml index 8ed37406a..551b115aa 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_20.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_20.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_21.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_21.yaml index dd5aad903..76f32ac0a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_21.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_21.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_24.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_24.yaml index c63a84611..99e0fd3e0 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_24.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_24.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_7_24_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_24_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_24_b.yaml index 2d46338a1..eabf8b3b6 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_24_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_24_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_25.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_25.yaml index b15416134..315b1c062 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_25.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_25.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_26.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_26.yaml index 397603cf8..7d776e9c6 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_26.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_26.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_27.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_27.yaml index 1bb27a3e1..f61920075 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_27.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_27.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_28.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_28.yaml index ae1600be3..179583098 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_28.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_28.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_3.yaml index b497384c0..bc41bc5c4 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_4.yaml index 66f4b9638..16d8e7da7 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_7_4_b - id: aws_nist_800_53_rev_5_sc_7_4_g diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_4_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_4_b.yaml index 4d79c7bba..02497a493 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_4_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_4_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_4_g.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_4_g.yaml index ac9f774a7..f2629d980 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_4_g.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_4_g.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_5.yaml index ba675c449..96e8d2747 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_classic_lb_use_ssl_certificate diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_7.yaml index 5f407f7ed..806d763f6 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_9.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_9.yaml index d8c529582..0b1a8e698 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_9.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_9.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_7_9_a - id: aws_nist_800_53_rev_5_sc_7_9_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_9_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_9_a.yaml index 279a69c6b..20e599a3d 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_9_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_9_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_9_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_9_b.yaml index 6a513d2f9..199813a4e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_9_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_9_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_a.yaml index d2888b1bb..688c09461 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_b.yaml index 9bc7d7432..4a2a099c3 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_c.yaml index 52cabefa3..1fe2bc8a5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_7_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8.yaml index a53bb1425..5a9e96f36 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_sc_8_1 - id: aws_nist_800_53_rev_5_sc_8_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_1.yaml index 2cc2d845c..7a9633945 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_2.yaml index 891dd406f..2a229b569 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_3.yaml index 29951de81..ea37471bc 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_apigateway_stage_cache_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_4.yaml index b52d6795d..c94948ae6 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_apigateway_stage_cache_encryption_at_rest_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_5.yaml index ffdfebfed..ad4af6442 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_sc_8_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_elb_application_lb_redirect_http_request_to_https diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si.yaml index 869504986..a2dd5e0e3 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_1 - id: aws_nist_800_53_rev_5_si_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1.yaml index 8e4729196..35770e78d 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_1_1_c - id: aws_nist_800_53_rev_5_si_1_a_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_10.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_10.yaml index 2383362ac..4c9a03e3f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_10.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_10.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_10_1 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_10_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_10_1.yaml index 033221b47..0fd19ad9a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_10_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_10_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_10_1_c diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_10_1_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_10_1_c.yaml index c0b825c32..afc8b774b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_10_1_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_10_1_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_12.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_12.yaml index 48a285da5..be0173e5e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_12.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_13.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_13.yaml index 36e9d1218..af388b279 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_13.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_13.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_13_5 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_13_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_13_5.yaml index c63513f11..8c1f858e2 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_13_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_13_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_auto_scaling_enabled - aws_dynamodb_table_in_backup_plan diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_19.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_19.yaml index 0b5322da0..3925b8082 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_19.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_19.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_19_4 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_19_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_19_4.yaml index cda4b3228..2ec808f35 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_19_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_19_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1_1_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1_1_c.yaml index 2bf6dc729..b66f1dcb5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1_1_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1_1_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1_a_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1_a_2.yaml index c7c232a04..e628f6357 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1_a_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1_a_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1_c_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1_c_2.yaml index b916b5304..4c2ddf70f 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1_c_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_1_c_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_rest_api_stage_use_ssl_certificate - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2.yaml index 1f1d1a923..0f1f9817b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_2_2 - id: aws_nist_800_53_rev_5_si_2_5 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_2.yaml index b94eee6bf..fbc08d533 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elastic_beanstalk_enhanced_health_reporting_enabled - aws_redshift_cluster_maintenance_settings_check diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_5.yaml index 58688b0bf..c190dc106 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elastic_beanstalk_enhanced_health_reporting_enabled - aws_redshift_cluster_maintenance_settings_check diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_a.yaml index 77ce16514..15edab495 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_c.yaml index e8a024912..b60be9c4b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_c.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elastic_beanstalk_enhanced_health_reporting_enabled - aws_redshift_cluster_maintenance_settings_check diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_d.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_d.yaml index 2fd59f68b..9026066e6 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_d.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_2_d.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elastic_beanstalk_enhanced_health_reporting_enabled - aws_redshift_cluster_maintenance_settings_check diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3.yaml index 60fa3e935..b6135e652 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_3_8 - id: aws_nist_800_53_rev_5_si_3_c_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_8.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_8.yaml index bf5129457..0ce7641da 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_3_8_a - id: aws_nist_800_53_rev_5_si_3_8_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_8_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_8_a.yaml index 3106da46d..c3e4147ce 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_8_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_8_a.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_8_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_8_b.yaml index 4bd27e970..970d5208b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_8_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_8_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_c_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_c_2.yaml index 71abf8166..b88b2479b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_c_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_3_c_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4.yaml index 375b759f0..427eb6574 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_4_1 - id: aws_nist_800_53_rev_5_si_4_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_1.yaml index eab783751..5ede28072 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_10.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_10.yaml index 3c4be8b8b..c26caf6a4 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_10.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_10.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_12.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_12.yaml index 387ecc857..cea2d7388 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_12.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_12.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudWatch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_alarm_action_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_13.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_13.yaml index 9aa7cc712..7af85f744 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_13.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_13.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_4_13_a diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_13_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_13_a.yaml index cf1072e70..ef38fccd1 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_13_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_13_a.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_14.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_14.yaml index af80fa701..345f42b06 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_14.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_14.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_17.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_17.yaml index 4abece5bf..400b9c0f4 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_17.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_17.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_2.yaml index a185513ae..2943f2593 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_2.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_trail_integrated_with_logs diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_20.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_20.yaml index 8e1560b86..d7aa8549c 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_20.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_20.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_23.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_23.yaml index 02ca312bb..9d4758774 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_23.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_23.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_25.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_25.yaml index 07acbbc1a..c5e54d229 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_25.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_25.yaml @@ -14,9 +14,5 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_3.yaml index 778a2b3b4..8a12c387e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_3.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_4.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_4.yaml index 1a69e6555..87495f9e9 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_4.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_4.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_4_4_a - id: aws_nist_800_53_rev_5_si_4_4_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_4_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_4_a.yaml index 5c37a0156..497eda938 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_4_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_4_a.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_4_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_4_b.yaml index 48091c7df..14c789f6a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_4_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_4_b.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_a.yaml index b65337c9c..5a82e97b4 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_a.yaml @@ -14,10 +14,6 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_4_a_1 - id: aws_nist_800_53_rev_5_si_4_a_2 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_a_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_a_1.yaml index 6aec7ac2d..d85fabd3b 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_a_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_a_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_a_2.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_a_2.yaml index a4c7ae530..431fdc41e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_a_2.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_a_2.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_b.yaml index 059a3b294..dd9657e5a 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_b.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_c.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_c.yaml index 18080ff38..4bc4b229d 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_c.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_c.yaml @@ -14,9 +14,5 @@ control-group: - AWS/GuardDuty type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_d.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_d.yaml index 2a65ded0a..51bbdaab5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_d.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_4_d.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudTrail type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_5.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_5.yaml index ff7f496c5..a36bf9c63 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_5.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_5.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_5_1 - id: aws_nist_800_53_rev_5_si_5_b diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_5_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_5_1.yaml index 851c41d60..30c14b2f5 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_5_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_5_1.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_alarm_action_enabled - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_5_b.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_5_b.yaml index f4a64e3ac..4d74cfe97 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_5_b.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_5_b.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_alarm_action_enabled - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7.yaml index 2628d98a5..daf1a5400 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_nist_800_53_rev_5_si_7_1 - id: aws_nist_800_53_rev_5_si_7_3 diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_1.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_1.yaml index 7a952496d..bf7b0af77 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_1.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_1.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudTrail type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_3.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_3.yaml index 4fbbd3a65..eb3ec2e80 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_3.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_3.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudTrail type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_7.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_7.yaml index 699f0e87a..284b494d7 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_7.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_7.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudTrail type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_8.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_8.yaml index 7d0bce5a2..99d8f203e 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_8.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_8.yaml @@ -14,10 +14,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_wafv2_web_acl_logging_enabled diff --git a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_a.yaml b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_a.yaml index 6beae2695..f2beb49ba 100755 --- a/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_a.yaml +++ b/compliance/frameworks/aws/aws_nist_800_53_rev_5/aws_nist_800_53_rev_5_si_7_a.yaml @@ -14,9 +14,5 @@ control-group: - AWS/CloudTrail type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1.yaml index 126e33c83..c5de03c31 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1.yaml @@ -3,10 +3,6 @@ control-group: title: "Requirement 1: Install and maintain a firewall configuration to protect cardholder data" description: A firewall examines all network traffic and blocks those transmissions that do not meet the specified security criteria. All systems must be protected from unauthorized access from untrusted networks. section-code: requirement_1 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_1_1 - id: aws_pci_dss_v321_requirement_1_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10.yaml index 0f430d9f9..c1fc076d9 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10.yaml @@ -3,10 +3,6 @@ control-group: title: "Requirement 10: Track and monitor all access to network resources and cardholder data" description: Logging mechanisms and the ability to track user activities are critical in preventing, detecting, or minimizing the impact of a data compromise. The presence of logs in all environments allows thorough tracking, alerting, and analysis when something does go wrong. section-code: requirement_10 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_10_1 - id: aws_pci_dss_v321_requirement_10_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_1.yaml index 373c7ab5a..7beded389 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_1.yaml @@ -3,10 +3,6 @@ control-group: title: Implement audit trails to link all access to system components to each individual user description: "It is critical to have a process or system that links user access to system components accessed. This system generates audit logs and provides the ability to trace back suspicious activity to a specific user. This control verifies, through observation and interviewing the system administrator, that: audit trails are enabled and active for system components, access to system components is linked to individual users." section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2.yaml index 9f6fa61eb..9a9fc87b7 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2.yaml @@ -3,10 +3,6 @@ control-group: title: Through interviews of responsible personnel, observation of audit logs, and examination of audit log settings description: "It is critical to have a process or system that links user access to system components accessed. This system generates audit logs and provides the ability to trace back suspicious activity to a specific user. This control verifies, through observation and interviewing the system administrator, that: audit trails are enabled and active for system components, access to system components is linked to individual users." section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_10_2_1 - id: aws_pci_dss_v321_requirement_10_2_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_1.yaml index 53238e7e2..b6930a575 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_1.yaml @@ -3,10 +3,6 @@ control-group: title: 2.1 All individual user accesses to cardholder data description: Malicious individuals could obtain knowledge of a user account with access to systems in the CDE, or they could create a new, unauthorized account in order to access cardholder data. A record of all individual accesses to cardholder data can identify which accounts may have been compromised or misused. This control verifies all individual access to cardholder data is loggedVerify all individual access to cardholder data is logged. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_2.yaml index e8b8bf828..bdf5b2ce7 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_2.yaml @@ -3,10 +3,6 @@ control-group: title: 2.2 All actions taken by any individual with root or administrative privileges description: Accounts with increased privileges, such as the “administrator” or “root” account, have the potential to greatly impact the security or operational functionality of a system. Without a log of the activities performed, an organization is unable to trace any issues resulting from an administrative mistake or misuse of privilege back to the specific action and individual. This control verifies all actions taken by any individual with root or administrative privileges are logged. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_3.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_3.yaml index 8ba10aa0a..d11d22724 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_3.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_3.yaml @@ -3,10 +3,6 @@ control-group: title: 2.3 Access to all audit trails description: Malicious users often attempt to alter audit logs to hide their actions, and a record of access allows an organization to trace any inconsistencies or potential tampering of the logs to an individual account. Having access to logs identifying changes, additions, and deletions can help retrace steps made by unauthorized personnel. This control verifies access to all audit trails is logged. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_4.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_4.yaml index 6bd20fb00..5ade6fe28 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_4.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_4.yaml @@ -3,10 +3,6 @@ control-group: title: 2.4 Invalid logical access attempts description: Malicious users often attempt to alter audit logs to hide their actions, and a record of access allows an organization to trace any inconsistencies or potential tampering of the logs to an individual account. Having access to logs identifying changes, additions, and deletions can help retrace steps made by unauthorized personnel. This control verifies access to all audit trails is logged. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_5.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_5.yaml index 7245f2a51..0aae409fa 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_5.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_5.yaml @@ -3,9 +3,5 @@ control-group: title: 2.5 Use of and changes to identification and authentication mechanisms—including but not limited to creation of new accounts and elevation of privileges—and all changes, additions, or deletions to accounts with root or administrative privileges description: Without knowing who was logged on at the time of an incident, it is impossible to identify the accounts that may have been used. Additionally, malicious users may attempt to manipulate the authentication controls with the intent of bypassing them or impersonating a valid account. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_10_2_5_a diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_5_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_5_a.yaml index d0e977101..bfca0d246 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_5_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_5_a.yaml @@ -3,9 +3,5 @@ control-group: title: 2.5.a Verify use of identification and authentication mechanisms is logged description: Without knowing who was logged on at the time of an incident, it is impossible to identify the accounts that may have been used. Additionally, malicious users may attempt to manipulate the authentication controls with the intent of bypassing them or impersonating a valid account. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_6.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_6.yaml index db0d97b50..9bfd9caf5 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_6.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_6.yaml @@ -3,10 +3,6 @@ control-group: title: 2.6 Initialization, stopping, or pausing of the audit logs description: "Turning the audit logs off (or pausing them) prior to performing illicit activities is a common practice for malicious users wishing to avoid detection. Initialization of audit logs could indicate that the log function was disabled by a user to hide their actions. This control verifies the following are logged: initialization of audit logs, stopping or pausing of audit logs." section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_7.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_7.yaml index 029a629f0..ca7d5a970 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_7.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_2_7.yaml @@ -3,10 +3,6 @@ control-group: title: 2.7 Creation and deletion of system- level objects description: Malicious software, such as malware, often creates or replaces system level objects on the target system in order to control a particular function or operation on that system. By logging when system-level objects, such as database tables or stored procedures, are created or deleted, it will be easier to determine whether such modifications were authorized. This control verifies creation and deletion of system level objects are logged. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3.yaml index d329c04dc..8c437b997 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3.yaml @@ -3,10 +3,6 @@ control-group: title: Record at least the following audit trail entries for all system components for each event description: "By recording these details for the auditable events at 10.2, a potential compromise can be quickly identified, and with sufficient detail to know who, what, where, when, and how. Through interviews and observation of audit logs, for each auditable event (from 10.2), perform the following:" section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_10_3_1 - id: aws_pci_dss_v321_requirement_10_3_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_1.yaml index ee1c3b24d..dd6e0878a 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_1.yaml @@ -3,10 +3,6 @@ control-group: title: 3.1 User identification description: By recording these details for the auditable events at 10.2, a potential compromise can be quickly identified, and with sufficient detail to know who, what, where, when, and how. This control verifies user identification is included in log entries. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_2.yaml index 83bf207ac..6e1800f37 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_2.yaml @@ -3,10 +3,6 @@ control-group: title: 3.2 Type of event description: By recording these details for the auditable events at 10.2, a potential compromise can be quickly identified, and with sufficient detail to know who, what, where, when, and how. This control verifies event is included in log entries. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_3.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_3.yaml index 5857cd104..9715bd860 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_3.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_3.yaml @@ -3,10 +3,6 @@ control-group: title: 3.3 Date and time description: By recording these details for the auditable events at 10.2, a potential compromise can be quickly identified, and with sufficient detail to know who, what, where, when, and how. This verifies date and time stamp is included in log entries. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_4.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_4.yaml index 9de4eaf04..a32742626 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_4.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_4.yaml @@ -3,10 +3,6 @@ control-group: title: 3.4 Success or failure indication description: By recording these details for the auditable events at 10.2, a potential compromise can be quickly identified, and with sufficient detail to know who, what, where, when, and how. This control verifies success or failure indication is included in log entries. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_5.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_5.yaml index ef412eff8..5e9b41ad8 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_5.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_5.yaml @@ -3,10 +3,6 @@ control-group: title: 3.5 Origination of event description: By recording these details for the auditable events at 10.2, a potential compromise can be quickly identified, and with sufficient detail to know who, what, where, when, and how. This control verifies origination of event is included in log entries. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_6.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_6.yaml index dd4385698..d4195df9e 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_6.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_3_6.yaml @@ -3,10 +3,6 @@ control-group: title: 3.6 Identity or name of affected data, system component, or resource description: By recording these details for the auditable events at 10.2, a potential compromise can be quickly identified, and with sufficient detail to know who, what, where, when, and how. This control verifies identity or name of affected data, system component, or resources is included in log entries. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5.yaml index 7bda618ea..a79c98c1f 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5.yaml @@ -3,10 +3,6 @@ control-group: title: Interview system administrators and examine system configurations and permissions to verify that audit trails are secured so that they cannot be altered description: Often a malicious individual who has entered the network will attempt to edit the audit logs in order to hide their activity. Without adequate protection of audit logs, their completeness, accuracy, and integrity cannot be guaranteed, and the audit logs can be rendered useless as an investigation tool after a compromise. This control checks secure audit trails so they cannot be altered. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_10_5_2 - id: aws_pci_dss_v321_requirement_10_5_3 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_2.yaml index ca70e696d..7bc73f025 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_2.yaml @@ -3,10 +3,6 @@ control-group: title: 5.2 Current audit trail files are protected from unauthorized modifications via access control mechanisms, physical segregation, and/or network segregation description: Adequate protection of the audit logs includes strong access control (limit access to logs based on “need to know” only), and use of physical or network segregation to make the logs harder to find and modify. Promptly backing up the logs to a centralized log server or media that is difficult to alter keeps the logs protected even if the system generating the logs becomes compromised. Protect audit trail files from unauthorized modifications. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_3.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_3.yaml index 613449180..e8487bd65 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_3.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_3.yaml @@ -3,10 +3,6 @@ control-group: title: 5.3 Current audit trail files are promptly backed up to a centralized log server or media that is difficult to alter description: Adequate protection of the audit logs includes strong access control (limit access to logs based on “need to know” only), and use of physical or network segregation to make the logs harder to find and modify. Promptly backing up the logs to a centralized log server or media that is difficult to alter keeps the logs protected even if the system generating the logs becomes compromised. Promptly back up audit trail files to a centralized log server or media that is difficult to alter. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_integrated_with_logs - aws_s3_bucket_cross_region_replication_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_4.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_4.yaml index 3b8ae3193..ab3899458 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_4.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_4.yaml @@ -3,10 +3,6 @@ control-group: title: 5.4 Logs for external-facing technologies (for example, wireless, firewalls, DNS, mail) are written onto a secure, centralized, internal log server or media description: By writing logs from external-facing technologies such as wireless, firewalls, DNS, and mail servers, the risk of those logs being lost or altered is lowered, as they are more secure within the internal network. Logs may be written directly, or offloaded or copied from external systems, to the secure internal system or media. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_5.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_5.yaml index dee4798cd..33f69c32e 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_5.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_5_5.yaml @@ -3,10 +3,6 @@ control-group: title: 5.5 Examine system settings, monitored files, and results from monitoring activities to verify the use of file-integrity monitoring or change-detection software on logs description: File-integrity monitoring or change-detection systems check for changes to critical files, and notify when such changes are noted. For file- integrity monitoring purposes, an entity usually monitors files that don't regularly change, but when changed indicate a possible compromise. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_validation_enabled - aws_s3_bucket_versioning_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7.yaml index ab42c9852..5db0bf4f4 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7.yaml @@ -3,10 +3,6 @@ control-group: title: Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from backup) description: Retaining logs for at least a year allows for the fact that it often takes a while to notice that a compromise has occurred or is occurring, and allows investigators sufficient log history to better determine the length of time of a potential breach and potential system(s) impacted. By having three months of logs immediately available, an entity can quickly identify and minimize impact of a data breach. Storing logs in off-line locations could prevent them from being readily available, resulting in longer time frames to restore log data, perform analysis, and identify impacted systems or data. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_10_7_a - id: aws_pci_dss_v321_requirement_10_7_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7_a.yaml index d87833512..853870e07 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7_a.yaml @@ -3,10 +3,6 @@ control-group: title: 7.a Examine security policies and procedures to verify that they define audit log retention policies and procedures for retaining audit logs for at least one year, with a minimum of three months immediately available online description: Retaining logs for at least a year allows for the fact that it often takes a while to notice that a compromise has occurred or is occurring, and allows investigators sufficient log history to better determine the length of time of a potential breach and potential system(s) impacted. By having three months of logs immediately available, an entity can quickly identify and minimize impact of a data breach. Storing logs in off-line locations could prevent them from being readily available, resulting in longer time frames to restore log data, perform analysis, and identify impacted systems or data. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_manual_deletion_disabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7_b.yaml index d5fd79b57..1b96a3c97 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7_b.yaml @@ -3,9 +3,5 @@ control-group: title: 7.b Interview personnel and examine audit logs to verify that audit logs are retained for at least one year description: Retaining logs for at least a year allows for the fact that it often takes a while to notice that a compromise has occurred or is occurring, and allows investigators sufficient log history to better determine the length of time of a potential breach and potential system(s) impacted. By having three months of logs immediately available, an entity can quickly identify and minimize impact of a data breach. Storing logs in off-line locations could prevent them from being readily available, resulting in longer time frames to restore log data, perform analysis, and identify impacted systems or data. section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7_c.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7_c.yaml index d368f0d57..e7189e7e6 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7_c.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_7_c.yaml @@ -3,9 +3,5 @@ control-group: title: 7.c Interview personnel and observe processes to verify that at least the last three months' logs are immediately available for analysis description: Retaining logs for at least a year allows for the fact that it often takes a while to notice that a compromise has occurred or is occurring, and allows investigators sufficient log history to better determine the length of time of a potential breach and potential system(s) impacted. By having three months of logs immediately available, an entity can quickly identify and minimize impact of a data breach. Storing logs in off-line locations could prevent them from being readily available, resulting in longer time frames to restore log data, perform analysis, and identify impacted systems or data. section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_log_group_retention_period_365 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8.yaml index 3242a3fec..62799e07d 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8.yaml @@ -3,10 +3,6 @@ control-group: title: Additional requirement for service providers only to implement a process for the timely detection and reporting of failures of critical security control systems, including but not limited to failure of firewalls, IDS/IPS, FIM, anti-virus, physical access controls, logical access controls, audit logging mechanisms and segmentation controls description: "Note: This requirement applies only when the entity being assessed is a service provider. Without formal processes to detect and alert when critical security controls fail, failures may go undetected for extended periods and provide attackers ample time to compromise systems and steal sensitive data from the cardholder data environment. The specific types of failures may vary depending on the function of the device and technology in use. Typical failures include a system ceasing to perform its security function or not functioning in its intended manner; for example, a firewall erasing all its rules or going offline." section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_10_8_1 - id: aws_pci_dss_v321_requirement_10_8_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8_1.yaml index 61444594f..a9ad147a4 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8_1.yaml @@ -3,9 +3,5 @@ control-group: title: "8.1 Additional requirement for service providers only: Respond to failures of any critical security controls in a timely manner" description: "Processes for responding to failures in security controls must include restoring security functions, identifying and documenting the duration (date and time start to end) of the security failure, identifying and documenting cause(s) of failure, including root cause, and documenting remediation required to address root cause, identifying and addressing any security issues that arose during the failure, performing a risk assessment to determine whether further actions are required as a result of the security failure, implementing controls to prevent cause of failure from reoccurring and resuming monitoring of security controls. Note: This requirement applies only when the entity being assessed is a service provider. If critical security control failures alerts are not quickly and effectively responded to, attackers may use this time to insert malicious software, gain control of a system, or steal data from the entity's environment. Documented evidence (e.g., records within a problem management system) should support that processes and procedures are in place to respond to security failures. In addition, personnel should be aware of their responsibilities in the event of a failure. Actions and responses to the failure should be captured in the documented evidence." section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_10_8_1_a diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8_1_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8_1_a.yaml index bc221fd08..6e019eaf0 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8_1_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8_1_a.yaml @@ -3,9 +3,5 @@ control-group: title: 8.1.a Examine documented policies and procedures and interview personnel to verify processes are defined and implemented to respond to a security control failure description: "This include restoring security functions, identifying and documenting the duration (date and time start to end) of the security failure, identifying and documenting cause(s) of failure, including root cause, and documenting remediation required to address root cause, identifying and addressing any security issues that arose during the failure, performing a risk assessment to determine whether further actions are required as a result of the security failure, implementing controls to prevent cause of failure from reoccurring and resuming monitoring of security controls. Note: This requirement applies only when the entity being assessed is a service provider. If critical security control failures alerts are not quickly and effectively responded to, attackers may use this time to insert malicious software, gain control of a system, or steal data from the entity's environment. Documented evidence (e.g., records within a problem management system) should support that processes and procedures are in place to respond to security failures. In addition, personnel should be aware of their responsibilities in the event of a failure. Actions and responses to the failure should be captured in the documented evidence." section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudwatch_alarm_action_enabled_check diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8_b.yaml index 7c156f2ac..58875d351 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_10_8_b.yaml @@ -3,10 +3,6 @@ control-group: title: 8.b Examine detection and alerting processes and interview personnel to verify that processes are implemented for all critical security controls description: "The failure of a critical security control results in the generation of an alert.10.8.b Examine detection and alerting processes and interview personnel to verify that processes are implemented for all critical security controls, and that failure of a critical security control results in the generation of an alert. Note: This requirement applies only when the entity being assessed is a service provider. Without formal processes to detect and alert when critical security controls fail, failures may go undetected for extended periods and provide attackers ample time to compromise systems and steal sensitive data from the cardholder data environment. The specific types of failures may vary depending on the function of the device and technology in use. Typical failures include a system ceasing to perform its security function or not functioning in its intended manner; for example, a firewall erasing all its rules or going offline." section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled - aws_cloudwatch_alarm_action_enabled_check diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11.yaml index f36283148..ad3b38955 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11.yaml @@ -3,10 +3,6 @@ control-group: title: "Requirement 11: Regularly test security systems and processes" description: Vulnerabilities are being discovered continually by malicious individuals and researchers, and being introduced by new software. System components, processes, and custom software should be tested frequently to ensure security controls continue to reflect a changing environment. section-code: requirement_11 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_11_4 - id: aws_pci_dss_v321_requirement_11_5 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4.yaml index 23f3fabba..dc02452d9 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4.yaml @@ -3,10 +3,6 @@ control-group: title: Use intrusion-detection and/or intrusion-prevention techniques to detect and/or prevent intrusions into the network description: Monitor all traffic at the perimeter of the cardholder data environment as well as at critical points in the cardholder data environment, and alert personnel to suspected compromises. Keep all intrusion-detection and prevention engines, baselines, and signatures up to date. Intrusion detection and/or intrusion prevention techniques (such as IDS/IPS) compare the traffic coming into the network with known “signatures” and/or behaviors of thousands of compromise types (hacker tools, Trojans, and other malware), and send alerts and/or stop the attempt as it happens. Without a proactive approach to unauthorized activity detection, attacks on (or misuse of) computer resources could go unnoticed in real time. Security alerts generated by these techniques should be monitored so that the attempted intrusions can be stopped. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_11_4_a - id: aws_pci_dss_v321_requirement_11_4_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4_a.yaml index fd063c5be..6692d835e 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4_a.yaml @@ -3,9 +3,5 @@ control-group: title: 4.a Examine system configurations and network diagrams to verify that techniques (such as intrusion-detection systems and/or intrusion-prevention systems) are in place to monitor all traffic at the perimeter of the cardholder data environment and at critical points in the cardholder data environment description: Intrusion detection and/or intrusion prevention techniques (such as IDS/IPS) compare the traffic coming into the network with known “signatures” and/or behaviors of thousands of compromise types (hacker tools, Trojans, and other malware), and send alerts and/or stop the attempt as it happens. Without a proactive approach to unauthorized activity detection, attacks on (or misuse of) computer resources could go unnoticed in real time. Security alerts generated by these techniques should be monitored so that the attempted intrusions can be stopped. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4_b.yaml index a398c3c5c..b78fa9b5c 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4_b.yaml @@ -3,9 +3,5 @@ control-group: title: 4.b Examine system configurations and interview responsible personnel to confirm intrusion-detection and/or intrusion-prevention techniques alert personnel of suspected compromises description: Intrusion detection and/or intrusion prevention techniques (such as IDS/IPS) compare the traffic coming into the network with known “signatures” and/or behaviors of thousands of compromise types (hacker tools, Trojans, and other malware), and send alerts and/or stop the attempt as it happens. Without a proactive approach to unauthorized activity detection, attacks on (or misuse of) computer resources could go unnoticed in real time. Security alerts generated by these techniques should be monitored so that the attempted intrusions can be stopped. section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4_c.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4_c.yaml index 33ab280f1..258b631d4 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4_c.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_4_c.yaml @@ -3,9 +3,5 @@ control-group: title: 4.c Examine IDS/IPS configurations and vendor documentation to verify intrusion-detection and/or intrusion- prevention techniques are configured, maintained, and updated per vendor instructions to ensure optimal protection description: Intrusion detection and/or intrusion prevention techniques (such as IDS/IPS) compare the traffic coming into the network with known “signatures” and/or behaviors of thousands of compromise types (hacker tools, Trojans, and other malware), and send alerts and/or stop the attempt as it happens. Without a proactive approach to unauthorized activity detection, attacks on (or misuse of) computer resources could go unnoticed in real time. Security alerts generated by these techniques should be monitored so that the attempted intrusions can be stopped. section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_5.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_5.yaml index 692b41066..52a825f6a 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_5.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_5.yaml @@ -3,10 +3,6 @@ control-group: title: Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauthorized modification (including changes, additions, and deletions) of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly description: Change-detection solutions such as file-integrity monitoring (FIM) tools check for changes, additions, and deletions to critical files, and notify when such changes are detected. If not implemented properly and the output of the change-detection solution monitored, a malicious individual could add, remove, or alter configuration file contents, operating system programs, or application executables. Unauthorized changes, if undetected, could render existing security controls ineffective and/or result in cardholder data being stolen with no perceptible impact to normal processing. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_11_5_a - id: aws_pci_dss_v321_requirement_11_5_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_5_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_5_a.yaml index 64b3beed0..b702435bb 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_5_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_5_a.yaml @@ -3,9 +3,5 @@ control-group: title: 5.a Verify the use of a change-detection mechanism by observing system settings and monitored files, as well as reviewing results from monitoring activities description: Examples of files that should be monitored are system executables, application executables, configuration and parameter files, centrally stored, historical or archived, log and audit files and additional critical files determined by entity (for example, through risk assessment or other means). Change-detection solutions such as file-integrity monitoring (FIM) tools check for changes, additions, and deletions to critical files, and notify when such changes are detected. If not implemented properly and the output of the change-detection solution monitored, a malicious individual could add, remove, or alter configuration file contents, operating system programs, or application executables. Unauthorized changes, if undetected, could render existing security controls ineffective and/or result in cardholder data being stolen with no perceptible impact to normal processing. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_5_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_5_b.yaml index ddaaaec0a..b164fb4c7 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_5_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_11_5_b.yaml @@ -3,9 +3,5 @@ control-group: title: 5.b Verify the mechanism is configured to alert personnel to unauthorized modification (including changes, additions, and deletions) of critical files, and to perform critical file comparisons at least weekly description: 5.b Verify the mechanism is configured to alert personnel to unauthorized modification (including changes, additions, and deletions) of critical files, and to perform critical file comparisons at least weekly section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_1.yaml index 239edcdbe..e50af0137 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_1.yaml @@ -3,9 +3,5 @@ control-group: title: Establish and implement firewall and router configuration standards description: Firewalls and routers are key components of the architecture that controls entry to and exit from the network. These devices are software or hardware devices that block unwanted access and manage authorized access into and out of the network. Configuration standards and procedures will help to ensure that the organization's first line of defense in the protection of its data remains strong. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_1_1_4 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_1_4.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_1_4.yaml index c1f372332..c06ffda69 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_1_4.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_1_4.yaml @@ -3,9 +3,5 @@ control-group: title: 1.4 Requirements for a firewall at each Internet connection and between any demilitarized zone (DMZ) and the internal network zone description: Using a firewall on every Internet connection coming into (and out of) the network, and between any DMZ and the internal network, allows the organization to monitor and control access and minimizes the chances of a malicious individual obtaining access to the internal network via an unprotected connection. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_1_1_4_c diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_1_4_c.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_1_4_c.yaml index df30ae7b3..511f69173 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_1_4_c.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_1_4_c.yaml @@ -3,10 +3,6 @@ control-group: title: 1.4.c Observe network configurations to verify that a firewall is in place at each Internet connection and between any demilitarized zone (DMZ) and the internal network zone, per the documented configuration standards and network diagrams description: Using a firewall on every Internet connection coming into (and out of) the network, and between any DMZ and the internal network, allows the organization to monitor and control access and minimizes the chances of a malicious individual obtaining access to the internal network via an unprotected connection. section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_use_waf_web_acl - aws_elb_application_lb_waf_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2.yaml index 3e93db0a7..2a05f19c1 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2.yaml @@ -3,10 +3,6 @@ control-group: title: Examine firewall and router configurations and perform the following to verify that connections are restricted between untrusted networks and system components in the cardholder data environment description: It is essential to install network protection between the internal, trusted network and any untrusted network that is external and/or out of the entity's ability to control or manage. Failure to implement this measure correctly results in the entity being vulnerable to unauthorized access by malicious individuals or software. For firewall functionality to be effective, it must be properly configured to control and/or limit traffic into and out of the entity's network. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_1_2_1 - id: aws_pci_dss_v321_requirement_1_2_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1.yaml index a313b344c..81e18e632 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1.yaml @@ -3,10 +3,6 @@ control-group: title: 2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic description: Examination of all inbound and outbound connections allows for inspection and restriction of traffic based on the source and/or destination address, thus preventing unfiltered access between untrusted and trusted environments. This prevents malicious individuals from accessing the entity's network via unauthorized IP addresses or from using services, protocols, or ports in an unauthorized manner (for example, to send data they've obtained from within the entity's network out to an untrusted server). Implementing a rule that denies all inbound and outbound traffic that is not specifically needed helps to prevent inadvertent holes that would allow unintended and potentially harmful traffic in or out. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_1_2_1_a - id: aws_pci_dss_v321_requirement_1_2_1_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1_a.yaml index ec73f58d6..5335480d8 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1_a.yaml @@ -3,10 +3,6 @@ control-group: title: 2.1.a Examine firewall and router configuration standards to verify that they identify inbound and outbound traffic necessary for the cardholder data environment description: Examination of all inbound and outbound connections allows for inspection and restriction of traffic based on the source and/or destination address, thus preventing unfiltered access between untrusted and trusted environments. This prevents malicious individuals from accessing the entity's network via unauthorized IP addresses or from using services, protocols, or ports in an unauthorized manner (for example, to send data they've obtained from within the entity's network out to an untrusted server). Implementing a rule that denies all inbound and outbound traffic that is not specifically needed helps to prevent inadvertent holes that would allow unintended and potentially harmful traffic in or out. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1_b.yaml index e52ae8290..05f3fac68 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1_b.yaml @@ -3,10 +3,6 @@ control-group: title: 2.1.b Examine firewall and router configurations to verify that inbound and outbound traffic is limited to that which is necessary for the cardholder data environment description: Examination of all inbound and outbound connections allows for inspection and restriction of traffic based on the source and/or destination address, thus preventing unfiltered access between untrusted and trusted environments. This prevents malicious individuals from accessing the entity's network via unauthorized IP addresses or from using services, protocols, or ports in an unauthorized manner (for example, to send data they've obtained from within the entity's network out to an untrusted server). Implementing a rule that denies all inbound and outbound traffic that is not specifically needed helps to prevent inadvertent holes that would allow unintended and potentially harmful traffic in or out. section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1_c.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1_c.yaml index 52e0fcc96..539188730 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1_c.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_1_c.yaml @@ -3,10 +3,6 @@ control-group: title: 2.1.c Examine firewall and router configurations to verify that all other inbound and outbound traffic is specifically denied, for example by using an explicit “deny all” or an implicit deny after allow statement description: Examination of all inbound and outbound connections allows for inspection and restriction of traffic based on the source and/or destination address, thus preventing unfiltered access between untrusted and trusted environments. This prevents malicious individuals from accessing the entity's network via unauthorized IP addresses or from using services, protocols, or ports in an unauthorized manner (for example, to send data they've obtained from within the entity's network out to an untrusted server). Implementing a rule that denies all inbound and outbound traffic that is not specifically needed helps to prevent inadvertent holes that would allow unintended and potentially harmful traffic in or out. section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_2.yaml index 0e3f79320..811bc8368 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_2.yaml @@ -3,9 +3,5 @@ control-group: title: 2.2 Secure and synchronize router configuration files description: While the running (or active) router configuration files include the current, secure settings, the start- up files (which are used when routers are re- started or booted) must be updated with the same secure settings to ensure these settings are applied when the start-up configuration is run. Because they only run occasionally, start-up configuration files are often forgotten and are not updated. When a router re-starts and loads a start-up configuration that has not been updated with the same secure settings as those in the running configuration, it may result in weaker rules that allow malicious individuals into the network. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_1_2_2_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_2_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_2_b.yaml index d85ef2de4..3cbe6d975 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_2_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_2_b.yaml @@ -3,9 +3,5 @@ control-group: title: 2.2.b Examine router configurations to verify they are synchronized—for example, the running (or active) configuration matches the start-up configuration (used when machines are booted) description: While the running (or active) router configuration files include the current, secure settings, the start- up files (which are used when routers are re- started or booted) must be updated with the same secure settings to ensure these settings are applied when the start-up configuration is run. Because they only run occasionally, start-up configuration files are often forgotten and are not updated. When a router re-starts and loads a start-up configuration that has not been updated with the same secure settings as those in the running configuration, it may result in weaker rules that allow malicious individuals into the network. section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudformation_stack_drift_detection_check diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_3.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_3.yaml index 2ec494895..ae00da149 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_3.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_3.yaml @@ -3,9 +3,5 @@ control-group: title: 2.3 Install perimeter firewalls between all wireless networks and the cardholder data environment, and configure these firewalls to deny or, if traffic is necessary for business purposes, permit only authorized traffic between the wireless environment and the cardholder data environment description: The known (or unknown) implementation and exploitation of wireless technology within a network is a common path for malicious individuals to gain access to the network and cardholder data. If a wireless device or network is installed without the entity's knowledge, a malicious individual could easily and “invisibly” enter the network. If firewalls do not restrict access from wireless networks into the CDE, malicious individuals that gain unauthorized access to the wireless network can easily connect to the CDE and compromise account information. Firewalls must be installed between all wireless networks and the CDE, regardless of the purpose of the environment to which the wireless network is connected. This may include, but is not limited to, corporate networks, retail stores, guest networks, warehouse environments, etc. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_1_2_3_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_3_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_3_b.yaml index a4c316a97..9f4a70e01 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_3_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_2_3_b.yaml @@ -3,10 +3,6 @@ control-group: title: 2.3.b Verify that the firewalls deny or, if traffic is necessary for business purposes, permit only authorized traffic between the wireless environment and the cardholder data environment description: The known (or unknown) implementation and exploitation of wireless technology within a network is a common path for malicious individuals to gain access to the network and cardholder data. If a wireless device or network is installed without the entity's knowledge, a malicious individual could easily and “invisibly” enter the network. If firewalls do not restrict access from wireless networks into the CDE, malicious individuals that gain unauthorized access to the wireless network can easily connect to the CDE and compromise account information. Firewalls must be installed between all wireless networks and the CDE, regardless of the purpose of the environment to which the wireless network is connected. This may include, but is not limited to, corporate networks, retail stores, guest networks, warehouse environments, etc. section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_sagemaker_notebook_instance_direct_internet_access_disabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3.yaml index 57a6513c4..d6a8d151c 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3.yaml @@ -3,10 +3,6 @@ control-group: title: Examine firewall and router configurations—including but not limited to the choke router at the Internet, the DMZ router and firewall, the DMZ cardholder segment, the perimeter router, and the internal cardholder network segment—and perform the following to determine that there is no direct access between the Internet and system components in the internal cardholder network segment description: While there may be legitimate reasons for untrusted connections to be permitted to DMZ systems (e.g., to allow public access to a web server), such connections should never be granted to systems in the internal network. A firewall's intent is to manage and control all connections between public systems and internal systems, especially those that store, process or transmit cardholder data. If direct access is allowed between public systems and the CDE, the protections offered by the firewall are bypassed, and system components storing cardholder data may be exposed to compromise. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_1_3_1 - id: aws_pci_dss_v321_requirement_1_3_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_1.yaml index 5fd507429..2896112a6 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_1.yaml @@ -3,10 +3,6 @@ control-group: title: 3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports description: The DMZ is that part of the network that manages connections between the Internet (or other untrusted networks), and services that an organization needs to have available to the public (like a web server). This functionality is intended to prevent malicious individuals from accessing the organization's internal network from the Internet, or from using services, protocols, or ports in an unauthorized manner. The set of controls will examine firewall and router configurations to verify that a DMZ is implemented to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_2.yaml index 240a97971..13cf01277 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_2.yaml @@ -3,10 +3,6 @@ control-group: title: 3.2 Limit inbound Internet traffic to IP addresses within the DMZ description: The DMZ is that part of the network that manages connections between the Internet (or other untrusted networks), and services that an organization needs to have available to the public (like a web server). This functionality is intended to prevent malicious individuals from accessing the organization's internal network from the Internet, or from using services, protocols, or ports in an unauthorized manner. The set of controls will limit inbound Internet traffic to IP addresses within the DMZ. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_3.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_3.yaml index 015752f3d..6ae27de82 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_3.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_3.yaml @@ -3,9 +3,5 @@ control-group: title: 3.3 Examine firewall and router configurations to verify that anti-spoofing measures are implemented, for example internal addresses cannot pass from the Internet into the DMZ description: Normally a packet contains the IP address of the computer that originally sent it so other computers in the network know where the packet came from. Malicious individuals will often try to spoof (or imitate) the sending IP address so that the target system believes the packet is from a trusted source. Filtering packets coming into the network helps to, among other things, ensure packets are not “spoofed” to look like they are coming from an organization's own internal network. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_requires_imdsv2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_4.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_4.yaml index e21a0e173..02648bb0e 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_4.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_4.yaml @@ -3,10 +3,6 @@ control-group: title: 3.4 Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet description: All traffic outbound from the cardholder data environment should be evaluated to ensure that it follows established, authorized rules. Connections should be inspected to restrict traffic to only authorized communications (for example by restricting source/destination addresses/ports, and/or blocking of content). The set of controls will examine firewall and router configurations to verify that outbound traffic from the cardholder data environment to the Internet is explicitly authorized. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_requires_imdsv2 - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_5.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_5.yaml index b349d7f7b..55c79891a 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_5.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_5.yaml @@ -3,10 +3,6 @@ control-group: title: 3.5 Examine firewall and router configurations to verify that the firewall permits only established connections into the internal network and denies any inbound connections not associated with a previously established session description: A firewall that maintains the `state` (or the status) for each connection through the firewall knows whether an apparent response to a previous connection is actually a valid, authorized response (since it retains each connection's status) or is malicious traffic trying to trick the firewall into allowing the connection. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_vpc_default_security_group_restricts_all_traffic - aws_vpc_security_group_restrict_ingress_tcp_udp_all diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_6.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_6.yaml index 0cf740ee8..6d54a2480 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_6.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_1_3_6.yaml @@ -3,10 +3,6 @@ control-group: title: 3.6 Examine firewall and router configurations to verify that system components that store cardholder data are on an internal network zone, segregated from the DMZ and other untrusted networks description: If cardholder data is located within the DMZ, it is easier for an external attacker to access this information, since there are fewer layers to penetrate. Securing system components that store cardholder data (such as a database) in an internal network zone that is segregated from the DMZ and other untrusted networks by a firewall can prevent unauthorized network traffic from reaching the system component. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_es_domain_in_vpc diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2.yaml index 62ffaa972..526d15618 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2.yaml @@ -3,10 +3,6 @@ control-group: title: "Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters" description: Malicious individuals (external and internal to an entity) often use vendor default passwords and other vendor default settings to compromise systems. These passwords and settings are well known by hacker communities and are easily determined via public information. section-code: requirement_2 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_2_1 - id: aws_pci_dss_v321_requirement_2_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_1.yaml index a6117fa65..b13590254 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_1.yaml @@ -3,9 +3,5 @@ control-group: title: Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing a system on the network description: This applies to ALL default passwords, including but not limited to those used by operating systems, software that provides security services, application and system accounts, point-of-sale (POS) terminals, payment applications, Simple Network Management Protocol (SNMP) community strings, etc. Malicious individuals (external and internal to an organization) often use vendor default settings, account names, and passwords to compromise operating system software, applications, and the systems on which they are installed. Because these default settings are often published and are well known in hacker communities, changing these settings will leave systems less vulnerable to attack. Even if a default account is not intended to be used, changing the default password to a strong unique password and then disabling the account will prevent a malicious individual from re-enabling the account and gaining access with the default password. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_2_1_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_1_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_1_b.yaml index 9acae3bd5..212dcf6bd 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_1_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_1_b.yaml @@ -3,10 +3,6 @@ control-group: title: 1.b For the sample of system components, verify that all unnecessary default accounts (including accounts used by operating systems, security software, applications, systems, POS terminals, SNMP, etc.) are removed or disabled description: Malicious individuals (external and internal to an organization) often use vendor default settings, account names, and passwords to compromise operating system software, applications, and the systems on which they are installed. Because these default settings are often published and are well known in hacker communities, changing these settings will leave systems less vulnerable to attack. Even if a default account is not intended to be used, changing the default password to a strong unique password and then disabling the account will prevent a malicious individual from re-enabling the account and gaining access with the default password. section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_cluster_no_default_admin_name - aws_rds_db_instance_no_default_admin_name diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2.yaml index d82bb49f0..e8f9135d2 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2.yaml @@ -3,10 +3,6 @@ control-group: title: Develop configuration standards for all system components description: "Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards. Sources of industry-accepted system hardening standards may include, but are not limited to Center for Internet Security (CIS), International Organization for Standardization (ISO), SysAdmin Audit Network Security (SANS) Institute and National Institute of Standards Technology (NIST). There are known weaknesses with many operating systems, databases, and enterprise applications, and there are also known ways to configure these systems to fix security vulnerabilities. To help those that are not security experts, a number of security organizations have established system-hardening guidelines and recommendations, which advise how to correct these weaknesses. Examples of sources for guidance on configuration standards include, but are not limited to: www.nist.gov, www.sans.org, and www.cisecurity.org, www.iso.org, and product vendors. System configuration standards must be kept up to date to ensure that newly identified weaknesses are corrected prior to a system being installed on the network." section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_2_2_2 - id: aws_pci_dss_v321_requirement_2_2_4 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_2.yaml index c8923b8df..dc38e5e22 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_2.yaml @@ -3,10 +3,6 @@ control-group: title: 2.2 Enable only necessary services, protocols, daemons, etc., as required for the function of the system description: As stated in Requirement 1.1.6, there are many protocols that a business may need (or have enabled by default) that are commonly used by malicious individuals to compromise a network. Including this requirement as part of an organization's configuration standards and related processes ensures that only the necessary services and protocols are enabled. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_4.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_4.yaml index 6e724bb64..bf5e4538e 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_4.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_4.yaml @@ -3,10 +3,6 @@ control-group: title: 2.4 Configure system security parameters to prevent misuse description: System configuration standards and related processes should specifically address security settings and parameters that have known security implications for each type of system in use. In order for systems to be configured securely, personnel responsible for configuration and/or administering systems must be knowledgeable in the specific security parameters and settings that apply to the system. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_5.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_5.yaml index 91856b284..55983a7ab 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_5.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_5.yaml @@ -3,9 +3,5 @@ control-group: title: 2.5 Remove all unnecessary functionality, such as scripts, drivers, features, subsystems, file systems, and unnecessary web servers description: Unnecessary functions can provide additional opportunities for malicious individuals to gain access to a system. By removing unnecessary functionality, organizations can focus on securing the functions that are required and reduce the risk that unknown functions will be exploited. Including this in server-hardening standards and processes addresses the specific security implications associated with unnecessary functions (for example, by removing/disabling FTP or the web server if the server will not be performing those functions). section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_2_2_5_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_5_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_5_b.yaml index b4565e740..bb9d77620 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_5_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_5_b.yaml @@ -3,10 +3,6 @@ control-group: title: 2.5.b. Examine the documentation and security parameters to verify enabled functions are documented and support secure configuration description: Unnecessary functions can provide additional opportunities for malicious individuals to gain access to a system. By removing unnecessary functionality, organizations can focus on securing the functions that are required and reduce the risk that unknown functions will be exploited. Including this in server-hardening standards and processes addresses the specific security implications associated with unnecessary functions (for example, by removing/disabling FTP or the web server if the server will not be performing those functions). section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_a.yaml index 280c095bb..31d0aca58 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_a.yaml @@ -3,10 +3,6 @@ control-group: title: 2.a Examine the organization's system configuration standards for all types of system components and verify the system configuration standards are consistent with industry-accepted hardening standards description: "There are known weaknesses with many operating systems, databases, and enterprise applications, and there are also known ways to configure these systems to fix security vulnerabilities. To help those that are not security experts, a number of security organizations have established system-hardening guidelines and recommendations, which advise how to correct these weaknesses. Examples of sources for guidance on configuration standards include, but are not limited to: www.nist.gov, www.sans.org, and www.cisecurity.org, www.iso.org, and product vendors. System configuration standards must be kept up to date to ensure that newly identified weaknesses are corrected prior to a system being installed on the network." section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_requires_imdsv2 - aws_cloudformation_stack_drift_detection_check diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_d.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_d.yaml index 7423fc7f1..7020bba1e 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_d.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_2_d.yaml @@ -3,10 +3,6 @@ control-group: title: 2.d Verify that system configuration standards include the procedures like changing of all vendor-supplied defaults and elimination of unnecessary default accounts etc. for all types of system components description: "System configuration standards include the following procedures for all types of system components: changing of all vendor-supplied defaults and elimination of unnecessary default accounts, implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same server, enabling only necessary services, protocols, daemons, etc., as required for the function of the system, implementing additional security features for any required services, protocols or daemons that are considered to be insecure, configuring system security parameters to prevent misuse and removing all unnecessary functionality, such as scripts, drivers, features, subsystems, file systems, and unnecessary web servers. There are known weaknesses with many operating systems, databases, and enterprise applications, and there are also known ways to configure these systems to fix security vulnerabilities. To help those that are not security experts, a number of security organizations have established system-hardening guidelines and recommendations, which advise how to correct these weaknesses. Examples of sources for guidance on configuration standards include, but are not limited to: www.nist.gov, www.sans.org, and www.cisecurity.org, www.iso.org, and product vendors. System configuration standards must be kept up to date to ensure that newly identified weaknesses are corrected prior to a system being installed on the network." section-code: d - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_requires_imdsv2 - aws_cloudformation_stack_drift_detection_check diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_3.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_3.yaml index 4aa0b7f92..a89442b16 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_3.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_3.yaml @@ -3,10 +3,6 @@ control-group: title: Encrypt all non-console administrative access using strong cryptography description: If non-console (including remote) administration does not use secure authentication and encrypted communications, sensitive administrative or operational level information (like administrator's IDs and passwords) can be revealed to an eavesdropper. A malicious individual could use this information to access the network, become administrator, and steal data. Clear-text protocols (such as HTTP, telnet, etc.) do not encrypt traffic or logon details, making it easy for an eavesdropper to intercept this information. Select a sample of system components and verify that non-console administrative access is encrypted. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_cloudfront_distribution_encryption_in_transit_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_4.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_4.yaml index 02c00b06d..4398cb7a6 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_4.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_4.yaml @@ -3,10 +3,6 @@ control-group: title: Maintain an inventory of system components that are in scope for PCI DSS description: Maintaining a current list of all system components will enable an organization to accurately and efficiently define the scope of their environment for implementing PCI DSS controls. Without an inventory, some system components could be forgotten, and be inadvertently excluded from the organization's configuration standards. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_2_4_a controls: diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_4_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_4_a.yaml index 1540a2fd2..a67c74bbc 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_4_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_2_4_a.yaml @@ -3,9 +3,5 @@ control-group: title: 4.a Examine system inventory to verify that a list of hardware and software components is maintained and includes a description of function/use for each description: Maintaining a current list of all system components will enable an organization to accurately and efficiently define the scope of their environment for implementing PCI DSS controls. Without an inventory, some system components could be forgotten, and be inadvertently excluded from the organization's configuration standards. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_config_enabled_all_regions diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3.yaml index 0993c9b45..045fe95a2 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3.yaml @@ -3,10 +3,6 @@ control-group: title: "Requirement 3: Protect stored cardholder data" description: Protection methods such as encryption, truncation, masking, and hashing are critical components of cardholder data protection. If an intruder circumvents other security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person. section-code: requirement_3 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_3_1 - id: aws_pci_dss_v321_requirement_3_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_1.yaml index 729cb7b34..752e21e82 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_1.yaml @@ -3,10 +3,6 @@ control-group: title: Keep cardholder data storage to a minimum by implementing data retention and disposal policies, procedures and processes description: "Procedures and processes should include at least the following for all cardholder data (CHD) storage: limiting data storage amount and retention time to that which is required for legal, regulatory, and/or business requirements, specific retention requirements for cardholder data, processes for secure deletion of data when no longer needed, a quarterly process for identifying and securely deleting stored cardholder data that exceeds defined retention. Identifying and deleting stored data that has exceeded its specified retention period prevents unnecessary retention of data that is no longer needed. This process may be automated or manual or a combination of both. For example, a programmatic procedure (automatic or manual) to locate and remove data and/or a manual review of data storage areas could be performed. Implementing secure deletion methods ensure that the data cannot be retrieved when it is no longer needed. Remember, if you don't need it, don't store it!" section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_3_1_a - id: aws_pci_dss_v321_requirement_3_1_c diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_1_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_1_a.yaml index 6c5226d69..3e06a1f3d 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_1_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_1_a.yaml @@ -3,9 +3,5 @@ control-group: title: 1.a Examine the data retention and disposal policies, procedures and processes to verify they satisfy all the requirements for cardholder data (CHD) storage description: "procedures and processes should they include the following for all cardholder data (CHD) storage: limiting data storage amount and retention time to that which is required for legal, regulatory, and/or business requirements, specific requirements for retention of cardholder data (for example, cardholder data needs to be held for X period for Y business reasons), processes for secure deletion of cardholder data when no longer needed for legal, regulatory, or business reasons and a quarterly process for identifying and securely deleting stored cardholder data that exceeds defined retention requirements. Identifying and deleting stored data that has exceeded its specified retention period prevents unnecessary retention of data that is no longer needed. This process may be automated or manual or a combination of both. For example, a programmatic procedure (automatic or manual) to locate and remove data and/or a manual review of data storage areas could be performed. Implementing secure deletion methods ensure that the data cannot be retrieved when it is no longer needed. Remember, if you don't need it, don't store it!" section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_s3_bucket_lifecycle_policy_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_1_c.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_1_c.yaml index 9c8352b1e..edcd4a162 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_1_c.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_1_c.yaml @@ -3,10 +3,6 @@ control-group: title: 1.c For a sample of system components that store cardholder data examine files and system records to verify that the data stored does not exceed the requirements defined in the data retention policy and observe the deletion mechanism to verify data is deleted securely description: Identifying and deleting stored data that has exceeded its specified retention period prevents unnecessary retention of data that is no longer needed. This process may be automated or manual or a combination of both. For example, a programmatic procedure (automatic or manual) to locate and remove data and/or a manual review of data storage areas could be performed. Implementing secure deletion methods ensure that the data cannot be retrieved when it is no longer needed. Remember, if you don't need it, don't store it! section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_2.yaml index f3761c82e..f8787c4d2 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_2.yaml @@ -3,10 +3,6 @@ control-group: title: Do not store sensitive authentication data after authorization (even if encrypted) description: If sensitive authentication data is received, render all data unrecoverable upon completion of the authorization process. It is permissible for issuers and companies that support issuing services to store sensitive authentication data if there is a business justification and the data is stored securely. Sensitive authentication data includes the data as cited in the following Requirements 3.2.1 through 3.2.3. Sensitive authentication data consists of full track data, card validation code or value, and PIN data. Storage of sensitive authentication data after authorization is prohibited! This data is very valuable to malicious individuals as it allows them to generate counterfeit payment cards and create fraudulent transactions. Entities that issue payment cards or that perform or support issuing services will often create and control sensitive authentication data as part of the issuing function. It is allowable for companies that perform, facilitate, or support issuing services to store sensitive authentication data ONLY IF they have a legitimate business need to store such data. It should be noted that all PCI DSS requirements apply to issuers, and the only exception for issuers and issuer processors is that sensitive authentication data may be retained if there is a legitimate reason to do so. A legitimate reason is one that is necessary for the performance of the function being provided for the issuer and not one of convenience. Any such data must be stored securely and in accordance with all PCI DSS and specific payment brand requirements. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_3_2_3 - id: aws_pci_dss_v321_requirement_3_2_c diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_2_3.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_2_3.yaml index 4ddefbe1b..d99bba0b8 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_2_3.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_2_3.yaml @@ -3,10 +3,6 @@ control-group: title: 2.3 Do not store the personal identification number (PIN) or the encrypted PIN block after authorization description: "These values should be known only to the card owner or bank that issued the card. If this data is stolen, malicious individuals can execute fraudulent PIN-based debit transactions (for example, ATM withdrawals). For a sample of system components, examine data sources, including but not limited to the following and verify that PINs and encrypted PIN blocks are not stored after authorization: incoming transaction data, all logs (for example, transaction, history, debugging, error), history files, trace files, several database schemas, database contents" section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_2_c.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_2_c.yaml index 4de8c1378..c8dccab26 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_2_c.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_2_c.yaml @@ -3,9 +3,5 @@ control-group: title: 2.c For all other entities, if sensitive authentication data is received, review policies and procedures, and examine system configurations to verify the data is not retained after authorization description: Sensitive authentication data consists of full track data, card validation code or value, and PIN data. Storage of sensitive authentication data after authorization is prohibited! This data is very valuable to malicious individuals as it allows them to generate counterfeit payment cards and create fraudulent transactions. Entities that issue payment cards or that perform or support issuing services will often create and control sensitive authentication data as part of the issuing function. It is allowable for companies that perform, facilitate, or support issuing services to store sensitive authentication data ONLY IF they have a legitimate business need to store such data. It should be noted that all PCI DSS requirements apply to issuers, and the only exception for issuers and issuer processors is that sensitive authentication data may be retained if there is a legitimate reason to do so. A legitimate reason is one that is necessary for the performance of the function being provided for the issuer and not one of convenience. Any such data must be stored securely and in accordance with all PCI DSS and specific payment brand requirements. section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_s3_bucket_lifecycle_policy_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4.yaml index 149d83d30..1922135de 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4.yaml @@ -3,10 +3,6 @@ control-group: title: Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) by using approaches like one-way hashes based on strong cryptography, truncation etc description: "The following approaches should be used to render PAN unreadable anywhere it is stored: One-way hashes based on strong cryptography, (hash must be of the entire PAN), truncation (hashing cannot be used to replace the truncated segment of PAN), index tokens and pads (pads must be securely stored) and strong cryptography with associated key-management processes and procedures. Note: It is a relatively trivial effort for a malicious individual to reconstruct original PAN data if they have access to both the truncated and hashed version of a PAN. Where hashed and truncated versions of the same PAN are present in an entity's environment, additional controls must be in place to ensure that the hashed and truncated versions cannot be correlated to reconstruct the original PAN. PANs stored in primary storage (databases, or flat files such as text files spreadsheets) as well as non-primary storage (backup, audit logs, exception or troubleshooting logs) must all be protected. One-way hash functions based on strong cryptography can be used to render cardholder data unreadable. Hash functions are appropriate when there is no need to retrieve the original number (one-way hashes are irreversible). It is recommended, but not currently a requirement, that an additional, random input value be added to the cardholder data prior to hashing to reduce the feasibility of an attacker comparing the data against (and deriving the PAN from) tables of pre- computed hash values. The intent of truncation is to permanently remove a segment of PAN data so that only a portion (generally not to exceed the first six and last four digits) of the PAN is stored. An index token is a cryptographic token that replaces the PAN based on a given index for an unpredictable value. A one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted using a matching one-time pad and key. The intent of strong cryptography (as defined in the PCI DSS and PA-DSS Glossary of Terms, Abbreviations, and Acronyms) is that the encryption be based on an industry-tested and accepted algorithm (not a proprietary or `home- grown` algorithm) with strong cryptographic keys. By correlating hashed and truncated versions of a given PAN, a malicious individual may easily derive the original PAN value. Controls that prevent the correlation of this data will help ensure that the original PAN remains unreadable." section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_3_4_1 - id: aws_pci_dss_v321_requirement_3_4_a diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_1.yaml index cd6cd7985..721049a33 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_1.yaml @@ -3,10 +3,6 @@ control-group: title: 4.1 If disk encryption is used (rather than file- or column-level database encryption), logical access must be managed separately and independently of native operating system authentication and access control mechanisms (for example, by not using local user account databases or general network login credentials) description: "Decryption keys must not be associated with user accounts. Note: This requirement applies in addition to all other PCI DSS encryption and key- management requirements. PANs stored in primary storage (databases, or flat files such as text files spreadsheets) as well as non-primary storage (backup, audit logs, exception or troubleshooting logs) must all be protected. One-way hash functions based on strong cryptography can be used to render cardholder data unreadable. Hash functions are appropriate when there is no need to retrieve the original number (one-way hashes are irreversible). It is recommended, but not currently a requirement, that an additional, random input value be added to the cardholder data prior to hashing to reduce the feasibility of an attacker comparing the data against (and deriving the PAN from) tables of pre- computed hash values. The intent of truncation is to permanently remove a segment of PAN data so that only a portion (generally not to exceed the first six and last four digits) of the PAN is stored. An index token is a cryptographic token that replaces the PAN based on a given index for an unpredictable value. A one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted using a matching one-time pad and key. The intent of strong cryptography (as defined in the PCI DSS and PA-DSS Glossary of Terms, Abbreviations, and Acronyms) is that the encryption be based on an industry-tested and accepted algorithm (not a proprietary or `home-grown` algorithm) with strong cryptographic keys. By correlating hashed and truncated versions of a given PAN, a malicious individual may easily derive the original PAN value. Controls that prevent the correlation of this data will help ensure that the original PAN remains unreadable." section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_3_4_1_a - id: aws_pci_dss_v321_requirement_3_4_1_c diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_1_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_1_a.yaml index bef253996..d587b5db4 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_1_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_1_a.yaml @@ -3,10 +3,6 @@ control-group: title: 4.1.a If disk encryption is used, inspect the configuration and observe the authentication process to verify that logical access to encrypted file systems is implemented via a mechanism that is separate from the native operating system's authentication mechanism (for example, not using local user account databases or general network login credentials) description: "The intent of this requirement is to address the acceptability of disk-level encryption for rendering cardholder data unreadable. Disk-level encryption encrypts the entire disk/partition on a computer and automatically decrypts the information when an authorized user requests it. Many disk- encryption solutions intercept operating system read/write operations and carry out the appropriate cryptographic transformations without any special action by the user other than supplying a password or pass phrase upon system startup or at the beginning of a session. Based on these characteristics of disk-level encryption, to be compliant with this requirement, the method cannot: 1) Use the same user account authenticator as the operating system, or 2) Use a decryption key that is associated with or derived from the system's local user account database or general network login credentials. Full disk encryption helps to protect data in the event of physical loss of a disk and therefore may be appropriate for portable devices that store cardholder data." section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_1_c.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_1_c.yaml index 30a5ef359..ce5f7cfe3 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_1_c.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_1_c.yaml @@ -3,10 +3,6 @@ control-group: title: 4.1.c Examine the configurations and observe the processes to verify that cardholder data on removable media is encrypted wherever stored description: "Note: If disk encryption is not used to encrypt removable media, the data stored on this media will need to be rendered unreadable through some other method. The intent of this requirement is to address the acceptability of disk-level encryption for rendering cardholder data unreadable. Disk-level encryption encrypts the entire disk/partition on a computer and automatically decrypts the information when an authorized user requests it. Many disk- encryption solutions intercept operating system read/write operations and carry out the appropriate cryptographic transformations without any special action by the user other than supplying a password or pass phrase upon system startup or at the beginning of a session. Based on these characteristics of disk-level encryption, to be compliant with this requirement, the method cannot: 1) Use the same user account authenticator as the operating system, or 2) Use a decryption key that is associated with or derived from the system's local user account database or general network login credentials. Full disk encryption helps to protect data in the event of physical loss of a disk and therefore may be appropriate for portable devices that store cardholder data." section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_a.yaml index 790cb2a44..6911a3c12 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_a.yaml @@ -3,10 +3,6 @@ control-group: title: 4.a Examine documentation about the system used to protect the PAN, including the vendor, type of system/process, and the encryption algorithms (if applicable) to verify that the PAN is rendered unreadable using methods like truncation,one-way hashes based on strong cryptography etc description: "Verify documentation about the system used to protect the PAN, including the vendor, type of system/process, and the encryption algorithms (if applicable) to verify that the PAN is rendered unreadable using any of the following methods: One-way hashes based on strong cryptography, truncation, index tokens and pads with the pads being securely stored, strong cryptography, with associated key-management processes and procedures. PANs stored in primary storage (databases, or flat files such as text files spreadsheets) as well as non-primary storage (backup, audit logs, exception or troubleshooting logs) must all be protected. One-way hash functions based on strong cryptography can be used to render cardholder data unreadable. Hash functions are appropriate when there is no need to retrieve the original number (one-way hashes are irreversible). It is recommended, but not currently a requirement, that an additional, random input value be added to the cardholder data prior to hashing to reduce the feasibility of an attacker comparing the data against (and deriving the PAN from) tables of pre- computed hash values. The intent of truncation is to permanently remove a segment of PAN data so that only a portion (generally not to exceed the first six and last four digits) of the PAN is stored. An index token is a cryptographic token that replaces the PAN based on a given index for an unpredictable value. A one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted using a matching one-time pad and key. The intent of strong cryptography (as defined in the PCI DSS and PA-DSS Glossary of Terms, Abbreviations, and Acronyms) is that the encryption be based on an industry-tested and accepted algorithm (not a proprietary or `home-grown` algorithm) with strong cryptographic keys. By correlating hashed and truncated versions of a given PAN, a malicious individual may easily derive the original PAN value. Controls that prevent the correlation of this data will help ensure that the original PAN remains unreadable." section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_b.yaml index ee285445b..5ed28d048 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_b.yaml @@ -3,10 +3,6 @@ control-group: title: 4.b Examine several tables or files from a sample of data repositories to verify the PAN is rendered unreadable (that is, not stored in plain-text) description: PANs stored in primary storage (databases, or flat files such as text files spreadsheets) as well as non-primary storage (backup, audit logs, exception or troubleshooting logs) must all be protected. One-way hash functions based on strong cryptography can be used to render cardholder data unreadable. Hash functions are appropriate when there is no need to retrieve the original number (one-way hashes are irreversible). It is recommended, but not currently a requirement, that an additional, random input value be added to the cardholder data prior to hashing to reduce the feasibility of an attacker comparing the data against (and deriving the PAN from) tables of pre- computed hash values. The intent of truncation is to permanently remove a segment of PAN data so that only a portion (generally not to exceed the first six and last four digits) of the PAN is stored. An index token is a cryptographic token that replaces the PAN based on a given index for an unpredictable value. A one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted using a matching one-time pad and key. The intent of strong cryptography (as defined in the PCI DSS and PA-DSS Glossary of Terms, Abbreviations, and Acronyms) is that the encryption be based on an industry-tested and accepted algorithm (not a proprietary or `home- grown` algorithm) with strong cryptographic keys. By correlating hashed and truncated versions of a given PAN, a malicious individual may easily derive the original PAN value. Controls that prevent the correlation of this data will help ensure that the original PAN remains unreadable. section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_backup_recovery_point_encryption_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_d.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_d.yaml index 0957d70e9..a488e9bfc 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_d.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_4_d.yaml @@ -3,10 +3,6 @@ control-group: title: 4.d Examine a sample of audit logs, including payment application logs, to confirm that PAN is rendered unreadable or is not present in the logs description: PANs stored in primary storage (databases, or flat files such as text files spreadsheets) as well as non-primary storage (backup, audit logs, exception or troubleshooting logs) must all be protected. One-way hash functions based on strong cryptography can be used to render cardholder data unreadable. Hash functions are appropriate when there is no need to retrieve the original number (one-way hashes are irreversible). It is recommended, but not currently a requirement, that an additional, random input value be added to the cardholder data prior to hashing to reduce the feasibility of an attacker comparing the data against (and deriving the PAN from) tables of pre- computed hash values. The intent of truncation is to permanently remove a segment of PAN data so that only a portion (generally not to exceed the first six and last four digits) of the PAN is stored. An index token is a cryptographic token that replaces the PAN based on a given index for an unpredictable value. A one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted using a matching one-time pad and key. The intent of strong cryptography (as defined in the PCI DSS and PA-DSS Glossary of Terms, Abbreviations, and Acronyms) is that the encryption be based on an industry-tested and accepted algorithm (not a proprietary or 'home-grown` algorithm) with strong cryptographic keys. By correlating hashed and truncated versions of a given PAN, a malicious individual may easily derive the original PAN value. Controls that prevent the correlation of this data will help ensure that the original PAN remains unreadable. section-code: d - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_5.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_5.yaml index 2886f0a32..931e1bc3b 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_5.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_5.yaml @@ -3,9 +3,5 @@ control-group: title: Document and implement procedures to protect keys used to secure stored cardholder data against disclosure and misuse description: "Note: This requirement applies to keys used to encrypt stored cardholder data, and also applies to key-encrypting keys used to protect data-encrypting keys—such key- encrypting keys must be at least as strong as the data-encrypting key. Cryptographic keys must be strongly protected because those who obtain access will be able to decrypt data. Key-encrypting keys, if used, must be at least as strong as the data-encrypting key in order to ensure proper protection of the key that encrypts the data as well as the data encrypted with that key. The requirement to protect keys from disclosure and misuse applies to both data-encrypting keys and key-encrypting keys. Because one key- encrypting key may grant access to many data- encrypting keys, the key-encrypting keys require strong protection measures." section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_3_5_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_5_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_5_2.yaml index fe8a076d2..88d9f95c8 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_5_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_5_2.yaml @@ -3,10 +3,6 @@ control-group: title: 5.2 Restrict access to cryptographic keys to the fewest number of custodians necessary description: There should be very few who have access to cryptographic keys (reducing the potential for rending cardholder data visible by unauthorized parties), usually only those who have key custodian responsibilities. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_policy_custom_no_blocked_kms_actions - aws_iam_policy_inline_no_blocked_kms_actions diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_6.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_6.yaml index 7b8d9127b..43850137a 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_6.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_6.yaml @@ -3,9 +3,5 @@ control-group: title: Fully document and implement all key-management processes and procedures for cryptographic keys used for encryption of cardholder data description: "Note: Numerous industry standards for key management are available from various resources including NIST, which can be found at http://csrc.nist.gov. The manner in which cryptographic keys are managed is a critical part of the continued security of the encryption solution. A good key- management process, whether it is manual or automated as part of the encryption product, is based on industry standards and addresses all key elements at 3.6.1 through 3.6.8. Providing guidance to customers on how to securely transmit, store and update cryptographic keys can help prevent keys from being mismanaged or disclosed to unauthorized entities. This requirement applies to keys used to encrypt stored cardholder data, and any respective key- encrypting keys. Note: Testing Procedure 3.6.a is an additional procedure that only applies if the entity being assessed is a service provider." section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_3_6_4 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_6_4.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_6_4.yaml index d49cb278a..6dad766dd 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_6_4.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_6_4.yaml @@ -3,10 +3,6 @@ control-group: title: 6.4 Cryptographic key changes for keys that have reached the end of their cryptoperiod (for example, after a defined period of time has passed and/or after a certain amount of cipher-text has been produced by a given key), as defined by the associated application vendor or key owner, and based on industry best practices and guidelines description: A cryptoperiod is the time span during which a particular cryptographic key can be used for its defined purpose. Considerations for defining the cryptoperiod include, but are not limited to, the strength of the underlying algorithm, size or length of the key, risk of key compromise, and the sensitivity of the data being encrypted. Periodic changing of encryption keys when the keys have reached the end of their cryptoperiod is imperative to minimize the risk of someone's obtaining the encryption keys, and using them to decrypt data. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_3_6_4_a controls: diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_6_4_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_6_4_a.yaml index b88986238..9cd26cbaf 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_6_4_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_3_6_4_a.yaml @@ -3,10 +3,6 @@ control-group: title: 6.4.a Verify that key-management procedures include a defined cryptoperiod for each key type in use and define a process for key changes at the end of the defined cryptoperiod(s) description: A cryptoperiod is the time span during which a particular cryptographic key can be used for its defined purpose. Considerations for defining the cryptoperiod include, but are not limited to, the strength of the underlying algorithm, size or length of the key, risk of key compromise, and the sensitivity of the data being encrypted. Periodic changing of encryption keys when the keys have reached the end of their cryptoperiod is imperative to minimize the risk of someone’s obtaining the encryption keys, and using them to decrypt data. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_policy_custom_no_blocked_kms_actions - aws_iam_policy_inline_no_blocked_kms_actions diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4.yaml index 923122abc..ed08cb194 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4.yaml @@ -3,9 +3,5 @@ control-group: title: "Requirement 4: Encrypt transmission of cardholder data across open, public networks" description: Sensitive information must be encrypted during transmission over networks that are easily accessed by malicious individuals. Misconfigured wireless networks and vulnerabilities in legacy encryption and authentication protocols continue to be targets of malicious individuals who exploit these vulnerabilities to gain privileged access to cardholder data environments. section-code: requirement_4 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_4_1 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1.yaml index 795f34efc..5219ac5a2 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1.yaml @@ -3,10 +3,6 @@ control-group: title: Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks description: "Following should be used to safeguard sensitive cardholder data during transmission over open, public networks: only trusted keys and certificates are accepted, the protocol in use only supports secure versions or configurations and the encryption strength is appropriate for the encryption methodology in use. Examples of open, public networks include but are not limited to the Internet, wireless technologies, including 802.11 and Bluetooth, cellular technologies, for example, Global System for Mobile communications (GSM), Code division multiple access (CDMA), general Packet Radio Service (GPRS) and satellite communications. Sensitive information must be encrypted during transmission over public networks, because it is easy and common for a malicious individual to intercept and/or divert data while in transit. Secure transmission of cardholder data requires using trusted keys/certificates, a secure protocol for transport, and proper encryption strength to encrypt cardholder data. Connection requests from systems that do not support the required encryption strength, and that would result in an insecure connection, should not be accepted. Note that some protocol implementations (such as SSL, SSH v1.0, and early TLS) have known vulnerabilities that an attacker can use to gain control of the affected system. Whichever security protocol is used, ensure it is configured to use only secure versions and configurations to prevent use of an insecure connection—for example, by using only trusted certificates and supporting only strong encryption (not supporting weaker, insecure protocols or methods). Verifying that certificates are trusted (for example, have not expired and are issued from a trusted source) helps ensure the integrity of the secure connection. Generally, the web page URL should begin with `HTTPS` and/or the web browser display a padlock icon somewhere in the window of the browser. Many TLS certificate vendors also provide a highly visible verification seal— sometimes referred to as a “security seal,” `secure site seal,` or “secure trust seal”)—which may provide the ability to click on the seal to reveal information about the website. Refer to industry standards and best practices for information on strong cryptography and secure protocols (e.g., NIST SP 800-52 and SP 800-57, OWASP, etc.) Note: SSL/early TLS is not considered strong cryptography and may not be used as a security control, except by POS POI terminals that are verified as not being susceptible to known exploits and the termination points to which they connect as defined in Appendix A2." section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_4_1_a - id: aws_pci_dss_v321_requirement_4_1_d diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_a.yaml index 2ffe5ca79..2389cfd4f 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_a.yaml @@ -3,10 +3,6 @@ control-group: title: 1.a Identify all locations where cardholder data is transmitted or received over open, public networks description: "Examine documented standards and compare to system configurations to verify the use of security protocols and strong cryptography for all locations. Sensitive information must be encrypted during transmission over public networks, because it is easy and common for a malicious individual to intercept and/or divert data while in transit. Secure transmission of cardholder data requires using trusted keys/certificates, a secure protocol for transport, and proper encryption strength to encrypt cardholder data. Connection requests from systems that do not support the required encryption strength, and that would result in an insecure connection, should not be accepted. Note that some protocol implementations (such as SSL, SSH v1.0, and early TLS) have known vulnerabilities that an attacker can use to gain control of the affected system. Whichever security protocol is used, ensure it is configured to use only secure versions and configurations to prevent use of an insecure connection—for example, by using only trusted certificates and supporting only strong encryption (not supporting weaker, insecure protocols or methods). Verifying that certificates are trusted (for example, have not expired and are issued from a trusted source) helps ensure the integrity of the secure connection. Generally, the web page URL should begin with `HTTPS` and/or the web browser display a padlock icon somewhere in the window of the browser. Many TLS certificate vendors also provide a highly visible verification seal— sometimes referred to as a “security seal,” `secure site seal,` or “secure trust seal”)—which may provide the ability to click on the seal to reveal information about the website. Refer to industry standards and best practices for information on strong cryptography and secure protocols (e.g., NIST SP 800-52 and SP 800-57, OWASP, etc.) Note: SSL/early TLS is not considered strong cryptography and may not be used as a security control, except by POS POI terminals that are verified as not being susceptible to known exploits and the termination points to which they connect as defined in Appendix A2." section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_cloudfront_distribution_custom_origins_encryption_in_transit_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_d.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_d.yaml index 0b624f6c2..14a1cf218 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_d.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_d.yaml @@ -3,10 +3,6 @@ control-group: title: 1.d Examine keys and certificates to verify that only trusted keys and/or certificates are accepted description: "Sensitive information must be encrypted during transmission over public networks, because it is easy and common for a malicious individual to intercept and/or divert data while in transit. Secure transmission of cardholder data requires using trusted keys/certificates, a secure protocol for transport, and proper encryption strength to encrypt cardholder data. Connection requests from systems that do not support the required encryption strength, and that would result in an insecure connection, should not be accepted. Note that some protocol implementations (such as SSL, SSH v1.0, and early TLS) have known vulnerabilities that an attacker can use to gain control of the affected system. Whichever security protocol is used, ensure it is configured to use only secure versions and configurations to prevent use of an insecure connection—for example, by using only trusted certificates and supporting only strong encryption (not supporting weaker, insecure protocols or methods). Verifying that certificates are trusted (for example, have not expired and are issued from a trusted source) helps ensure the integrity of the secure connection. Generally, the web page URL should begin with `HTTPS` and/or the web browser display a padlock icon somewhere in the window of the browser. Many TLS certificate vendors also provide a highly visible verification seal— sometimes referred to as a “security seal,” `secure site seal,` or “secure trust seal”)—which may provide the ability to click on the seal to reveal information about the website. Refer to industry standards and best practices for information on strong cryptography and secure protocols (e.g., NIST SP 800-52 and SP 800-57, OWASP, etc.) Note: SSL/early TLS is not considered strong cryptography and may not be used as a security control, except by POS POI terminals that are verified as not being susceptible to known exploits and the termination points to which they connect as defined in Appendix A2." section-code: d - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_elb_classic_lb_use_ssl_certificate diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_e.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_e.yaml index e304ae62a..65beb5068 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_e.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_e.yaml @@ -3,10 +3,6 @@ control-group: title: 1.e Examine system configurations to verify that the protocol is implemented to use only secure configurations and does not support insecure versions or configurations description: "Sensitive information must be encrypted during transmission over public networks, because it is easy and common for a malicious individual to intercept and/or divert data while in transit. Secure transmission of cardholder data requires using trusted keys/certificates, a secure protocol for transport, and proper encryption strength to encrypt cardholder data. Connection requests from systems that do not support the required encryption strength, and that would result in an insecure connection, should not be accepted. Note that some protocol implementations (such as SSL, SSH v1.0, and early TLS) have known vulnerabilities that an attacker can use to gain control of the affected system. Whichever security protocol is used, ensure it is configured to use only secure versions and configurations to prevent use of an insecure connection—for example, by using only trusted certificates and supporting only strong encryption (not supporting weaker, insecure protocols or methods). Verifying that certificates are trusted (for example, have not expired and are issued from a trusted source) helps ensure the integrity of the secure connection. Generally, the web page URL should begin with `HTTPS` and/or the web browser display a padlock icon somewhere in the window of the browser. Many TLS certificate vendors also provide a highly visible verification seal— sometimes referred to as a “security seal,” `secure site seal,` or “secure trust seal”)—which may provide the ability to click on the seal to reveal information about the website. Refer to industry standards and best practices for information on strong cryptography and secure protocols (e.g., NIST SP 800-52 and SP 800-57, OWASP, etc.) Note: SSL/early TLS is not considered strong cryptography and may not be used as a security control, except by POS POI terminals that are verified as not being susceptible to known exploits and the termination points to which they connect as defined in Appendix A2." section-code: e - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudfront_distribution_no_deprecated_ssl_protocol - aws_vpc_flow_logs_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_f.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_f.yaml index 1cf232392..776313738 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_f.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_f.yaml @@ -3,10 +3,6 @@ control-group: title: 1.f Examine system configurations to verify that the proper encryption strength is implemented for the encryption methodology in use description: "Sensitive information must be encrypted during transmission over public networks, because it is easy and common for a malicious individual to intercept and/or divert data while in transit. Secure transmission of cardholder data requires using trusted keys/certificates, a secure protocol for transport, and proper encryption strength to encrypt cardholder data. Connection requests from systems that do not support the required encryption strength, and that would result in an insecure connection, should not be accepted. Note that some protocol implementations (such as SSL, SSH v1.0, and early TLS) have known vulnerabilities that an attacker can use to gain control of the affected system. Whichever security protocol is used, ensure it is configured to use only secure versions and configurations to prevent use of an insecure connection—for example, by using only trusted certificates and supporting only strong encryption (not supporting weaker, insecure protocols or methods). Verifying that certificates are trusted (for example, have not expired and are issued from a trusted source) helps ensure the integrity of the secure connection. Generally, the web page URL should begin with `HTTPS` and/or the web browser display a padlock icon somewhere in the window of the browser. Many TLS certificate vendors also provide a highly visible verification seal— sometimes referred to as a “security seal,” `secure site seal,` or “secure trust seal”)—which may provide the ability to click on the seal to reveal information about the website. Refer to industry standards and best practices for information on strong cryptography and secure protocols (e.g., NIST SP 800-52 and SP 800-57, OWASP, etc.) Note: SSL/early TLS is not considered strong cryptography and may not be used as a security control, except by POS POI terminals that are verified as not being susceptible to known exploits and the termination points to which they connect as defined in Appendix A2." section-code: f - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudfront_distribution_no_deprecated_ssl_protocol - aws_vpc_flow_logs_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_g.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_g.yaml index e7dc0e40b..5d94dac20 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_g.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_4_1_g.yaml @@ -3,10 +3,6 @@ control-group: title: 1.g For TLS implementations, examine system configurations to verify that TLS is enabled whenever cardholder data is transmitted or received description: "For example, for browser-based implementations “HTTPS” appears as the browser Universal Record Locator (URL) protocol, and cardholder data is only requested if “HTTPS” appears as part of the URL. Sensitive information must be encrypted during transmission over public networks, because it is easy and common for a malicious individual to intercept and/or divert data while in transit. Secure transmission of cardholder data requires using trusted keys/certificates, a secure protocol for transport, and proper encryption strength to encrypt cardholder data. Connection requests from systems that do not support the required encryption strength, and that would result in an insecure connection, should not be accepted. Note that some protocol implementations (such as SSL, SSH v1.0, and early TLS) have known vulnerabilities that an attacker can use to gain control of the affected system. Whichever security protocol is used, ensure it is configured to use only secure versions and configurations to prevent use of an insecure connection—for example, by using only trusted certificates and supporting only strong encryption (not supporting weaker, insecure protocols or methods). Verifying that certificates are trusted (for example, have not expired and are issued from a trusted source) helps ensure the integrity of the secure connection. Generally, the web page URL should begin with `HTTPS` and/or the web browser display a padlock icon somewhere in the window of the browser. Many TLS certificate vendors also provide a highly visible verification seal— sometimes referred to as a “security seal,” `secure site seal,` or “secure trust seal”)—which may provide the ability to click on the seal to reveal information about the website. Refer to industry standards and best practices for information on strong cryptography and secure protocols (e.g., NIST SP 800-52 and SP 800-57, OWASP, etc.) Note: SSL/early TLS is not considered strong cryptography and may not be used as a security control, except by POS POI terminals that are verified as not being susceptible to known exploits and the termination points to which they connect as defined in Appendix A2." section-code: g - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_cloudfront_distribution_custom_origins_encryption_in_transit_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5.yaml index 0898134fb..8f1f51de8 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5.yaml @@ -3,10 +3,6 @@ control-group: title: "Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs" description: Malicious software, commonly referred to as “malware”—including viruses, worms, and Trojans—enters the network during many businessapproved activities including employee e-mail and use of the Internet, mobile computers, and storage devices, resulting in the exploitation of system vulnerabilities. Anti-virus software must be used on all systems commonly affected by malware to protect systems from current and evolving malicious software threats section-code: requirement_5 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_5_1 - id: aws_pci_dss_v321_requirement_5_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5_1.yaml index a4558f814..b7dca4f1d 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5_1.yaml @@ -3,9 +3,5 @@ control-group: title: For a sample of system components including all operating system types commonly affected by malicious software, verify that anti-virus software is deployed if applicable anti-virus technology exists description: There is a constant stream of attacks using widely published exploits, often called `zero day` (an attack that exploits a previously unknown vulnerability), against otherwise secured systems. Without an anti-virus solution that is updated regularly, these new forms of malicious software can attack systems, disable a network, or lead to compromise of data. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5_2.yaml index a1b475250..c86d906ec 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5_2.yaml @@ -3,9 +3,5 @@ control-group: title: Ensure that all anti-virus mechanisms are maintained description: "Anti-virus mechanisms should be maintained as follows: are kept current, perform periodic scans and generate audit logs which are retained per PCI DSS Requirement 10.7. Even the best anti-virus solutions are limited in effectiveness if they are not maintained and kept current with the latest security updates, signature files, or malware protections. Audit logs provide the ability to monitor virus and malware activity and anti-malware reactions. Thus, it is imperative that anti-malware solutions be configured to generate audit logs and that these logs be managed in accordance with Requirement 10." section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_5_2_c diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5_2_c.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5_2_c.yaml index d25faa34f..396e0f60f 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5_2_c.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_5_2_c.yaml @@ -3,9 +3,5 @@ control-group: title: 2.c Examine a sample of system components, including all operating system types commonly affected by malicious software, to verify that the anti-virus software and definitions are current and periodic scans are performed description: Even the best anti-virus solutions are limited in effectiveness if they are not maintained and kept current with the latest security updates, signature files, or malware protections. Audit logs provide the ability to monitor virus and malware activity and anti-malware reactions. Thus, it is imperative that anti-malware solutions be configured to generate audit logs and that these logs be managed in accordance with Requirement 10. section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ssm_managed_instance_compliance_association_compliant diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6.yaml index 16ed35dee..2f9d5b920 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6.yaml @@ -3,10 +3,6 @@ control-group: title: "Requirement 6: Develop and maintain secure systems and applications" description: Unscrupulous individuals use security vulnerabilities to gain privileged access to systems. Many of these vulnerabilities are fixed by vendorprovided security patches, which must be installed by the entities that manage the systems. section-code: requirement_6 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_6_1 - id: aws_pci_dss_v321_requirement_6_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_1.yaml index 614cb692d..a488d3f31 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_1.yaml @@ -3,9 +3,5 @@ control-group: title: Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking (for example, as “high,” “medium,” or “low”) to newly discovered security vulnerabilities description: The intent of this requirement is that organizations keep up to date with new vulnerabilities that may impact their environment. Sources for vulnerability information should be trustworthy and often include vendor websites, industry news groups, mailing list, or RSS feeds. Once an organization identifies a vulnerability that could affect their environment, the risk that the vulnerability poses must be evaluated and ranked. The organization must therefore have a method in place to evaluate vulnerabilities on an ongoing basis and assign risk rankings to those vulnerabilities. This is not achieved by an ASV scan or internal vulnerability scan, rather this requires a process to actively monitor industry sources for vulnerability information. Classifying the risks (for example, as “high,” “medium,” or “low”) allows organizations to identify, prioritize, and address the highest risk items more quickly and reduce the likelihood that vulnerabilities posing the greatest risk will be exploited. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_6_1_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_1_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_1_b.yaml index c0ad52ce9..130c4555c 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_1_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_1_b.yaml @@ -3,9 +3,5 @@ control-group: title: 1.b Interview responsible personnel and observe processes to verify that new security vulnerabilities are identified, a risk ranking is assigned to vulnerabilities that includes identification of all “high risk” and “critical” vulnerabilities and processes to identify new security vulnerabilities include using reputable outside sources for security vulnerability information description: The intent of this requirement is that organizations keep up to date with new vulnerabilities that may impact their environment. Sources for vulnerability information should be trustworthy and often include vendor websites, industry news groups, mailing list, or RSS feeds. Once an organization identifies a vulnerability that could affect their environment, the risk that the vulnerability poses must be evaluated and ranked. The organization must therefore have a method in place to evaluate vulnerabilities on an ongoing basis and assign risk rankings to those vulnerabilities. This is not achieved by an ASV scan or internal vulnerability scan, rather this requires a process to actively monitor industry sources for vulnerability information. Classifying the risks (for example, as “high,” “medium,” or “low”) allows organizations to identify, prioritize, and address the highest risk items more quickly and reduce the likelihood that vulnerabilities posing the greatest risk will be exploited. section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_2.yaml index b223383de..31a6c45f4 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_2.yaml @@ -3,10 +3,6 @@ control-group: title: Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor- supplied security patches description: "Install critical security patches within one month of release. Note: Critical security patches should be identified according to the risk ranking process defined in Requirement 6.1. There is a constant stream of attacks using widely published exploits, often called `zero day` (an attack that exploits a previously unknown vulnerability), against otherwise secured systems. If the most recent patches are not implemented on critical systems as soon as possible, a malicious individual can use these exploits to attack or disable a system, or gain access to sensitive data. Prioritizing patches for critical infrastructure ensures that high-priority systems and devices are protected from vulnerabilities as soon as possible after a patch is released. Consider prioritizing patch installations such that security patches for critical or at-risk systems are installed within 30 days, and other lower-risk patches are installed within 2-3 months. This requirement applies to applicable patches for all installed software, including payment applications (both those that are PA-DSS validated and those that are not)." section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_6_2_b controls: diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_2_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_2_b.yaml index f8a8efcfb..5c8a8bd88 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_2_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_2_b.yaml @@ -3,10 +3,6 @@ control-group: title: 2.b For a sample of system components and related software, compare the list of security patches installed on each system to the most recent vendor security-patch list, to verify that the applicable critical vendor-supplied security patches are installed within one month of release, all applicable vendor-supplied security patches are installed within an appropriate time frame (for example, within three months) description: There is a constant stream of attacks using widely published exploits, often called `zero day` (an attack that exploits a previously unknown vulnerability), against otherwise secured systems. If the most recent patches are not implemented on critical systems as soon as possible, a malicious individual can use these exploits to attack or disable a system, or gain access to sensitive data. Prioritizing patches for critical infrastructure ensures that high-priority systems and devices are protected from vulnerabilities as soon as possible after a patch is released. Consider prioritizing patch installations such that security patches for critical or at-risk systems are installed within 30 days, and other lower-risk patches are installed within 2-3 months. This requirement applies to applicable patches for all installed software, including payment applications (both those that are PA-DSS validated and those that are not). section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_eks_cluster_with_latest_kubernetes_version - aws_rds_db_instance_automatic_minor_version_upgrade_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3.yaml index 28017f811..53a08fbbc 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3.yaml @@ -3,10 +3,6 @@ control-group: title: Develop internal and external software applications (including web-based administrative access to applications) securely description: "Develop internal and external software application securely as follows: in accordance with PCI DSS (for example, secure authentication and logging), based on industry standards and/or best practices, incorporating information security throughout the software-development life cycle. Note: this applies to all software developed internally as well as bespoke or custom software developed by a third party. Without the inclusion of security during the requirements definition, design, analysis, and testing phases of software development, security vulnerabilities can be inadvertently or maliciously introduced into the production environment. Understanding how sensitive data is handled by the application—including when stored, transmitted, and when in memory—can help identify where data needs to be protected." section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_6_3_1 - id: aws_pci_dss_v321_requirement_6_3_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_1.yaml index d27a23056..649888eca 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_1.yaml @@ -3,10 +3,6 @@ control-group: title: 3.1 Examine written software-development procedures and interview responsible personnel to verify that pre-production and/or custom application accounts, user IDs and/or passwords are removed before an application goes into production or is released to customers description: Development, test and/or custom application accounts, user IDs, and passwords should be removed from production code before the application becomes active or is released to customers, since these items may give away information about the functioning of the application. Possession of such information could facilitate compromise of the application and related cardholder data. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_2.yaml index 79b41efcb..180b499b5 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_2.yaml @@ -3,9 +3,5 @@ control-group: title: 3.2 Review custom code prior to release to production or customers in order to identify any potential coding vulnerability (using either manual or automated processes) description: "Custom code prior to release to production should include the following: code changes are reviewed by individuals other than the originating code author, and by individuals knowledgeable about code-review techniques and secure coding practices, code reviews ensure code is developed according to secure coding guidelines, appropriate corrections are implemented prior to release, code-review results are reviewed and approved by management prior to release and security vulnerabilities in custom code are commonly exploited by malicious individuals to gain access to a network and compromise cardholder data. An individual knowledgeable and experienced in code-review techniques should be involved in the review process. Code reviews should be performed by someone other than the developer of the code to allow for an independent, objective review. Automated tools or processes may also be used in lieu of manual reviews, but keep in mind that it may be difficult or even impossible for an automated tool to identify some coding issues. Correcting coding errors before the code is deployed into a production environment or released to customers prevents the code exposing the environments to potential exploit. Faulty code is also far more difficult and expensive to address after it has been deployed or released into production environments. Including a formal review and signoff by management prior to release helps to ensure that code is approved and has been developed in accordance with policies and procedures." section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_6_3_2_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_2_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_2_b.yaml index 99435e87a..91bdcf59f 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_2_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_2_b.yaml @@ -3,7 +3,3 @@ control-group: title: 3.2.b Select a sample of recent custom application changes and verify that custom application code is reviewed according to 6.3.2.a, above description: Security vulnerabilities in custom code are commonly exploited by malicious individuals to gain access to a network and compromise cardholder data. An individual knowledgeable and experienced in code-review techniques should be involved in the review process. Code reviews should be performed by someone other than the developer of the code to allow for an independent, objective review. Automated tools or processes may also be used in lieu of manual reviews, but keep in mind that it may be difficult or even impossible for an automated tool to identify some coding issues. Correcting coding errors before the code is deployed into a production environment or released to customers prevents the code exposing the environments to potential exploit. Faulty code is also far more difficult and expensive to address after it has been deployed or released into production environments. Including a formal review and signoff by management prior to release helps to ensure that code is approved and has been developed in accordance with policies and procedures. section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_a.yaml index 394ad8613..a377c9c50 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_a.yaml @@ -3,10 +3,6 @@ control-group: title: 3.a Examine written software-development processes to verify that the processes are based on industry standards and/or best practices description: Without the inclusion of security during the requirements definition, design, analysis, and testing phases of software development, security vulnerabilities can be inadvertently or maliciously introduced into the production environment. Understanding how sensitive data is handled by the application—including when stored, transmitted, and when in memory—can help identify where data needs to be protected. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_b.yaml index 671a67eda..f777b7272 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_b.yaml @@ -3,10 +3,6 @@ control-group: title: 3.b Examine written software-development processes to verify that information security is included throughout the life cycle description: Without the inclusion of security during the requirements definition, design, analysis, and testing phases of software development, security vulnerabilities can be inadvertently or maliciously introduced into the production environment. Understanding how sensitive data is handled by the application—including when stored, transmitted, and when in memory—can help identify where data needs to be protected. section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_c.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_c.yaml index 20f329eb7..5ecc91170 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_c.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_3_c.yaml @@ -3,10 +3,6 @@ control-group: title: 3.c Examine written software-development processes to verify that software applications are developed in accordance with PCI DSS description: Without the inclusion of security during the requirements definition, design, analysis, and testing phases of software development, security vulnerabilities can be inadvertently or maliciously introduced into the production environment. Understanding how sensitive data is handled by the application—including when stored, transmitted, and when in memory—can help identify where data needs to be protected. section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_5.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_5.yaml index 591bcd1a8..0a71d4ea2 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_5.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_5.yaml @@ -3,9 +3,5 @@ control-group: title: Address common coding vulnerabilities in software-development processes like train developers at least annually in up-to-date secure coding techniques etc description: "Common coding vulnerabilities in software-development processes as follows: train developers at least annually in up- to-date secure coding techniques, including how to avoid common coding vulnerabilities, develop applications based on secure coding guidelines. Note: The vulnerabilities listed at 6.5.1 through 6.5.10 were current with industry best practices when this version of PCI DSS was published. However, as industry best practices for vulnerability management are updated (for example, the OWASP Guide, SANS CWE Top 25, CERT Secure Coding, etc.), the current best practices must be used for these requirements. The application layer is high-risk and may be targeted by both internal and external threats. Requirements 6.5.1 through 6.5.10 are the minimum controls that should be in place, and organizations should incorporate the relevant secure coding practices as applicable to the particular technology in their environment. Application developers should be properly trained to identify and resolve issues related to these (and other) common coding vulnerabilities. Having staff knowledgeable of secure coding guidelines should minimize the number of security vulnerabilities introduced through poor coding practices. Training for developers may be provided in-house or by third parties and should be applicable for technology used. As industry-accepted secure coding practices change, organizational coding practices and developer training should likewise be updated to address new threats—for example, memory scraping attacks. The vulnerabilities identified in 6.5.1 through 6.5.10 provide a minimum baseline. It is up to the organization to remain up to date with vulnerability trends and incorporate appropriate measures into their secure coding practices." section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_6_5_8 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_5_8.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_5_8.yaml index ea863fc37..f05457720 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_5_8.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_5_8.yaml @@ -3,9 +3,5 @@ control-group: title: 5.8 Examine software-development policies and procedures and interview responsible personnel to verify that improper access control—such as insecure direct object references, failure to restrict URL access, and directory traversal—is addressed by coding technique description: "Directory traversal—is addressed by coding technique should include: proper authentication of users, sanitizing input, not exposing internal object references to users and user interfaces that do not permit access to unauthorized functions. A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, database record, or key, as a URL or form parameter. Attackers can manipulate those references to access other objects without authorization. Consistently enforce access control in presentation layer and business logic for all URLs. Frequently, the only way an application protects sensitive functionality is by preventing the display of links or URLs to unauthorized users. Attackers can use this weakness to access and perform unauthorized operations by accessing those URLs directly. An attacker may be able to enumerate and navigate the directory structure of a website (directory traversal) thus gaining access to unauthorized information as well as gaining further insight into the workings of the site for later exploitation. If user interfaces permit access to unauthorized functions, this access could result in unauthorized individuals gaining access to privileged credentials or cardholder data. Only authorized users should be permitted to access direct object references to sensitive resources. Limiting access to data resources will help prevent cardholder data from being presented to unauthorized resources." section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_codebuild_project_environment_privileged_mode_disabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_6.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_6.yaml index 9c231eb22..0f646e4d4 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_6.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_6_6.yaml @@ -3,10 +3,6 @@ control-group: title: For public-facing web applications, ensure that either one of the requirements are in place description: "Verify following methods is in place as follows: examine documented processes, interview personnel, and examine records of application security assessments to verify that public-facing web applications are reviewed—using either manual or automated vulnerability security assessment tools or methods—as follows: - At least annually - After any changes - By an organization that specializes in application security - That, at a minimum, all vulnerabilities in Requirement 6.5 are included in the assessment - That all vulnerabilities are corrected - That the application is re-evaluated after the corrections. Examine the system configuration settings and interview responsible personnel to verify that an automated technical solution that detects and prevents web-based attacks (for example, a web-application firewall) is in place as follows: - Is situated in front of public-facing web applications to detect and prevent web-based attacks. - Is actively running and up to date as applicable. - Is generating audit logs. - Is configured to either block web-based attacks, or generate an alert that is immediately investigated.Public-facing web applications are primary targets for attackers, and poorly coded web applications provide an easy path for attackers to gain access to sensitive data and systems. The requirement for reviewing applications or installing web-application firewalls is intended to reduce the number of compromises on public-facing web applications due to poor coding or application management practices. Manual or automated vulnerability security assessment tools or methods review and/or test the application for vulnerabilities, web-application firewalls filter and block non- essential traffic at the application layer. Used in conjunction with a network-based firewall, a properly configured web-application firewall prevents application-layer attacks if applications are improperly coded or configured. This can be achieved through a combination of technology and process. Process-based solutions must have mechanisms that facilitate timely responses to alerts in order to meet the intent of this requirement, which is to prevent attacks. Note: “An organization that specializes in application security” can be either a third-party company or an internal organization, as long as the reviewers specialize in application security and can demonstrate independence from the development team. For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods: reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least annually and after any changes Note: This assessment is not the same as the vulnerability scans performed for Requirement 11.2., Installing an automated technical solution that detects and prevents web- based attacks (for example, a web- application firewall) in front of public- facing web applications, to continually check all traffic." section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_use_waf_web_acl - aws_elb_application_lb_desync_mitigation_mode diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7.yaml index 6f2ea7b0e..56f69a55e 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7.yaml @@ -3,10 +3,6 @@ control-group: title: "Requirement 7: Restrict access to cardholder data by business need to know" description: To ensure critical data can only be accessed by authorized personnel, systems and processes must be in place to limit access based on need to know and according to job responsibilities. section-code: requirement_7 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_7_1 - id: aws_pci_dss_v321_requirement_7_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_1.yaml index 378490cbd..a62a648f6 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_1.yaml @@ -3,9 +3,5 @@ control-group: title: Limit access to system components and cardholder data to only those individuals whose job requires such access description: The more people who have access to cardholder data, the more risk there is that a user's account will be used maliciously. Limiting access to those with a legitimate business reason for the access helps an organization prevent mishandling of cardholder data through inexperience or malice. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_7_1_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_1_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_1_2.yaml index 379cfed2c..9a2f985a9 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_1_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_1_2.yaml @@ -3,9 +3,5 @@ control-group: title: 1.2 Restrict access to privileged user IDs to least privileges necessary to perform job responsibilities description: When assigning privileged IDs, it is important to assign individuals only the privileges they need to perform their job (the “least privileges”). For example, the database administrator or backup administrator should not be assigned the same privileges as the overall systems administrator. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_7_1_2_a diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_1_2_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_1_2_a.yaml index b58b30fab..ab77bc996 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_1_2_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_1_2_a.yaml @@ -3,10 +3,6 @@ control-group: title: 1.2.a Interview personnel responsible for assigning access to verify that access to privileged user IDs is assigned only to roles that specifically require such privileged access and restricted to least privileges necessary to perform job responsibilities description: When assigning privileged IDs, it is important to assign individuals only the privileges they need to perform their job (the “least privileges”). For example, the database administrator or backup administrator should not be assigned the same privileges as the overall systems administrator. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_efs_access_point_enforce_user_identity - aws_iam_all_policy_no_service_wild_card diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_2.yaml index eff8d68a3..482e8f1bb 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_2.yaml @@ -3,9 +3,5 @@ control-group: title: Examine system settings and vendor documentation to verify that an access control system(s) description: "Without a mechanism to restrict access based on user's need to know, a user may unknowingly be granted access to cardholder data. Access control systems automate the process of restricting access and assigning privileges. Additionally, a default “deny-all” setting ensures no one is granted access until and unless a rule is established specifically granting such access. Entities may have one or more access controls systems to manage user access. Note: Some access control systems are set by default to “allow-all,” thereby permitting access unless/until a rule is written to specifically deny it." section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_7_2_1 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_2_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_2_1.yaml index 237e2aca9..58e4fc428 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_2_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_7_2_1.yaml @@ -3,10 +3,6 @@ control-group: title: 2.1 Confirm that access control systems are in place on all system components description: "Without a mechanism to restrict access based on user's need to know, a user may unknowingly be granted access to cardholder data. Access control systems automate the process of restricting access and assigning privileges. Additionally, a default “deny-all” setting ensures no one is granted access until and unless a rule is established specifically granting such access. Entities may have one or more access controls systems to manage user access. Note: Some access control systems are set by default to “allow-all,” thereby permitting access unless/until a rule is written to specifically deny it." section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8.yaml index ed6203a61..2177dd33e 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8.yaml @@ -3,10 +3,6 @@ control-group: title: "Requirement 8: Identify and authenticate access to system components" description: Assigning a unique identification (ID) to each person with access ensures that each individual is uniquely accountable for their actions. When such accountability is in place, actions taken on critical data and systems are performed by, and can be traced to, known and authorized users and processes. section-code: requirement_8 - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_1 - id: aws_pci_dss_v321_requirement_8_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1.yaml index abdc24fab..cc20d873a 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1.yaml @@ -3,10 +3,6 @@ control-group: title: Define and implement policies and procedures to ensure proper user identification management for non-consumer users and administrators description: By ensuring each user is uniquely identified— instead of using one ID for several employees—an organization can maintain individual responsibility for actions and an effective audit trail per employee. This will help speed issue resolution and containment when misuse or malicious intent occurs. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_1_2 - id: aws_pci_dss_v321_requirement_8_1_4 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_2.yaml index bad3ed750..97af53fcd 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_2.yaml @@ -3,9 +3,5 @@ control-group: title: 1.2 Control addition, deletion, and modification of user IDs, credentials, and other identifier objects description: To ensure that user accounts granted access to systems are all valid and recognized users, strong processes must manage all changes to user IDs and other authentication credentials, including adding new ones and modifying or deleting existing ones. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_log_metric_filter_iam_policy diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_4.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_4.yaml index 8266f66e4..6df4e2fbd 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_4.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_4.yaml @@ -3,10 +3,6 @@ control-group: title: 1.4 Observe user accounts to verify that any inactive accounts over 90 days old are either removed or disabled description: Accounts that are not used regularly are often targets of attack since it is less likely that any changes (such as a changed password) will be noticed. As such, these accounts may be more easily exploited and used to access cardholder data. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_iam_user_unused_credentials_90 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_5.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_5.yaml index 97c3bda28..695d95192 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_5.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_5.yaml @@ -3,9 +3,5 @@ control-group: title: 1.5 Manage IDs used by third parties to access, support, or maintain system components via remote access by enabling only during the time period needed and disabled when not in use description: Allowing vendors to have 24/7 access into your network in case they need to support your systems increases the chances of unauthorized access, either from a user in the vendor's environment or from a malicious individual who finds and uses this always-available external entry point into your network. Enabling access only for the time periods needed, and disabling it as soon as it is no longer needed, helps prevent misuse of these connections. Monitoring of vendor access provides assurance that vendors are accessing only the systems necessary and only during approved time frames. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_1_5_a diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_5_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_5_a.yaml index faaaf01b8..8799ee56e 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_5_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_1_5_a.yaml @@ -3,9 +3,5 @@ control-group: title: 1.5.a Interview personnel and observe processes for managing accounts used by third parties to access, support, or maintain system components to verify that accounts used for remote access are disabled when not in use, enabled only when needed by the third party and disabled when not in use description: Allowing vendors to have 24/7 access into your network in case they need to support your systems increases the chances of unauthorized access, either from a user in the vendor's environment or from a malicious individual who finds and uses this always-available external entry point into your network. Enabling access only for the time periods needed, and disabling it as soon as it is no longer needed, helps prevent misuse of these connections. Monitoring of vendor access provides assurance that vendors are accessing only the systems necessary and only during approved time frames. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudtrail_trail_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2.yaml index 58c2f7147..88c16dff2 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2.yaml @@ -3,10 +3,6 @@ control-group: title: To verify that users are authenticated using unique ID and additional authentication (for example, a password/phrase) for access to the cardholder data environment perform the methods like examine documentation describing the authentication method(s) used etc description: "Verify users are authenticated using unique ID, perform the following: examine documentation describing the authentication method(s) used, for each type of authentication method used and for each type of system component, observe an authentication to verify authentication is functioning consistent with documented authentication method(s). These authentication methods, when used in addition to unique IDs, help protect users' IDs from being compromised, since the one attempting the compromise needs to know both the unique ID and the password (or other authentication used). Note that a digital certificate is a valid option for “something you have” as long as it is unique for a particular user. Since one of the first steps a malicious individual will take to compromise a system is to exploit weak or nonexistent passwords, it is important to implement good processes for authentication management." section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_2_1 - id: aws_pci_dss_v321_requirement_8_2_3 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1.yaml index b5825d7a5..ad87fbcbe 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1.yaml @@ -3,10 +3,6 @@ control-group: title: 2.1 Using strong cryptography, render all authentication credentials (such as passwords/phrases) unreadable during transmission and storage on all system components description: "Many network devices and applications transmit unencrypted, readable passwords across the network and/or store passwords without encryption. A malicious individual can easily intercept unencrypted passwords during transmission using a “sniffer,” or directly access unencrypted passwords in files where they are stored, and use this data to gain unauthorized access. Note: Testing Procedures 8.2.1.d and 8.2.1.e are additional procedures that only apply if the entity being assessed is a service provider." section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_2_1_a - id: aws_pci_dss_v321_requirement_8_2_1_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1_a.yaml index b946334ad..43a73eadb 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1_a.yaml @@ -3,10 +3,6 @@ control-group: title: 2.1.a Examine vendor documentation and system configuration settings to verify that passwords are protected with strong cryptography during transmission and storage description: "Many network devices and applications transmit unencrypted, readable passwords across the network and/or store passwords without encryption. A malicious individual can easily intercept unencrypted passwords during transmission using a “sniffer,” or directly access unencrypted passwords in files where they are stored, and use this data to gain unauthorized access. Note: Testing Procedures 8.2.1.d and 8.2.1.e are additional procedures that only apply if the entity being assessed is a service provider." section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_cloudfront_distribution_encryption_in_transit_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1_b.yaml index d08dc3624..ed8e58aab 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1_b.yaml @@ -3,9 +3,5 @@ control-group: title: 2.1.b For a sample of system components, examine password files to verify that passwords are unreadable during storage description: "Many network devices and applications transmit unencrypted, readable passwords across the network and/or store passwords without encryption. A malicious individual can easily intercept unencrypted passwords during transmission using a “sniffer,” or directly access unencrypted passwords in files where they are stored, and use this data to gain unauthorized access. Note: Testing Procedures 8.2.1.d and 8.2.1.e are additional procedures that only apply if the entity being assessed is a service provider." section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_secretsmanager_secret_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1_c.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1_c.yaml index a08f9a715..5a7084961 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1_c.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_1_c.yaml @@ -3,9 +3,5 @@ control-group: title: 2.1.c For a sample of system components, examine data transmissions to verify that passwords are unreadable during transmission description: "Many network devices and applications transmit unencrypted, readable passwords across the network and/or store passwords without encryption. A malicious individual can easily intercept unencrypted passwords during transmission using a “sniffer,” or directly access unencrypted passwords in files where they are stored, and use this data to gain unauthorized access. Note: Testing Procedures 8.2.1.d and 8.2.1.e are additional procedures that only apply if the entity being assessed is a service provider." section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_secretsmanager_secret_encrypted_with_kms_cmk diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_3.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_3.yaml index e34dfd188..250790780 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_3.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_3.yaml @@ -3,10 +3,6 @@ control-group: title: 2.3 Passwords/passphrases require a minimum length of at least seven characters, contain both numeric and alphabetic characters description: "The passwords/ passphrases must have complexity and strength at least equivalent to the parameters specified above. Strong passwords/passphrases are the first line of defense into a network since a malicious individual will often first try to find accounts with weak or non- existent passwords. If passwords are short or simple to guess, it is relatively easy for a malicious individual to find these weak accounts and compromise a network under the guise of a valid user ID. This requirement specifies that a minimum of seven characters and both numeric and alphabetic characters should be used for passwords/ passphrases. For cases where this minimum cannot be met due to technical limitations, entities can use “equivalent strength” to evaluate their alternative. For information on variability and equivalency of password strength (also referred to as entropy) for passwords/passphrases of different formats, refer to industry standards (e.g., the current version of NIST SP 800-63.) Note: Testing Procedure 8.2.3.b is an additional procedure that only applies if the entity being assessed is a service provider." section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_2_3_a - id: aws_pci_dss_v321_requirement_8_2_3_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_3_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_3_a.yaml index b2072178a..c24e3b4cf 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_3_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_3_a.yaml @@ -3,9 +3,5 @@ control-group: title: 2.3.a For a sample of system components, inspect system configuration settings to verify that user password/passphrase parameters are set to require at least the following strength/complexity that is require a minimum length of at least seven characters and contain both numeric and alphabetic characters description: "Strong passwords/passphrases are the first line of defense into a network since a malicious individual will often first try to find accounts with weak or non- existent passwords. If passwords are short or simple to guess, it is relatively easy for a malicious individual to find these weak accounts and compromise a network under the guise of a valid user ID. This requirement specifies that a minimum of seven characters and both numeric and alphabetic characters should be used for passwords/ passphrases. For cases where this minimum cannot be met due to technical limitations, entities can use “equivalent strength” to evaluate their alternative. For information on variability and equivalency of password strength (also referred to as entropy) for passwords/passphrases of different formats, refer to industry standards (e.g., the current version of NIST SP 800-63.) Note: Testing Procedure 8.2.3.b is an additional procedure that only applies if the entity being assessed is a service provider." section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_3_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_3_b.yaml index 4b8575422..0cae20d02 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_3_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_3_b.yaml @@ -3,9 +3,5 @@ control-group: title: 2.3.b Additional testing procedure for service provider assessments only to review internal processes and customer/user documentation to verify that non-consumer customer passwords/passphrases are required to meet at least the following strength/complexity that is require a minimum length of at least seven characters and contain both numeric and alphabetic characters description: "Strong passwords/passphrases are the first line of defense into a network since a malicious individual will often first try to find accounts with weak or non- existent passwords. If passwords are short or simple to guess, it is relatively easy for a malicious individual to find these weak accounts and compromise a network under the guise of a valid user ID. This requirement specifies that a minimum of seven characters and both numeric and alphabetic characters should be used for passwords/ passphrases. For cases where this minimum cannot be met due to technical limitations, entities can use “equivalent strength” to evaluate their alternative. For information on variability and equivalency of password strength (also referred to as entropy) for passwords/passphrases of different formats, refer to industry standards (e.g., the current version of NIST SP 800-63.) Note: Testing Procedure 8.2.3.b is an additional procedure that only applies if the entity being assessed is a service provider." section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_4.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_4.yaml index 6b99c21d2..70935a4b9 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_4.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_4.yaml @@ -3,10 +3,6 @@ control-group: title: 2.4 Change user passwords/passphrases at least once every 90 days description: "Passwords/passphrases that are valid for a long time without a change provide malicious individuals with more time to work on breaking the password/phrase. Note: Testing Procedure 8.2.4.b is an additional procedure that only applies if the entity being assessed is a service provider." section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_2_4_a - id: aws_pci_dss_v321_requirement_8_2_4_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_4_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_4_a.yaml index 290faaa6e..ed0d6e124 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_4_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_4_a.yaml @@ -3,10 +3,6 @@ control-group: title: 2.4.a For a sample of system components, inspect system configuration settings to verify that user password/passphrase parameters are set to require users to change passwords at least once every 90 days description: "Passwords/passphrases that are valid for a long time without a change provide malicious individuals with more time to work on breaking the password/phrase. Note: Testing Procedure 8.2.4.b is an additional procedure that only applies if the entity being assessed is a service provider." section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_secretsmanager_secret_last_changed_90_day diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_4_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_4_b.yaml index fd7c01818..4987f3486 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_4_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_4_b.yaml @@ -3,9 +3,5 @@ control-group: title: "2.4.b Additional testing procedure for service provider assessments only: Review internal processes and customer/user documentation to verify that non-consumer customer user passwords/passphrases are required to change periodically; and non-consumer customer users are given guidance as to when, and under what circumstances, passwords/passphrases must change" description: "Passwords/passphrases that are valid for a long time without a change provide malicious individuals with more time to work on breaking the password/phrase. Note: Testing Procedure 8.2.4.b is an additional procedure that only applies if the entity being assessed is a service provider." section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_5.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_5.yaml index e3aa09c7b..86a4f4784 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_5.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_5.yaml @@ -3,10 +3,6 @@ control-group: title: 2.5 Do not allow an individual to submit a new password/passphrase that is the same as any of the last four passwords/passphrases he or she has used description: "If password history isn't maintained, the effectiveness of changing passwords is reduced, as previous passwords can be reused over and over. Requiring that passwords cannot be reused for a period of time reduces the likelihood that passwords that have been guessed or brute-forced will be used in the future. Note: Testing Procedure 8.2.5.b is an additional procedure that only applies if the entity being assessed is a service provider." section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_2_5_a - id: aws_pci_dss_v321_requirement_8_2_5_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_5_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_5_a.yaml index 9a9e06a95..6f0f2009f 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_5_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_5_a.yaml @@ -3,9 +3,5 @@ control-group: title: 2.5.a For a sample of system components, obtain and inspect system configuration settings to verify that password parameters are set to require that new passwords/passphrases cannot be the same as the four previously used passwords/passphrases description: "If password history isn't maintained, the effectiveness of changing passwords is reduced, as previous passwords can be reused over and over. Requiring that passwords cannot be reused for a period of time reduces the likelihood that passwords that have been guessed or brute-forced will be used in the future. Note: Testing Procedure 8.2.5.b is an additional procedure that only applies if the entity being assessed is a service provider." section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_5_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_5_b.yaml index 838643b68..08d515ed8 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_5_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_2_5_b.yaml @@ -3,9 +3,5 @@ control-group: title: 2.5.b Additional testing procedure for service provider assessments only to review internal processes and customer/user documentation to verify that new non-consumer customer user passwords/passphrase cannot be the same as the previous four passwords description: "If password history isn't maintained, the effectiveness of changing passwords is reduced, as previous passwords can be reused over and over. Requiring that passwords cannot be reused for a period of time reduces the likelihood that passwords that have been guessed or brute-forced will be used in the future. Note: Testing Procedure 8.2.5.b is an additional procedure that only applies if the entity being assessed is a service provider." section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3.yaml index 5917961f9..11faf1379 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3.yaml @@ -3,10 +3,6 @@ control-group: title: Secure all individual non-console administrative access and all remote access to the CDE using multi-factor authentication description: "Note: Multi-factor authentication requires that a minimum of two of the three authentication methods (see Requirement 8.2 for descriptions of authentication methods) be used for authentication. Using one factor twice (for example, using two separate passwords) is not considered multi-factor authentication. Multi-factor authentication requires an individual to present a minimum of two separate forms of authentication (as described in Requirement 8.2), before access is granted. Multi-factor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multi-factor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk. Multi-factor authentication is not required at both the system-level and application-level for a particular system component. Multi-factor authentication can be performed either upon authentication to the particular network or to the system component. Examples of multi-factor technologies include but are not limited to remote authentication and dial-in service (RADIUS) with tokens; terminal access controller access control system (TACACS) with tokens; and other technologies that facilitate multi- factor authentication." section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_3_1 - id: aws_pci_dss_v321_requirement_8_3_2 diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_1.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_1.yaml index 555fecf19..db05bb9cb 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_1.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_1.yaml @@ -3,10 +3,6 @@ control-group: title: 3.1 Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access description: This requirement is intended to apply to all personnel with administrative access to the CDE. This requirement applies only to personnel with administrative access and only for non-console access to the CDE; it does not apply to application or system accounts performing automated functions. If the entity does not use segmentation to separate the CDE from the rest of their network, an administrator could use multi-factor authentication either when logging onto the CDE network or when logging onto a system. If the CDE is segmented from the rest of the entity’s network, an administrator would need to use multi- factor authentication when connecting to a CDE system from a non-CDE network. Multi-factor authentication can be implemented at network level or at system/application level; it does not have to be both. If the administrator uses MFA when logging into the CDE network, they do not also need to use MFA to log into a particular system or application within the CDE. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_3_1_a controls: diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_1_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_1_a.yaml index b3cde618f..b5d053dfe 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_1_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_1_a.yaml @@ -3,10 +3,6 @@ control-group: title: 3.1.a Examine network and/or system configurations, as applicable, to verify multi-factor authentication is required for all non-console administrative access into the CDE description: This requirement is intended to apply to all personnel with administrative access to the CDE. This requirement applies only to personnel with administrative access and only for non-console access to the CDE; it does not apply to application or system accounts performing automated functions. If the entity does not use segmentation to separate the CDE from the rest of their network, an administrator could use multi-factor authentication either when logging onto the CDE network or when logging onto a system. If the CDE is segmented from the rest of the entity's network, an administrator would need to use multi- factor authentication when connecting to a CDE system from a non-CDE network. Multi-factor authentication can be implemented at network level or at system/application level; it does not have to be both. If the administrator uses MFA when logging into the CDE network, they do not also need to use MFA to log into a particular system or application within the CDE. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_user_console_access_mfa_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_2.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_2.yaml index e0dec6a88..ad3e70396 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_2.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_2.yaml @@ -3,9 +3,5 @@ control-group: title: 3.2 Incorporate multi-factor authentication for all remote network access (both user and administrator, and including third-party access for support or maintenance) originating from outside the entity's network description: This requirement is intended to apply to all personnel—including general users, administrators, and vendors (for support or maintenance) with remote access to the network—where that remote access could lead to access to the CDE. If remote access is to an entity's network that has appropriate segmentation, such that remote users cannot access or impact the cardholder data environment, multi-factor authentication for remote access to that network would not be required. However, multi- factor authentication is required for any remote access to networks with access to the cardholder data environment, and is recommended for all remote access to the entity's networks. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_3_2_a diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_2_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_2_a.yaml index 475fd95c1..53539374a 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_2_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_3_2_a.yaml @@ -3,10 +3,6 @@ control-group: title: 3.2.a Examine system configurations for remote access servers and systems to verify multi-factor authentication is required for all remote access by personnel, both user and administrator, and all third-party/vendor remote access (including access to applications and system components for support or maintenance purposes) description: This requirement is intended to apply to all personnel—including general users, administrators, and vendors (for support or maintenance) with remote access to the network—where that remote access could lead to access to the CDE. If remote access is to an entity's network that has appropriate segmentation, such that remote users cannot access or impact the cardholder data environment, multi-factor authentication for remote access to that network would not be required. However, multi- factor authentication is required for any remote access to networks with access to the cardholder data environment, and is recommended for all remote access to the entity's networks. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_user_console_access_mfa_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_5.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_5.yaml index 8d03e053b..f07594262 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_5.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_5.yaml @@ -3,9 +3,5 @@ control-group: title: Do not use group, shared, or generic IDs, passwords, or other authentication methods description: Generic user IDs are disabled or removed. Shared user IDs do not exist for system administration and other critical functions. Shared and generic user IDs are not used to administer any system components. If multiple users share the same authentication credentials (for example, user account and password), it becomes impossible to trace system access and activities to an individual. This in turn prevents an entity from assigning accountability for, or having effective logging of, an individual's actions, since a given action could have been performed by anyone in the group that has knowledge of the authentication credentials. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_5_a diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_5_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_5_a.yaml index a1d55eb6b..3c0ecdfa6 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_5_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_5_a.yaml @@ -3,9 +3,5 @@ control-group: title: 5.a For a sample of system components, examine user ID lists to verify that generic user IDs are disabled or removed, shared user IDs for system administration activities and other critical functions do not exist or are shared, and generic user IDs are not used to administer any system components description: Generic user IDs are disabled or removed. Shared user IDs for system administration activities and other critical functions do not exist. Shared and generic user IDs are not used to administer any system components. If multiple users share the same authentication credentials (for example, user account and password), it becomes impossible to trace system access and activities to an individual. This in turn prevents an entity from assigning accountability for, or having effective logging of, an individual's actions, since a given action could have been performed by anyone in the group that has knowledge of the authentication credentials. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_no_access_keys diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_6.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_6.yaml index 7ca201f67..8453c4f01 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_6.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_6.yaml @@ -3,9 +3,5 @@ control-group: title: Where other authentication mechanisms are used (for example, physical or logical security tokens, smart cards, certificates, etc.), use of these mechanisms must be assigned authentication mechanisms must be assigned to an individual account and not shared among multiple accounts, physical and/or logical controls must be in place to ensure only the intended account can use that mechanism to gain access description: If user authentication mechanisms such as tokens, smart cards, and certificates can be used by multiple accounts, it may be impossible to identify the individual using the authentication mechanism. Having physical and/or logical controls (for example, a PIN, biometric data, or a password) to uniquely identify the user of the account will prevent unauthorized users from gaining access through use of a shared authentication mechanism. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_6_c diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_6_c.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_6_c.yaml index 568a710f1..f9e5f9702 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_6_c.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_6_c.yaml @@ -3,10 +3,6 @@ control-group: title: 6.c Examine system configuration settings and/or physical controls, as applicable, to verify that controls are implemented to ensure only the intended account can use that mechanism to gain access description: If user authentication mechanisms such as tokens, smart cards, and certificates can be used by multiple accounts, it may be impossible to identify the individual using the authentication mechanism. Having physical and/or logical controls (for example, a PIN, biometric data, or a password) to uniquely identify the user of the account will prevent unauthorized users from gaining access through use of a shared authentication mechanism. section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_root_user_hardware_mfa_enabled - aws_iam_user_console_access_mfa_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7.yaml index 6641a306e..eece5df18 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7.yaml @@ -3,10 +3,6 @@ control-group: title: All access to any database containing cardholder data (including access by applications, administrators, and all other users) is restricted description: "Access to any database containing cardholder data is restricted as follows: all user access to, user queries of, and user actions on databases are through programmatic methods. Only database administrators have the ability to directly access or query databases. Application IDs for database applications can only be used by the applications (and not by individual users or other non-application processes). Without user authentication for access to databases and applications, the potential for unauthorized or malicious access increases, and such access cannot be logged since the user has not been authenticated and is therefore not known to the system. Also, database access should be granted through programmatic methods only (for example, through stored procedures), rather than via direct access to the database by end users (except for DBAs, who may need direct access to the database for their administrative duties)." section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_pci_dss_v321_requirement_8_7_a - id: aws_pci_dss_v321_requirement_8_7_b diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_a.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_a.yaml index 62a1f6243..3837c64e4 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_a.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_a.yaml @@ -3,9 +3,5 @@ control-group: title: 7.a Review database and application configuration settings and verify that all users are authenticated prior to access description: Without user authentication for access to databases and applications, the potential for unauthorized or malicious access increases, and such access cannot be logged since the user has not been authenticated and is therefore not known to the system. Also, database access should be granted through programmatic methods only (for example, through stored procedures), rather than via direct access to the database by end users (except for DBAs, who may need direct access to the database for their administrative duties). section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_instance_iam_authentication_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_b.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_b.yaml index d8a657e28..a50448442 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_b.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_b.yaml @@ -3,9 +3,5 @@ control-group: title: 7.b Examine database and application configuration settings to verify that all user access to, user queries of, and user actions on (for example, move, copy, delete), the database are through programmatic methods only (for example, through stored procedures) description: Without user authentication for access to databases and applications, the potential for unauthorized or malicious access increases, and such access cannot be logged since the user has not been authenticated and is therefore not known to the system. Also, database access should be granted through programmatic methods only (for example, through stored procedures), rather than via direct access to the database by end users (except for DBAs, who may need direct access to the database for their administrative duties). section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_instance_iam_authentication_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_c.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_c.yaml index fa062bbfa..bdf06389a 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_c.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_c.yaml @@ -3,9 +3,5 @@ control-group: title: 7.c Examine database access control settings and database application configuration settings to verify that user direct access to or queries of databases are restricted to database administrators description: Without user authentication for access to databases and applications, the potential for unauthorized or malicious access increases, and such access cannot be logged since the user has not been authenticated and is therefore not known to the system. Also, database access should be granted through programmatic methods only (for example, through stored procedures), rather than via direct access to the database by end users (except for DBAs, who may need direct access to the database for their administrative duties). section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_instance_iam_authentication_enabled diff --git a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_d.yaml b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_d.yaml index 4374ee5b8..645a72274 100755 --- a/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_d.yaml +++ b/compliance/frameworks/aws/aws_pci_dss_v321/aws_pci_dss_v321_requirement_8_7_d.yaml @@ -3,9 +3,5 @@ control-group: title: 7.d Examine database access control settings, database application configuration settings, and the related application IDs to verify that application IDs can only be used by the applications (and not by individual users or other processes) description: Without user authentication for access to databases and applications, the potential for unauthorized or malicious access increases, and such access cannot be logged since the user has not been authenticated and is therefore not known to the system. Also, database access should be granted through programmatic methods only (for example, through stored procedures), rather than via direct access to the database by end users (except for DBAs, who may need direct access to the database for their administrative duties). section-code: d - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_rds_db_instance_iam_authentication_enabled diff --git a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_12.yaml b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_12.yaml index 9ab899e09..73338d9ee 100755 --- a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_12.yaml +++ b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_12.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_dynamodb_table_in_backup_plan - aws_dynamodb_table_point_in_time_recovery_enabled diff --git a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_1_1.yaml b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_1_1.yaml index 1e30aca6c..22129ca0d 100755 --- a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_1_1.yaml +++ b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_1_1.yaml @@ -16,9 +16,5 @@ control-group: - AWS/EC2 type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed diff --git a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_1_3.yaml b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_1_3.yaml index 5df7caf66..d670990a9 100755 --- a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_1_3.yaml +++ b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_1_3.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_apigateway_rest_api_stage_use_ssl_certificate diff --git a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_5_1.yaml b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_5_1.yaml index bfbd32a83..4c64b47a1 100755 --- a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_5_1.yaml +++ b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_5_1.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_use_waf_web_acl - aws_elb_application_lb_waf_enabled diff --git a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_6.yaml b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_6.yaml index aa74db134..a2b4e42f5 100755 --- a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_6.yaml +++ b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_6.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_finding_archived - aws_rds_db_instance_automatic_minor_version_upgrade_enabled diff --git a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_1.yaml b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_1.yaml index a527b59b6..43335d459 100755 --- a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_1.yaml +++ b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_1.yaml @@ -16,10 +16,6 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_all_policy_no_service_wild_card - aws_iam_group_user_role_no_inline_policies diff --git a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_2.yaml b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_2.yaml index eb7bc9813..5a58f0ec9 100755 --- a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_2.yaml +++ b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_2.yaml @@ -16,9 +16,5 @@ control-group: - AWS/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 diff --git a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_3.yaml b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_3.yaml index e8bc3780a..fe1dcb05e 100755 --- a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_3.yaml +++ b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_3.yaml @@ -16,9 +16,5 @@ control-group: - AWS/VPC type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_vpc_security_group_restrict_ingress_ssh_all diff --git a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_4.yaml b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_4.yaml index 3c83797b2..67eea4479 100755 --- a/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_4.yaml +++ b/compliance/frameworks/aws/aws_rbi_cyber_security/aws_rbi_cyber_security_annex_i_7_4.yaml @@ -16,10 +16,6 @@ control-group: - AWS type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3.yaml index d9cb3cff5..6f17bd415 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3.yaml @@ -3,10 +3,6 @@ control-group: title: Information Security description: "Information is an asset to all NBFCs and Information Security (IS) refers to the protection of these assets in order to achieve organizational goals. The purpose of IS is to control access to sensitive information, ensuring use only by legitimate users so that data cannot be read or compromised without proper authorization. NBFCs must have a board approved IS Policy with the following basic tenets: a. Confidentiality - Ensuring access to sensitive data to authorized users only, b. Integrity - Ensuring accuracy and reliability of information by ensuring that there is no modification without authorization, c. Availability - Ensuring that uninterrupted data is available to users when it is needed, d. Authenticity - For IS it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine." section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_rbi_itf_nbfc_3_1 - id: aws_rbi_itf_nbfc_3_3 diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1.yaml index 3b0eea7d4..2828d6c3e 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1.yaml @@ -3,10 +3,6 @@ control-group: title: Information Security Policy description: "The IS Policy must provide for a IS framework with the following basic tenets: a. Identification and Classification of Information Assets, b. Segregation of functions, c. Role based Access Control, d. Personnel Security, e. Physical Security, f. Maker-checker, g. Incident Management, h. Trails, i. Public Key Infrastructure (PKI)." section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_rbi_itf_nbfc_3_1_a - id: aws_rbi_itf_nbfc_3_1_c diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_a.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_a.yaml index 57ec12250..00ccd02af 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_a.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_a.yaml @@ -3,10 +3,6 @@ control-group: title: 1.a Identification and Classification of Information Assets description: NBFCs shall maintain detailed inventory of Information Asset with distinct and clear identification of the asset. section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ebs_volume_unused - aws_ec2_instance_ssm_managed diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_c.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_c.yaml index 1f5ffa2d3..7fa95c21b 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_c.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_c.yaml @@ -3,10 +3,6 @@ control-group: title: 1.c Role based Access Control description: Access to information should be based on well-defined user roles (system administrator, user manager, application owner etc.), NBFCs shall avoid dependence on one or few persons for a particular job. There should be clear delegation of authority for right to upgrade/change user profiles and permissions and also key business parameters (eg. interest rates) which should be documented. section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_iam_profile_attached - aws_efs_access_point_enforce_root_directory diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_g.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_g.yaml index 44cc92193..2fc1b2831 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_g.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_g.yaml @@ -3,10 +3,6 @@ control-group: title: 1.g Incident Management description: The IS Policy should define what constitutes an incident. NBFCs shall develop and implement processes for preventing, detecting, analysing and responding to information security incidents. section-code: g - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_elb_application_lb_waf_enabled - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_h.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_h.yaml index dd69f9b46..bc8e6776f 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_h.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_h.yaml @@ -3,10 +3,6 @@ control-group: title: 1.h Trails description: NBFCs shall ensure that audit trails exist for IT assets satisfying its business requirements including regulatory and legal requirements, facilitating audit, serving as forensic evidence when required and assisting in dispute resolution. If an employee, for instance, attempts to access an unauthorized section, this improper activity should be recorded in the audit trail. section-code: h - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_i.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_i.yaml index d2b4f7b98..2c723f827 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_i.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_1_i.yaml @@ -3,10 +3,6 @@ control-group: title: 1.i Public Key Infrastructure (PKI) description: NBFCs may increase the usage of PKI to ensure confidentiality of data, access control, data integrity, authentication and nonrepudiation. section-code: i - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_acm_certificate_expires_30_days - aws_apigateway_rest_api_stage_use_ssl_certificate diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_3.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_3.yaml index ee77a72f7..2a4e739fa 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_3.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_3.yaml @@ -3,10 +3,6 @@ control-group: title: Vulnerability Management description: A vulnerability can be defined as an inherent configuration flaw in an organization's information technology base, whether hardware or software, which can be exploited by a third party to gather sensitive information regarding the organization. Vulnerability management is an ongoing process to determine the process of eliminating or mitigating vulnerabilities based upon the risk and cost associated with the vulnerabilities. NBFCs may devise a strategy for managing and eliminating vulnerabilities and such strategy may clearly be communicated in the Cyber Security policy. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_5.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_5.yaml index 9962df6d1..36121ffd0 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_5.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_3_5.yaml @@ -3,10 +3,6 @@ control-group: title: Cyber Crisis Management Plan description: "A Cyber Crisis Management Plan (CCMP) should be immediately evolved and should be a part of the overall Board approved strategy. CCMP should address the following four aspects: (i) Detection (ii) Response (iii) Recovery and (iv) Containment. NBFCs need to take effective measures to prevent cyber-attacks and to promptly detect any cyber-intrusions so as to respond / recover / contain the fall out. NBFCs are expected to be well prepared to face emerging cyber-threats such as ‘zero-day’ attacks, remote access threats, and targeted attacks. Among other things, NBFCs should take necessary preventive and corrective measures in addressing various types of cyber threats including, but not limited to, denial of service, distributed denial of services (DDoS), ransom-ware / crypto ware, destructive malware, business email frauds including spam, email phishing, spear phishing, whaling, vishing frauds, drive-by downloads, browser gateway fraud, ghost administrator exploits, identity frauds, memory update frauds, password related frauds, etc." section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_ec2_instance_ssm_managed - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4.yaml index b4fcf2bde..f2fbc0132 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4.yaml @@ -3,9 +3,5 @@ control-group: title: IT Operations description: IT Operations should support processing and storage of information, such that the required information is available in a timely, reliable, secure and resilient manner. The Board or Senior Management should take into consideration the risk associated with existing and planned IT operations and the risk tolerance and then establish and monitor policies for risk management. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_rbi_itf_nbfc_4_4 diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4.yaml index 5d499635e..85f81d1a4 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4.yaml @@ -3,10 +3,6 @@ control-group: title: Management Information System (MIS) description: NBFCs may put in place MIS that assist the Top Management as well as the business heads in decision making and also to maintain an oversight over operations of various business verticals. With robust IT systems in place, NBFCs may have the following as part of an effective system generated MIS (indicative list). section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_rbi_itf_nbfc_4_4_g - id: aws_rbi_itf_nbfc_4_4_h diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4_g.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4_g.yaml index 2526de4f3..e9750feb7 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4_g.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4_g.yaml @@ -3,9 +3,5 @@ control-group: title: 4.g Fraud analysis description: Suspicious transaction analysis, embezzlement, theft or suspected money-laundering, misappropriation of assets, manipulation of financial records etc. The regulatory requirement of reporting fraud to RBI should be system driven. section-code: g - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4_h.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4_h.yaml index a9628b90b..b17e19d05 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4_h.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4_h.yaml @@ -3,10 +3,6 @@ control-group: title: 4.h Capacity and performance analysis description: Capacity and performance analysis of IT security systems. section-code: h - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_dynamodb_table_auto_scaling_enabled diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4_i.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4_i.yaml index f57ef1336..a79f437ed 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4_i.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_4_4_i.yaml @@ -3,10 +3,6 @@ control-group: title: 4.i Incident reporting description: Incident reporting, their impact and steps taken for non-recurrence of such events in the future. section-code: i - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_guardduty_enabled - aws_guardduty_finding_archived diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_6.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_6.yaml index b08a098d4..b7bbee9ae 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_6.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_6.yaml @@ -3,9 +3,5 @@ control-group: title: Business Continuity Planning (BCP) and Disaster Recovery description: BCP forms a significant part of an organisation's overall Business Continuity Management plan, which includes policies, standards and procedures to ensure continuity, resumption and recovery of critical business processes. BCP shall be designed to minimise the operational, financial, legal, reputational and other material consequences arising from a disaster. NBFC should adopt a Board approved BCP Policy. The functioning of BCP shall be monitored by the Board by way of periodic reports. The CIO shall be responsible for formulation, review and monitoring of BCP to ensure continued effectiveness. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_rbi_itf_nbfc_6_3 diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_6_3.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_6_3.yaml index e3cda649b..fe0f22b58 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_6_3.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_6_3.yaml @@ -3,10 +3,6 @@ control-group: title: Backup and Recovery description: NBFCs shall consider the need to put in place necessary backup sites for their critical business systems and Data centers. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_min_retention_35_days diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8.yaml index 1ca9b24dc..b13894660 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8.yaml @@ -3,10 +3,6 @@ control-group: title: Recommendations for NBFCs with asset size below ₹ 500 crore description: It is recommended that smaller NBFCs may start with developing basic IT systems mainly for maintaining the database. NBFCs having asset size below ₹ 500 crore shall have a Board approved Information Technology policy/Information system policy. section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: aws_rbi_itf_nbfc_8_1 - id: aws_rbi_itf_nbfc_8_I diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_1.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_1.yaml index 391c14f3a..2cd4b6984 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_1.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_1.yaml @@ -3,10 +3,6 @@ control-group: title: IT Systems description: IT Systems should be progressively scaled up as the size and complexity of NBFC's operations increases. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_group_with_lb_use_health_check - aws_dynamodb_table_auto_scaling_enabled diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_I.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_I.yaml index e97a55fc6..dcbd314e6 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_I.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_I.yaml @@ -3,10 +3,6 @@ control-group: title: I Basic Security Aspects description: Basic security aspects such as physical/ logical access controls and well defined password policy. section-code: I - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_dms_replication_instance_not_publicly_accessible diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_II.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_II.yaml index 4eb4c9da5..0aeb4a093 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_II.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_II.yaml @@ -3,10 +3,6 @@ control-group: title: II User Role description: A well-defined user role. section-code: II - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_iam_group_not_empty diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_III.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_III.yaml index 91756912c..3f76e5912 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_III.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_III.yaml @@ -3,9 +3,5 @@ control-group: title: III Maker-Checker Concept description: A Maker-checker concept to reduce the risk of error and misuse and to ensure reliability of data/information. section-code: III - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_s3_bucket_versioning_enabled diff --git a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_IX.yaml b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_IX.yaml index 48385060d..9a3503454 100755 --- a/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_IX.yaml +++ b/compliance/frameworks/aws/aws_rbi_itf_nbfc/aws_rbi_itf_nbfc_8_IX.yaml @@ -3,10 +3,6 @@ control-group: title: IX Backup and Recovery description: Arrangement for backup of data with periodic testing. section-code: IX - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_manual_deletion_disabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_activedirectory.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_activedirectory.yaml index fa35133d8..841317107 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_activedirectory.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_activedirectory.yaml @@ -3,10 +3,6 @@ control-group: title: Active Directory description: This section contains recommendations for configuring Active Directory resources. section-code: activedirectory - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_ad_guest_user_reviewed_monthly - azure_iam_conditional_access_mfa_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_apimanagement.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_apimanagement.yaml index 8af2ab5ca..952e28f98 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_apimanagement.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_apimanagement.yaml @@ -3,10 +3,6 @@ control-group: title: API Management description: This section contains recommendations for configuring API Management resources. section-code: apimanagement - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_apimanagement_service_client_certificate_enabled - azure_apimanagement_service_with_virtual_network diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_appconfiguration.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_appconfiguration.yaml index cf8b4ab0f..4e27583c3 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_appconfiguration.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_appconfiguration.yaml @@ -3,10 +3,6 @@ control-group: title: App Configuration description: This section contains recommendations for configuring App Configuration resources. section-code: appconfiguration - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_app_configuration_encryption_enabled - azure_app_configuration_private_link_used diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_appservice.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_appservice.yaml index aebcc6610..5fc842721 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_appservice.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_appservice.yaml @@ -3,10 +3,6 @@ control-group: title: App Service description: This section contains recommendations for configuring App Service resources. section-code: appservice - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_app_service_environment_internal_encryption_enabled - azure_appservice_api_app_client_certificates_on diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_automation.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_automation.yaml index 6b6504e1c..7fd6c8cb2 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_automation.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_automation.yaml @@ -3,9 +3,5 @@ control-group: title: Automation description: This section contains recommendations for configuring Automation resources. section-code: automation - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_automation_account_variable_encryption_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_batch.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_batch.yaml index abc8e0c68..627ce09a7 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_batch.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_batch.yaml @@ -3,10 +3,6 @@ control-group: title: Batch description: This section contains recommendations for configuring Batch resources. section-code: batch - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_batch_account_encrypted_with_cmk - azure_batch_account_identity_provider_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_cognitivesearch.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_cognitivesearch.yaml index a0ac64404..4e7fd2dd9 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_cognitivesearch.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_cognitivesearch.yaml @@ -3,10 +3,6 @@ control-group: title: Cognitive Search description: This section contains recommendations for configuring Cognitive Search resources. section-code: cognitivesearch - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_search_service_logging_enabled - azure_search_service_public_network_access_disabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_cognitiveservice.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_cognitiveservice.yaml index 3baa1289e..2c807c5c6 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_cognitiveservice.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_cognitiveservice.yaml @@ -3,10 +3,6 @@ control-group: title: Cognitive Services description: This section contains recommendations for configuring Cognitive Services resources. section-code: cognitiveservice - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cognitive_account_encrypted_with_cmk - azure_cognitive_account_private_link_used diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_compute.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_compute.yaml index d9dc6f408..f5d67a3fe 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_compute.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_compute.yaml @@ -3,10 +3,6 @@ control-group: title: Compute description: This section contains recommendations for configuring Compute resources. section-code: compute - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_arc_compute_machine_linux_log_analytics_agent_installed - azure_arc_compute_machine_windows_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_containerinstance.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_containerinstance.yaml index eab621339..66588bf90 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_containerinstance.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_containerinstance.yaml @@ -3,10 +3,6 @@ control-group: title: Container Instance description: This section contains recommendations for configuring Container Instance resources. section-code: containerinstance - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_container_instance_container_group_encrypted_using_cmk - azure_container_instance_container_group_identity_provider_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_containerregistry.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_containerregistry.yaml index 61722cd59..18afc7022 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_containerregistry.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_containerregistry.yaml @@ -3,10 +3,6 @@ control-group: title: Container Registry description: This section contains recommendations for configuring Container Registry resources. section-code: containerregistry - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_container_registry_admin_user_disabled - azure_container_registry_encrypted_with_cmk diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_cosmosdb.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_cosmosdb.yaml index 6cb3ca9da..86b29ef12 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_cosmosdb.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_cosmosdb.yaml @@ -3,10 +3,6 @@ control-group: title: Cosmos DB description: This section contains recommendations for configuring CosmosDB resources. section-code: cosmosdb - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cosmosdb_account_encryption_at_rest_using_cmk - azure_cosmosdb_account_key_based_metadata_write_access_disabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_databoxedge.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_databoxedge.yaml index 6900da7ca..7db72d7d4 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_databoxedge.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_databoxedge.yaml @@ -3,9 +3,5 @@ control-group: title: Data Box description: This section contains recommendations for configuring Data Box resources. section-code: databoxedge - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_databox_edge_device_double_encryption_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_datafactory.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_datafactory.yaml index 5f153b7ca..0b324de3b 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_datafactory.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_datafactory.yaml @@ -3,10 +3,6 @@ control-group: title: Data Factory description: This section contains recommendations for configuring Data Factory resources. section-code: datafactory - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_data_factory_encrypted_with_cmk - azure_data_factory_public_network_access_disabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_datalakeanalytics.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_datalakeanalytics.yaml index 264cfc41f..e0a659402 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_datalakeanalytics.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_datalakeanalytics.yaml @@ -3,9 +3,5 @@ control-group: title: Data Lake Analytics description: This section contains recommendations for configuring Data Lake Analytics resources. section-code: datalakeanalytics - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_datalake_analytics_account_logging_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_datalakestore.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_datalakestore.yaml index a09411441..68a1ca6a6 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_datalakestore.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_datalakestore.yaml @@ -3,10 +3,6 @@ control-group: title: Data Lake Storage description: This section contains recommendations for configuring Data Lake Storage resources. section-code: datalakestore - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_datalake_store_account_encryption_enabled - azure_datalake_store_account_logging_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_eventgrid.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_eventgrid.yaml index 575daa929..3407db825 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_eventgrid.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_eventgrid.yaml @@ -3,10 +3,6 @@ control-group: title: Event Grid description: This section contains recommendations for configuring Event Grid resources. section-code: eventgrid - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_eventgrid_domain_identity_provider_enabled - azure_eventgrid_domain_private_link_used diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_eventhub.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_eventhub.yaml index 59237ab10..6699bc61e 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_eventhub.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_eventhub.yaml @@ -3,10 +3,6 @@ control-group: title: Event Hub description: This section contains recommendations for configuring Event Hub resources. section-code: eventhub - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_eventhub_namespace_cmk_encryption_enabled - azure_eventhub_namespace_logging_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_frontdoor.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_frontdoor.yaml index b4178ef69..a356a3b30 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_frontdoor.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_frontdoor.yaml @@ -3,9 +3,5 @@ control-group: title: Front Door description: This section contains recommendations for configuring Front Door resources. section-code: frontdoor - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_frontdoor_waf_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_hdinsight.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_hdinsight.yaml index 6b29845ed..96ea758fd 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_hdinsight.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_hdinsight.yaml @@ -3,10 +3,6 @@ control-group: title: HDInsight description: This section contains recommendations for configuring HDInsight resources. section-code: hdinsight - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_hdinsight_cluster_encrypted_at_rest_with_cmk - azure_hdinsight_cluster_encryption_at_host_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_healthcare.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_healthcare.yaml index 1262b778b..e0c267b99 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_healthcare.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_healthcare.yaml @@ -3,10 +3,6 @@ control-group: title: HealthcareAPIs description: This section contains recommendations for configuring HealthcareAPIs resources. section-code: healthcare - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_healthcare_fhir_azure_api_encrypted_at_rest_with_cmk - azure_healthcare_fhir_uses_private_link diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_hpccache.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_hpccache.yaml index 067c48453..1390cdc08 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_hpccache.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_hpccache.yaml @@ -3,9 +3,5 @@ control-group: title: HPC Cache description: This section contains recommendations for configuring HPC Cache resources. section-code: hpccache - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_hpc_cache_encrypted_with_cmk diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_iothub.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_iothub.yaml index 2d4ba50dd..424efcc4f 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_iothub.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_iothub.yaml @@ -3,9 +3,5 @@ control-group: title: IoT Hub description: This section contains recommendations for configuring IoT Hub resources. section-code: iothub - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iot_hub_logging_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_keyvault.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_keyvault.yaml index 3179b20f1..a4fa0918b 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_keyvault.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_keyvault.yaml @@ -3,10 +3,6 @@ control-group: title: Key Vault description: This section contains recommendations for configuring Key Vault resources. section-code: keyvault - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_keyvault_firewall_enabled - azure_keyvault_key_expiration_set diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_kubernetes.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_kubernetes.yaml index 843737991..1846a5532 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_kubernetes.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_kubernetes.yaml @@ -3,10 +3,6 @@ control-group: title: Kubernetes Service description: This section contains recommendations for configuring Kubernetes Service resources. section-code: kubernetes - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_kubernetes_cluster_add_on_azure_policy_enabled - azure_kubernetes_cluster_addon_azure_policy_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_kusto.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_kusto.yaml index e80228401..2888d7193 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_kusto.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_kusto.yaml @@ -3,10 +3,6 @@ control-group: title: Data Explorer description: This section contains recommendations for configuring Data Explorer resources. section-code: kusto - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_kusto_cluster_disk_encryption_enabled - azure_kusto_cluster_double_encryption_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_logic.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_logic.yaml index 3ab53bd7c..3f9454615 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_logic.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_logic.yaml @@ -3,9 +3,5 @@ control-group: title: Logic description: This section contains recommendations for configuring Logic resources. section-code: logic - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_logic_app_workflow_logging_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_machinelearning.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_machinelearning.yaml index 8b8004653..3bb7d1250 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_machinelearning.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_machinelearning.yaml @@ -3,9 +3,5 @@ control-group: title: Machine Learning description: This section contains recommendations for configuring Machine Learning resources. section-code: machinelearning - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_machine_learning_workspace_encrypted_with_cmk diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_mariadb.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_mariadb.yaml index f247667c7..3d01dfcbe 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_mariadb.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_mariadb.yaml @@ -3,10 +3,6 @@ control-group: title: MariaDB description: This section contains recommendations for configuring MariaDB resources. section-code: mariadb - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mariadb_server_geo_redundant_backup_enabled - azure_mariadb_server_public_network_access_disabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_monitor.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_monitor.yaml index 7b7dc51c3..ebbe1be54 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_monitor.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_monitor.yaml @@ -3,10 +3,6 @@ control-group: title: Monitor description: This section contains recommendations for configuring Monitor resources. section-code: monitor - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_application_insights_block_log_ingestion_and_querying_from_public - azure_log_analytics_workspace_block_log_ingestion_and_querying_from_public diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_mysql.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_mysql.yaml index 628857f0a..732f3f567 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_mysql.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_mysql.yaml @@ -3,10 +3,6 @@ control-group: title: MySQL description: This section contains recommendations for configuring MySQL resources. section-code: mysql - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mssql_managed_instance_encryption_at_rest_using_cmk - azure_mssql_managed_instance_vulnerability_assessment_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_network.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_network.yaml index cc20f557b..659c2e393 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_network.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_network.yaml @@ -3,10 +3,6 @@ control-group: title: Network description: This section contains recommendations for configuring Network resources. section-code: network - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_application_gateway_waf_enabled - azure_application_gateway_waf_uses_specified_mode diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_postgres.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_postgres.yaml index 37284ecee..3eecba3d7 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_postgres.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_postgres.yaml @@ -3,10 +3,6 @@ control-group: title: PostgreSQL description: This section contains recommendations for configuring PostgreSQL resources. section-code: postgres - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_postgres_db_server_allow_access_to_azure_services_disabled - azure_postgres_db_server_connection_throttling_on diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_recoveryservice.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_recoveryservice.yaml index ed9b19cce..1759ceb9e 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_recoveryservice.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_recoveryservice.yaml @@ -3,10 +3,6 @@ control-group: title: Recovery Service description: This section contains recommendations for configuring Recovery Service resources. section-code: recoveryservice - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_recovery_service_vault_uses_managed_identity - azure_recovery_service_vault_uses_private_link diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_redis.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_redis.yaml index a42757c6c..f9f72c06a 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_redis.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_redis.yaml @@ -3,10 +3,6 @@ control-group: title: Redis description: This section contains recommendations for configuring Redis resources. section-code: redis - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_redis_cache_ssl_enabled - azure_redis_cache_uses_private_link diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_securitycenter.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_securitycenter.yaml index 7e013c11a..af56f3199 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_securitycenter.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_securitycenter.yaml @@ -3,10 +3,6 @@ control-group: title: Security Center description: This section contains recommendations for configuring Security Center resources. section-code: securitycenter - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_additional_email_configured - azure_securitycenter_asc_default_setting_not_disabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_servicebus.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_servicebus.yaml index ed7c8641b..e4d6c768d 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_servicebus.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_servicebus.yaml @@ -3,10 +3,6 @@ control-group: title: Service Bus description: This section contains recommendations for configuring Service Bus resources. section-code: servicebus - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_servicebus_name_space_private_link_used - azure_servicebus_namespace_logging_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_servicefabric.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_servicefabric.yaml index c814c443c..81f2b326e 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_servicefabric.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_servicefabric.yaml @@ -3,10 +3,6 @@ control-group: title: Service Fabric description: This section contains recommendations for configuring Service Fabric resources. section-code: servicefabric - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_servicefabric_cluster_active_directory_authentication_enabled - azure_servicefabric_cluster_protection_level_as_encrypt_and_sign diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_signalr.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_signalr.yaml index 7c658fda7..3bc7327ac 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_signalr.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_signalr.yaml @@ -3,10 +3,6 @@ control-group: title: SignalR Service description: This section contains recommendations for configuring SignalR Service resources. section-code: signalr - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_signalr_service_no_free_tier_sku - azure_signalr_service_private_link_used diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_springcloud.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_springcloud.yaml index aed7a4c03..40aefb0a6 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_springcloud.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_springcloud.yaml @@ -3,9 +3,5 @@ control-group: title: Spring Cloud description: This section contains recommendations for configuring Spring Cloud resources. section-code: springcloud - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_spring_cloud_service_network_injection_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_sql.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_sql.yaml index 96363095e..904b69e10 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_sql.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_sql.yaml @@ -3,10 +3,6 @@ control-group: title: SQL description: This section contains recommendations for configuring SQL resources. section-code: sql - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_sql_database_allow_internet_access - azure_sql_database_long_term_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_storage.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_storage.yaml index 25311f996..31b3d6fed 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_storage.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_storage.yaml @@ -3,10 +3,6 @@ control-group: title: Storage description: This section contains recommendations for configuring Storage resources. section-code: storage - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_storage_account_blob_containers_public_access_private - azure_storage_account_blob_service_logging_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_storagesync.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_storagesync.yaml index b592bb69c..ae6e71fbb 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_storagesync.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_storagesync.yaml @@ -3,9 +3,5 @@ control-group: title: File Sync description: This section contains recommendations for configuring FileSync resources. section-code: storagesync - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_storage_sync_private_link_used diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_streamanalytics.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_streamanalytics.yaml index b946b4df1..3cacd5c56 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_streamanalytics.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_streamanalytics.yaml @@ -3,9 +3,5 @@ control-group: title: Stream Analytics description: This section contains recommendations for configuring Stream Analytics resources. section-code: streamanalytics - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_stream_analytics_job_logging_enabled diff --git a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_synapse.yaml b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_synapse.yaml index 922488f26..5f87bc803 100755 --- a/compliance/frameworks/azure/azure_all_controls/azure_all_controls_synapse.yaml +++ b/compliance/frameworks/azure/azure_all_controls/azure_all_controls_synapse.yaml @@ -3,10 +3,6 @@ control-group: title: Synapse Analytics description: This section contains recommendations for configuring Synapse Analytics resources. section-code: synapse - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_synapse_workspace_data_exfiltration_protection_enabled - azure_synapse_workspace_encryption_at_rest_using_cmk diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_1.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_1.yaml index c02c16707..e4f83813f 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v130_1_1 - azure_cis_v130_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_2.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_2.yaml index f2f468edf..2e4d44a15 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_2.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v130_2_1 - azure_cis_v130_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_3.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_3.yaml index e4777eb85..18f7735ae 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_3.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Storage type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v130_3_1 - azure_cis_v130_3_2 diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4.yaml index 9be50932d..eb2beaf26 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v130_4_1 - id: azure_cis_v130_4_2 diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4_1.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4_1.yaml index 62729cc78..820d6b484 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4_1.yaml @@ -18,9 +18,5 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v130_4_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4_2.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4_2.yaml index 2bc903440..e369d4d44 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4_2.yaml @@ -18,7 +18,3 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4_3.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4_3.yaml index b6f6c4be5..addd58b94 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_4_3.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v130_4_3_1 - azure_cis_v130_4_3_2 diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_5.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_5.yaml index a4f28dc77..05721e40a 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_5.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_5.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v130_5_1 - id: azure_cis_v130_5_2 diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_5_1.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_5_1.yaml index 00f8e2377..bc7d62b64 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_5_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_5_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v130_5_1_1 - azure_cis_v130_5_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_5_2.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_5_2.yaml index f395e1301..d380704b7 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_5_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_5_2.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Monitor type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v130_5_2_1 - azure_cis_v130_5_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_6.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_6.yaml index 40448d4d1..ba9752014 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_6.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_6.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Network type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v130_6_1 - azure_cis_v130_6_2 diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_7.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_7.yaml index ee88d44e4..161da5311 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_7.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_7.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v130_7_1 - azure_cis_v130_7_2 diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_8.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_8.yaml index 73f31ce0d..6173a8af8 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_8.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_8.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v130_8_1 - azure_cis_v130_8_2 diff --git a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_9.yaml b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_9.yaml index 6f3674e57..3aa772c46 100755 --- a/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_9.yaml +++ b/compliance/frameworks/azure/azure_cis_v130/azure_cis_v130_9.yaml @@ -18,10 +18,6 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v130_9_1 - azure_cis_v130_9_2 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_1.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_1.yaml index b4efe7f29..3f9e5d501 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v140_1_1 - azure_cis_v140_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_2.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_2.yaml index 774d0ecb2..bed9a990e 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_2.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v140_2_1 - azure_cis_v140_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_3.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_3.yaml index 91a4b1ec9..f9398b03d 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_3.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Storage type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v140_3_1 - azure_cis_v140_3_2 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4.yaml index 966c0afc6..55b593f53 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v140_4_1 - id: azure_cis_v140_4_2 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_1.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_1.yaml index 29cf8d4c7..f178708a3 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_1.yaml @@ -18,9 +18,5 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v140_4_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_2.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_2.yaml index ff6e2dbea..0a3475ea8 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_2.yaml @@ -18,7 +18,3 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_3.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_3.yaml index 793d6b95e..70582e761 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_3.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v140_4_3_1 - azure_cis_v140_4_3_7 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_4.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_4.yaml index 02f0979b5..65705e837 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_4.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_4_4.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v140_4_4_1 - azure_cis_v140_4_4_2 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_5.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_5.yaml index f1e52f6d9..984b499d3 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_5.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_5.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v140_5_1 - id: azure_cis_v140_5_2 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_5_1.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_5_1.yaml index e249fde82..20d12c7f9 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_5_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_5_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v140_5_1_1 - azure_cis_v140_5_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_5_2.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_5_2.yaml index 03138d3d6..fa5a2c67f 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_5_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_5_2.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Monitor type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v140_5_2_1 - azure_cis_v140_5_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_6.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_6.yaml index 29df6b4b4..000acc277 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_6.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_6.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Network type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v140_6_1 - azure_cis_v140_6_2 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_7.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_7.yaml index fc7e9d38a..a91ef86d0 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_7.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_7.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v140_7_1 - azure_cis_v140_7_2 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_8.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_8.yaml index 1ea9360d8..2eba4e852 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_8.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_8.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v140_8_1 - azure_cis_v140_8_2 diff --git a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_9.yaml b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_9.yaml index 95dcbd996..502ef1ef7 100755 --- a/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_9.yaml +++ b/compliance/frameworks/azure/azure_cis_v140/azure_cis_v140_9.yaml @@ -18,10 +18,6 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v140_9_1 - azure_cis_v140_9_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_1.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_1.yaml index ad6402fa8..051d3866e 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v150_1_1 - id: azure_cis_v150_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_10.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_10.yaml index 4403e09b7..d28628139 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_10.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_10.yaml @@ -18,9 +18,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_10_1 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_1_1.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_1_1.yaml index 2789deab3..b3d9b2ee9 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_1_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_1_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_1_1_1 - azure_cis_v150_1_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_1_2.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_1_2.yaml index 35fc1e62d..092e1edf8 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_1_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_1_2.yaml @@ -18,10 +18,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_1_2_1 - azure_cis_v150_1_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2.yaml index 966626e79..a6a4e1b27 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v150_2_1 - id: azure_cis_v150_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_1.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_1.yaml index dd541e6b3..c5e44c5f6 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_2_1_1 - azure_cis_v150_2_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_2.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_2.yaml index 9846ba6b1..d49ac73e9 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_2.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_2_2_1 - azure_cis_v150_2_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_3.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_3.yaml index 122e3116c..4c3788df0 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_3.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_2_3_1 - azure_cis_v150_2_3_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_4.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_4.yaml index eadee7235..95f935b64 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_4.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_2_4.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_2_4_1 - azure_cis_v150_2_4_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_3.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_3.yaml index 8bf50660b..b7504894c 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_3.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Storage type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_3_1 - azure_cis_v150_3_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4.yaml index 9199f2c39..b3b0c2a73 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v150_4_1 - id: azure_cis_v150_4_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_1.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_1.yaml index 54ba0baeb..e998c301e 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_4_1_2 - azure_cis_v150_4_1_4 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_2.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_2.yaml index 88b5901e4..2ff48f7f7 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_2.yaml @@ -18,7 +18,3 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_3.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_3.yaml index 85abe4851..ff5c16bb1 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_3.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_4_3_1 - azure_cis_v150_4_3_7 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_4.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_4.yaml index e1e3daf8c..dd37b94ac 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_4.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_4.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_4_4_1 - azure_cis_v150_4_4_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_5.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_5.yaml index a1edccf56..00246bdfd 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_5.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_4_5.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_4_5_1 - azure_cis_v150_4_5_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_5.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_5.yaml index 17612a950..40260b9d9 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_5.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_5.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v150_5_1 - id: azure_cis_v150_5_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_5_1.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_5_1.yaml index 46e614bb2..ded11697e 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_5_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_5_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_5_1_1 - azure_cis_v150_5_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_5_2.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_5_2.yaml index 6d0f983dc..03b32a465 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_5_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_5_2.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Monitor type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_5_2_1 - azure_cis_v150_5_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_6.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_6.yaml index 353601324..5a8db085f 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_6.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_6.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Network type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_6_1 - azure_cis_v150_6_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_7.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_7.yaml index b2cca51b3..cf3410462 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_7.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_7.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_7_1 - azure_cis_v150_7_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_8.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_8.yaml index 6a14badb1..c16cef95c 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_8.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_8.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_8_1 - azure_cis_v150_8_2 diff --git a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_9.yaml b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_9.yaml index 03ab0765e..5bacd2b55 100755 --- a/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_9.yaml +++ b/compliance/frameworks/azure/azure_cis_v150/azure_cis_v150_9.yaml @@ -18,10 +18,6 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v150_9_1 - azure_cis_v150_9_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_1.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_1.yaml index 97edd24e7..4cb4b718b 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v200_1_1 - id: azure_cis_v200_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_10.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_10.yaml index c0f98a97f..499eef0e7 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_10.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_10.yaml @@ -18,9 +18,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_10_1 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_1_1.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_1_1.yaml index 13e174dc6..fb9e1ff54 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_1_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_1_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_1_1_1 - azure_cis_v200_1_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_1_2.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_1_2.yaml index 946257a6f..098300780 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_1_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_1_2.yaml @@ -18,10 +18,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_1_2_1 - azure_cis_v200_1_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2.yaml index 9230b1153..55abcc986 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v200_2_1 - id: azure_cis_v200_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2_1.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2_1.yaml index 678fc34ed..c3869ba06 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_2_1_1 - azure_cis_v200_2_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2_2.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2_2.yaml index 3cbf506d0..ff8b43560 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2_2.yaml @@ -18,9 +18,5 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_2_2_1 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2_3.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2_3.yaml index 1f35076c5..3de051ac2 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_2_3.yaml @@ -18,7 +18,3 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_3.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_3.yaml index f393e61a2..eb0f55a62 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_3.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Storage type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_3_1 - azure_cis_v200_3_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4.yaml index 23e19d4fe..b3df4bc4b 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v200_4_1 - id: azure_cis_v200_4_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_1.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_1.yaml index ea863c46d..790d7a5e2 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_4_1_2 - azure_cis_v200_4_1_4 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_2.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_2.yaml index 5df7077bb..e4ae6c35a 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_2.yaml @@ -18,7 +18,3 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_3.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_3.yaml index c73631e8e..ea7e8f4bc 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_3.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_4_3_1 - azure_cis_v200_4_3_5 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_4.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_4.yaml index 0697e88c4..9fed51b45 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_4.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_4.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_4_4_1 - azure_cis_v200_4_4_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_5.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_5.yaml index de9c0f205..99392b534 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_5.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_4_5.yaml @@ -18,10 +18,6 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_4_5_1 - azure_cis_v200_4_5_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5.yaml index 501e78834..3e835147d 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v200_5_1 - id: azure_cis_v200_5_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_1.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_1.yaml index e1ba682c0..37ca5f3b2 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_1.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_5_1_1 - azure_cis_v200_5_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_2.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_2.yaml index 43fc9926a..80ab423ca 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_2.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Monitor type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_5_2_1 - azure_cis_v200_5_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_3.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_3.yaml index 41241b8ca..35284a5ff 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_3.yaml @@ -18,9 +18,5 @@ control-group: - Azure/Monitor type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_5_3_1 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_5.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_5.yaml index 9478f23b6..fe8a6b754 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_5.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_5_5.yaml @@ -22,10 +22,6 @@ control-group: - azure service: - Azure/Monitor - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_network_lb_no_basic_sku - azure_network_public_ip_no_basic_sku diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_6.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_6.yaml index 8de34e422..7d42c7d3a 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_6.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_6.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Network type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_6_1 - azure_cis_v200_6_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_7.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_7.yaml index 7a93282f2..c7438283f 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_7.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_7.yaml @@ -18,10 +18,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_7_1 - azure_cis_v200_7_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_8.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_8.yaml index 3d5e3f5dd..974149535 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_8.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_8.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_8_1 - azure_cis_v200_8_2 diff --git a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_9.yaml b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_9.yaml index 6657c8d91..91b8fcc3e 100755 --- a/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_9.yaml +++ b/compliance/frameworks/azure/azure_cis_v200/azure_cis_v200_9.yaml @@ -18,10 +18,6 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v200_9_1 - azure_cis_v200_9_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_1.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_1.yaml index ecbfb0c14..c9323863f 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_1.yaml @@ -3,10 +3,6 @@ control-group: title: Identity and Access Management description: Identity and Access Management section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v210_1_1 - id: azure_cis_v210_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_10.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_10.yaml index c278d7f1d..0c85367eb 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_10.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_10.yaml @@ -3,9 +3,5 @@ control-group: title: Miscellaneous description: Miscellaneous section-code: "10" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_10_1 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_1_1.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_1_1.yaml index 2c5536eca..16cbf4142 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_1_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_1_1.yaml @@ -3,10 +3,6 @@ control-group: title: Security Defaults description: Security Defaults section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_1_1_1 - azure_cis_v210_1_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_1_2.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_1_2.yaml index 2df9b1b45..bd6070081 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_1_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_1_2.yaml @@ -3,10 +3,6 @@ control-group: title: Conditional Access description: Conditional Access section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_1_2_1 - azure_cis_v210_1_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_2.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_2.yaml index 8344244da..02b6fd5fc 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_2.yaml @@ -3,10 +3,6 @@ control-group: title: Microsoft Defender description: Microsoft Defender section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v210_2_1 - id: azure_cis_v210_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_2_1.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_2_1.yaml index 0a034f832..9ce0949e8 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_2_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_2_1.yaml @@ -3,10 +3,6 @@ control-group: title: Microsoft Defender for Cloud description: Microsoft Defender for Cloud section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_2_1_1 - azure_cis_v210_2_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_2_2.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_2_2.yaml index 0a3b78324..13e8a5dd2 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_2_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_2_2.yaml @@ -3,9 +3,5 @@ control-group: title: Microsoft Defender for IoT description: Microsoft Defender for IoT section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_2_2_1 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_3.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_3.yaml index 4c007c1e5..dbf5ddd4f 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_3.yaml @@ -3,10 +3,6 @@ control-group: title: Storage Accounts description: Storage Accounts section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_3_1 - azure_cis_v210_3_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4.yaml index 19830eb41..284bf4ac2 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4.yaml @@ -3,10 +3,6 @@ control-group: title: Database Services description: Database Services section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v210_4_1 - id: azure_cis_v210_4_3 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_1.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_1.yaml index c45c8ea76..5bd2e53d1 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_1.yaml @@ -3,10 +3,6 @@ control-group: title: SQL Server - Auditing description: SQL Server - Auditing section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_4_1_2 - azure_cis_v210_4_1_4 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_3.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_3.yaml index c00f74d89..5e772f221 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_3.yaml @@ -3,10 +3,6 @@ control-group: title: PostgreSQL Database Server description: PostgreSQL Database Server section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_4_3_1 - azure_cis_v210_4_3_7 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_4.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_4.yaml index e97915dcb..386e06208 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_4.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_4.yaml @@ -3,10 +3,6 @@ control-group: title: MySQL Database description: MySQL Database section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_4_4_1 - azure_cis_v210_4_4_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_5.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_5.yaml index 31b74dcdb..aed46d439 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_5.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_4_5.yaml @@ -3,10 +3,6 @@ control-group: title: Cosmos DB description: Cosmos DB section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_4_5_1 - azure_cis_v210_4_5_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5.yaml index 430654b6d..443f0f397 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5.yaml @@ -3,10 +3,6 @@ control-group: title: Logging and Monitoring description: Logging and Monitoring section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v210_5_1 - id: azure_cis_v210_5_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_1.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_1.yaml index c0e3c3586..a088e84fc 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_1.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_1.yaml @@ -3,10 +3,6 @@ control-group: title: Configuring Diagnostic Settings description: Configuring Diagnostic Settings section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_5_1_1 - azure_cis_v210_5_1_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_2.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_2.yaml index 34ba66205..c1991138a 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_2.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_2.yaml @@ -3,10 +3,6 @@ control-group: title: Monitoring using Activity Log Alerts description: Monitoring using Activity Log Alerts section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_5_2_1 - azure_cis_v210_5_2_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_3.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_3.yaml index cd7a630dd..4edeec7a2 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_3.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_3.yaml @@ -3,9 +3,5 @@ control-group: title: Configuring Application Insights description: Configuring Application Insights section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_5_3_1 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_5.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_5.yaml index 491873699..62cdd375f 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_5.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_5_5.yaml @@ -3,10 +3,6 @@ control-group: title: Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads) description: The use of Basic or Free SKUs in Azure whilst cost effective have significant limitations in terms of what can be monitored and what support can be realized from Microsoft. Typically, these SKU's do not have a service SLA and Microsoft will usually refuse to provide support for them. Consequently Basic/Free SKUs should never be used for production workloads. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_network_lb_no_basic_sku - azure_network_public_ip_no_basic_sku diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_6.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_6.yaml index 6f6a58124..4a9832fc4 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_6.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_6.yaml @@ -3,10 +3,6 @@ control-group: title: Networking description: Networking section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_6_1 - azure_cis_v210_6_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_7.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_7.yaml index b24b18726..78f01145f 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_7.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_7.yaml @@ -3,10 +3,6 @@ control-group: title: Virtual Machines description: Virtual Machines section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_7_1 - azure_cis_v210_7_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_8.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_8.yaml index a6556f723..943e896a9 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_8.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_8.yaml @@ -3,10 +3,6 @@ control-group: title: Key Vault description: Key Vault section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_8_1 - azure_cis_v210_8_2 diff --git a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_9.yaml b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_9.yaml index 9ca7519e4..961014891 100755 --- a/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_9.yaml +++ b/compliance/frameworks/azure/azure_cis_v210/azure_cis_v210_9.yaml @@ -3,10 +3,6 @@ control-group: title: AppService description: AppService section-code: "9" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cis_v210_9_1 - azure_cis_v210_9_2 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac.yaml index 9ea302203..87d06eb3c 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac.yaml @@ -3,10 +3,6 @@ control-group: title: Access Control (AC) description: Access control policies and procedures are established and implemented to ensure that access to systems and data is restricted to authorized users, processes, or devices, and to prevent unauthorized access. section-code: ac - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_ac_2 - id: azure_fedramp_high_ac_3 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_17.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_17.yaml index a733cad68..581af752b 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_17.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_17.yaml @@ -3,10 +3,6 @@ control-group: title: Remote Access (AC-17) description: Authorize remote access systems prior to connection. Enforce remote connection requirements to information systems. section-code: "17" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_ac_17_1 controls: diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_17_1.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_17_1.yaml index 6e1b3fbb5..e52ffc8ad 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_17_1.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_17_1.yaml @@ -3,10 +3,6 @@ control-group: title: AC-17(1) Automated Monitoring / Control description: Employ automated mechanisms to monitor and control remote access methods. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_app_configuration_private_link_used - azure_appservice_api_app_remote_debugging_disabled diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2.yaml index ad0873a7f..cb5321311 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2.yaml @@ -3,10 +3,6 @@ control-group: title: Account Management (AC-2) description: Manage system accounts, group memberships, privileges, workflow, notifications, deactivations, and authorizations. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_ac_2_1 - id: azure_fedramp_high_ac_2_12 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2_1.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2_1.yaml index fc8981085..7aaf03b7b 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2_1.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2_1.yaml @@ -3,10 +3,6 @@ control-group: title: AC-2(1) Automated System Account Management description: "Support the management of system accounts using [Assignment: organization-defined automated mechanisms]." section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_servicefabric_cluster_active_directory_authentication_enabled - azure_sql_server_azure_ad_authentication_enabled diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2_12.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2_12.yaml index 0081a879b..812d968c0 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2_12.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2_12.yaml @@ -3,10 +3,6 @@ control-group: title: AC-2(12) Account Monitoring description: Monitors and reports atypical usage of information system accounts to organization-defined personnel or roles. section-code: "12" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_jit_access_protected - azure_securitycenter_azure_defender_on_for_appservice diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2_7.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2_7.yaml index 4553598fc..8234f4a19 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2_7.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_2_7.yaml @@ -3,10 +3,6 @@ control-group: title: AC-2(7) Role-Based Schemes description: "The organization: Establishes and administers privileged user accounts in accordance with a role-based access scheme that organizes allowed information system access and privileges into roles; Monitors privileged role assignments; and Takes [Assignment: organization-defined actions] when privileged role assignments are no longer appropriate." section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_no_custom_role - azure_sql_server_azure_ad_authentication_enabled diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_3.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_3.yaml index 7ac60209c..3046feefe 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_3.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_3.yaml @@ -3,10 +3,6 @@ control-group: title: Access Enforcement (AC-3) description: Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_uses_managed_identity - azure_appservice_web_app_uses_managed_identity diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_4.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_4.yaml index 9818c07bb..ecee18f28 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_4.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_4.yaml @@ -3,10 +3,6 @@ control-group: title: Information Flow Enforcement (AC-4) description: "Enforce approved authorizations for controlling the flow of information within the system and between connected systems based on [Assignment: organization-defined information flow control policies]." section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_apimanagement_service_with_virtual_network - azure_app_configuration_private_link_used diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_5.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_5.yaml index 01fc249eb..689e8cbdc 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_5.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_5.yaml @@ -3,9 +3,5 @@ control-group: title: Separation Of Duties (AC-5) description: Separate duties of individuals to prevent malevolent activity. automate separation of duties and access authorizations. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_subscription_owner_more_than_1 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_6.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_6.yaml index 85579a289..ed33160fa 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_6.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_6.yaml @@ -3,10 +3,6 @@ control-group: title: Least Privilege (AC-6) description: Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_ac_6_7 controls: diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_6_7.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_6_7.yaml index e33f333bc..2aac5bb8d 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_6_7.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ac_6_7.yaml @@ -3,10 +3,6 @@ control-group: title: AC-6(7) Review Of User Privileges description: Centralize access control for all enterprise assets through a directory service or SSO provider, where supported. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_no_custom_role - azure_iam_subscription_owner_max_3 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au.yaml index 3d553b3da..fe9acf98a 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au.yaml @@ -3,10 +3,6 @@ control-group: title: Audit And Accountability (AU) description: The FedRAMP High baseline requires that audit logs are generated and reviewed for security-relevant events. This benchmark verifies that audit logs are generated and reviewed for security-relevant events. section-code: au - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_au_6 - id: azure_fedramp_high_au_12 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_12.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_12.yaml index f06e5157e..0d0156b9c 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_12.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_12.yaml @@ -3,10 +3,6 @@ control-group: title: Audit Generation (AU-12) description: Audit events defined in AU-2. Allow trusted personnel to select which events to audit. Generate audit records for events. section-code: "12" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_au_12_1 controls: diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_12_1.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_12_1.yaml index 23048840e..1db52fd19 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_12_1.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_12_1.yaml @@ -3,10 +3,6 @@ control-group: title: AU-12(1) System-Wide / Time-Correlated Audit Trail description: "Compile audit records from [Assignment: organization-defined system components] into a system-wide (logical or physical) audit trail that is time-correlated to within [Assignment: organization-defined level of tolerance for the relationship between time stamps of individual records in the audit trail]." section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_diagnostic_logs_enabled - azure_arc_compute_machine_linux_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_6.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_6.yaml index 56df7256a..f3a716a98 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_6.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_6.yaml @@ -3,10 +3,6 @@ control-group: title: Audit Record Review, Analysis And Reporting (AU-6) description: Integrate audit review, analysis, and reporting with processes for investigation and response to suspicious activities. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_au_6_4 - id: azure_fedramp_high_au_6_5 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_6_4.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_6_4.yaml index 07a12fb94..33293eae9 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_6_4.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_6_4.yaml @@ -3,10 +3,6 @@ control-group: title: AU-6(4) Central Review And Analysis description: Provide and implement the capability to centrally review and analyze audit records from multiple components within the system. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_diagnostic_logs_enabled - azure_arc_compute_machine_linux_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_6_5.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_6_5.yaml index 227e435eb..5fea01a44 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_6_5.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_au_6_5.yaml @@ -3,10 +3,6 @@ control-group: title: AU-6(5) Integration / Scanning And Monitoring Capabilities description: "Integrate analysis of audit records with analysis of [Selection (one or more): vulnerability scanning information; performance data; system monitoring information; [Assignment: organization-defined data/information collected from other sources]] to further enhance the ability to identify inappropriate or unusual activity." section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_diagnostic_logs_enabled - azure_arc_compute_machine_linux_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cm.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cm.yaml index 1f0326085..fe8f9f6c7 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cm.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cm.yaml @@ -3,10 +3,6 @@ control-group: title: Configuration Management (CM) description: "The organization: (i) defines and documents configuration settings for information technology products employed within the information system; (ii) implements the configuration settings; (iii) identifies, documents, and approves any deviations from established configuration settings; and (iv) monitors and controls changes to the configuration settings." section-code: cm - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_cm_6 - id: azure_fedramp_high_cm_7 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cm_6.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cm_6.yaml index e8b1c4eaa..812e665a5 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cm_6.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cm_6.yaml @@ -3,10 +3,6 @@ control-group: title: Configuration Settings (CM-6) description: "The organization: (i) establishes mandatory configuration settings for information technology products employed within the information system; (ii) configures the security settings of information technology products to the most restrictive mode consistent with operational requirements; (iii) documents the configuration settings; and (iv) enforces the configuration settings in all components of the information system." section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_client_certificates_on - azure_appservice_api_app_cors_no_star diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cm_7.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cm_7.yaml index 9f0128d68..d9aa2b06b 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cm_7.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cm_7.yaml @@ -3,9 +3,5 @@ control-group: title: Least Functionality (CM-7) description: The organization configures the information system to provide only essential capabilities and prohibits or restricts the use of the functions, ports, protocols, and/or services. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_azure_defender_on_for_server diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp.yaml index 7e01b24b6..93c24ee54 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp.yaml @@ -3,10 +3,6 @@ control-group: title: Contingency Planning (CP) description: Thecp control family includes controls specific to an organization's contingency plan if a cybersecurity event should occur. This includes controls like contingency plan testing, updating, training, and backups, and system reconstitution. section-code: cp - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_cp_6 - id: azure_fedramp_high_cp_7 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_6.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_6.yaml index 09c74ace9..85cde31bf 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_6.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_6.yaml @@ -3,10 +3,6 @@ control-group: title: Alternate Storage Sites (CP-6) description: a. Establish an alternate storage site, including necessary agreements to permit the storage and retrieval of system backup information; and b. Ensure that the alternate storage site provides controls equivalent to that of the primary site. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_cp_6_1 controls: diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_6_1.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_6_1.yaml index bde70094b..a496789aa 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_6_1.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_6_1.yaml @@ -3,10 +3,6 @@ control-group: title: CP-6(1) Separation From Primary Site description: Identify an alternate storage site that is sufficiently separated from the primary storage site to reduce susceptibility to the same threats. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mariadb_server_geo_redundant_backup_enabled - azure_mysql_db_server_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_7.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_7.yaml index e3d0b1c10..a1827c064 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_7.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_7.yaml @@ -3,9 +3,5 @@ control-group: title: Alternate Processing Site (CP-7) description: Alternate Processing Site (CP-7) section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_disaster_recovery_enabled diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_9.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_9.yaml index 83cc1ecfe..4e98f5732 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_9.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_cp_9.yaml @@ -3,10 +3,6 @@ control-group: title: System Backup (CP-9) description: "a. Conduct backups of user-level information contained in [Assignment: organization-defined system components] [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; b. Conduct backups of system-level information contained in the system [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; c. Conduct backups of system documentation, including security- and privacy-related documentation [Assignment: organization-defined frequency consistent with recovery time and recovery point objectives]; and d. Protect the confidentiality, integrity, and availability of backup information." section-code: "9" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_keyvault_purge_protection_enabled - azure_keyvault_soft_delete_enabled diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia.yaml index 52e29f434..5939b92e0 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia.yaml @@ -3,10 +3,6 @@ control-group: title: Identification and Authentication (IA) description: IA controls are specific to the identification and authentication policies in an organization. This includes the identification and authentication of organizational and non-organizational users and how the management of those systems. section-code: ia - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_ia_2 - id: azure_fedramp_high_ia_4 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_2.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_2.yaml index 5fa27f4fb..2591af431 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_2.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_2.yaml @@ -3,10 +3,6 @@ control-group: title: Identification and Authentication (Organizational users) (IA-2) description: The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users). section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_uses_managed_identity - azure_appservice_web_app_uses_managed_identity diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_4.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_4.yaml index 26dd80b5e..1d7066f18 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_4.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_4.yaml @@ -3,10 +3,6 @@ control-group: title: Identifier Management (IA-4) description: Manage information system identifiers for users and devices. Automate authorizing and disabling users to prevent misuse. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_uses_managed_identity - azure_appservice_web_app_uses_managed_identity diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_5.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_5.yaml index 9247a4f22..ecce962ff 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_5.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_5.yaml @@ -3,10 +3,6 @@ control-group: title: Authenticator Management (IA-5) description: Authenticate users and devices. Automate administrative control. Enforce restrictions. Protect against unauthorized use. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_ia_5_1 controls: diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_5_1.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_5_1.yaml index d81e2a547..335318b63 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_5_1.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ia_5_1.yaml @@ -3,10 +3,6 @@ control-group: title: IA-5(1) Password-Based Authentication description: The information system, for password-based authentication that enforces minimum password complexity, stores and transmits only cryptographically-protected passwords, enforces password minimum and maximum lifetime restrictions, prohibits password reuse, allows the use of a temporary password for system logons with an immediate change to a permanent password etc. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_guest_configuration_installed_linux - azure_compute_vm_guest_configuration_installed_windows diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ir.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ir.yaml index cf23179d6..6e903415e 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ir.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ir.yaml @@ -3,10 +3,6 @@ control-group: title: Incident Response (IR) description: IR controls are specific to an organization's incident response policies and procedures. This includes incident response training, testing, monitoring, reporting, and response plan. section-code: ir - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_ir_4 - id: azure_fedramp_high_ir_5 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ir_4.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ir_4.yaml index fdbfa968f..df167a224 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ir_4.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ir_4.yaml @@ -3,10 +3,6 @@ control-group: title: Incident Handling (IR-4) description: a. Implement an incident handling capability for incidents that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery;b. Coordinate incident handling activities with contingency planning activities; c. Incorporate lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implement the resulting changes accordingly; and d. Ensure the rigor, intensity, scope, and results of incident handling activities are comparable and predictable across the organization. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_azure_defender_on_for_appservice - azure_securitycenter_azure_defender_on_for_containers diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ir_5.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ir_5.yaml index f0a4e364e..16fa674e6 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ir_5.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ir_5.yaml @@ -3,10 +3,6 @@ control-group: title: Incident Monitoring (IR-5) description: "Track incidents and collect and analyze incident information using [Assignment: organization-defined automated mechanisms]." section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_azure_defender_on_for_appservice - azure_securitycenter_azure_defender_on_for_containers diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ra.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ra.yaml index 16d1e6563..4d640bf01 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ra.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ra.yaml @@ -3,9 +3,5 @@ control-group: title: Risk Assessment (RA) description: The RA control family relates to an organization's risk assessment policies and vulnerability scanning capabilities. Using an integrated risk management solution like CyberStrong can help streamline and automate your NIST 800 53 compliance efforts. section-code: ra - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_ra_5 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ra_5.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ra_5.yaml index 50cea0da2..8ea497150 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ra_5.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_ra_5.yaml @@ -3,10 +3,6 @@ control-group: title: Vulnerability Scanning (RA-5) description: Scan for system vulnerabilities. Share vulnerability information and security controls that eliminate vulnerabilities. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_vulnerability_assessment_solution_enabled - azure_mssql_managed_instance_vulnerability_assessment_enabled diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc.yaml index f28cf65f2..4abd19cee 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc.yaml @@ -3,10 +3,6 @@ control-group: title: System and Communications Protection (SC) description: The SC control family is responsible for systems and communications protection procedures. This includes boundary protection, protection of information at rest, collaborative computing devices, cryptographic protection, denial of service protection, and many others. section-code: sc - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_sc_3 - id: azure_fedramp_high_sc_5 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_12.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_12.yaml index b62aac814..6987044cd 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_12.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_12.yaml @@ -3,10 +3,6 @@ control-group: title: Cryptographic Key Establishment And Management (SC-12) description: "The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]." section-code: "12" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_batch_account_encrypted_with_cmk - azure_cognitive_account_encrypted_with_cmk diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_28.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_28.yaml index ebb613f23..ba71bd8a3 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_28.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_28.yaml @@ -3,10 +3,6 @@ control-group: title: Protection Of Information At Rest (SC-28) description: "The information system protects the [Selection (one or more): confidentiality; integrity] of [Assignment: organization-defined information at rest]." section-code: "28" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_sc_28_1 controls: diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_28_1.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_28_1.yaml index 65bd4da95..5dedc107a 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_28_1.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_28_1.yaml @@ -3,10 +3,6 @@ control-group: title: SC-28(1) Cryptographic Protection description: "Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on [Assignment: organization-defined system components or media]: [Assignment: organization-defined information]." section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_app_service_environment_internal_encryption_enabled - azure_automation_account_variable_encryption_enabled diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_3.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_3.yaml index 3c9fa4c70..b809dca02 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_3.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_3.yaml @@ -3,10 +3,6 @@ control-group: title: Security Function Isolation (SC-3) description: Isolate security functions from nonsecurity functions. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_windows_defender_exploit_guard_enabled - azure_securitycenter_azure_defender_on_for_server diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_5.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_5.yaml index f70e7eadd..0a4127fc0 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_5.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_5.yaml @@ -3,10 +3,6 @@ control-group: title: Denial Of Service Protection (SC-5) description: "The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or references to sources for such information] by employing [Assignment: organization-defined security safeguards]." section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_application_gateway_waf_enabled - azure_frontdoor_waf_enabled diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_7.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_7.yaml index 9f5ec4353..4849070b7 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_7.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_7.yaml @@ -3,10 +3,6 @@ control-group: title: Boundary Protection (SC-7) description: "The information system: a. Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system; b. Implements subnetworks for publicly accessible system components that are [Selection: physically; logically] separated from internal organizational networks; and c. Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture." section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_sc_7_3 controls: diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_7_3.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_7_3.yaml index c3310b6b1..f94b52d99 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_7_3.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_7_3.yaml @@ -3,10 +3,6 @@ control-group: title: SC-7(3) Access Points description: The organization limits the number of external network connections to the information system. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_apimanagement_service_with_virtual_network - azure_app_configuration_private_link_used diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_8.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_8.yaml index 527f71443..682691044 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_8.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_8.yaml @@ -3,10 +3,6 @@ control-group: title: Transmission Confidentiality And Integrity (SC-8) description: "The information system protects the [Selection (one or more): confidentiality; integrity] of transmitted information." section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_sc_8_1 controls: diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_8_1.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_8_1.yaml index 03ffa2be8..7473546b6 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_8_1.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_sc_8_1.yaml @@ -3,10 +3,6 @@ control-group: title: SC-8(1) Cryptographic Or Alternate Physical Protection description: "The information system implements cryptographic mechanisms to [Selection (one or more): prevent unauthorized disclosure of information; detect changes to information] during transmission unless otherwise protected by [Assignment: organization-defined alternative physical safeguards]." section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_ftps_enabled - azure_appservice_api_app_latest_tls_version diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si.yaml index 4905bd805..18bb022fe 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si.yaml @@ -3,10 +3,6 @@ control-group: title: System and Information Integrity (SI) description: The SI control family correlates to controls that protect system and information integrity. These include flaw remediation, malicious code protection, information system monitoring, security alerts, software and firmware integrity, and spam protection. section-code: si - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_si_2 - id: azure_fedramp_high_si_3 diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_16.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_16.yaml index 66907d03a..cb9e6d606 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_16.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_16.yaml @@ -3,10 +3,6 @@ control-group: title: Memory Protection (SI-16) description: "Implement the following controls to protect the system memory from unauthorized code execution: [Assignment: organization-defined controls]." section-code: "16" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_windows_defender_exploit_guard_enabled - azure_securitycenter_azure_defender_on_for_server diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_2.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_2.yaml index d07a3662d..b01b0876a 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_2.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_2.yaml @@ -3,10 +3,6 @@ control-group: title: Flaw Remediation (SI-2) description: "The organization: a.Identifies, reports, and corrects information system flaws; b.Tests software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; c.Installs security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates; and d.Incorporates flaw remediation into the organizational configuration management process." section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_latest_http_version - azure_appservice_web_app_latest_http_version diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_3.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_3.yaml index 837e73e6e..a8b96dcbc 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_3.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_3.yaml @@ -3,10 +3,6 @@ control-group: title: Malicious Code Protection (SI-3) description: "Implement [Assignment (one or more): signature based, non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy and procedures;" section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_fedramp_high_si_3_1 controls: diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_3_1.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_3_1.yaml index a7865b3a7..ff6e32156 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_3_1.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_3_1.yaml @@ -3,10 +3,6 @@ control-group: title: SI-3(1) Central Management description: SI-3(1) Central Management section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_windows_defender_exploit_guard_enabled - azure_securitycenter_azure_defender_on_for_server diff --git a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_4.yaml b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_4.yaml index 8cc0f5672..db2da98f1 100755 --- a/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_4.yaml +++ b/compliance/frameworks/azure/azure_fedramp_high/azure_fedramp_high_si_4.yaml @@ -3,10 +3,6 @@ control-group: title: Information System Monitoring (SI-4) description: "The organization: a.Monitors the information system to detect: 1. Attacks and indicators of potential attacks in accordance with [Assignment: organization-defined monitoring objectives]; and 2.Unauthorized local, network, and remote connections; b. Identifies unauthorized use of the information system through [Assignment: organization-defined techniques and methods]; c. Deploys monitoring devices: 1. Strategically within the information system to collect organization-determined essential information; and 2. At ad hoc locations within the system to track specific types of transactions of interest to the organization; d. Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; e. Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information; f. Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and g. Provides [Assignment: organization-defined information system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]]." section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_arc_compute_machine_linux_log_analytics_agent_installed - azure_arc_compute_machine_windows_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0201_09j1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0201_09j1organizational.yaml index 8947d765c..e93d554d7 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0201_09j1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0201_09j1organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_adaptive_application_controls_enabled - azure_compute_vm_endpoint_protection_agent_installed diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0301_09o1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0301_09o1organizational.yaml index 3701f12d9..cd68c792a 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0301_09o1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0301_09o1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_sql_database_transparent_data_encryption_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0302_09o2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0302_09o2organizational.yaml index 200c0a74a..bc1ed47e2 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0302_09o2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0302_09o2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_temp_disks_cache_and_data_flows_encrypted diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0304_09o3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0304_09o3organizational.yaml index b3dc8c278..d2ec68c19 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0304_09o3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0304_09o3organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_datalake_store_account_encryption_enabled - azure_mssql_managed_instance_encryption_at_rest_using_cmk diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0605_10h1system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0605_10h1system.yaml index 47a7ccc61..53d6cd4f2 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0605_10h1system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0605_10h1system.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_meet_security_option_audit_requirement_windows - azure_compute_vm_meet_system_audit_policies_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0606_10h2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0606_10h2system.yaml index 87dbdaf4f..f4ec895c7 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0606_10h2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0606_10h2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_container_security_configurations_vulnerabilities_remediated diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0607_10h2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0607_10h2system.yaml index 06f2ee05c..833c191df 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0607_10h2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0607_10h2system.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_adaptive_application_controls_enabled - azure_compute_vm_scale_set_security_configuration_vulnerabilities_remediated diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0635_10k1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0635_10k1organizational.yaml index 22b6756f8..7c703a643 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0635_10k1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0635_10k1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_meet_system_audit_policies_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0636_10k2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0636_10k2organizational.yaml index d42346ae0..5bceb4216 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0636_10k2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0636_10k2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_meet_system_audit_policies_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0637_10k2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0637_10k2organizational.yaml index 2a3993152..094153f5b 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0637_10k2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0637_10k2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_meet_system_audit_policies_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0638_10k2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0638_10k2organizational.yaml index 43c8873ef..3d6cf2d29 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0638_10k2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0638_10k2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_meet_system_audit_policies_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0639_10k2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0639_10k2organizational.yaml index 1eedaba4c..e69295a7d 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0639_10k2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0639_10k2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_meet_system_audit_policies_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0640_10k2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0640_10k2organizational.yaml index 21417aebc..58c5c4049 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0640_10k2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0640_10k2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_meet_system_audit_policies_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0641_10k2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0641_10k2organizational.yaml index 2f8aa9986..aa7127860 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0641_10k2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0641_10k2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_meet_system_audit_policies_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0642_10k3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0642_10k3organizational.yaml index 6bd4ed86c..7366768a9 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0642_10k3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0642_10k3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_meet_system_audit_policies_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0643_10k3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0643_10k3organizational.yaml index 37a4c8a61..b702392a7 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0643_10k3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0643_10k3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_meet_system_audit_policies_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0644_10k3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0644_10k3organizational.yaml index 0b4520f5b..902a02ee8 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0644_10k3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0644_10k3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_meet_system_audit_policies_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0662_09scsporganizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0662_09scsporganizational.yaml index 86242ef8d..e95432f09 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0662_09scsporganizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0662_09scsporganizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_client_certificates_on diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0709_10m1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0709_10m1organizational.yaml index 073368008..1fd8c7e46 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0709_10m1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0709_10m1organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_container_security_configurations_vulnerabilities_remediated - azure_compute_vm_scale_set_security_configuration_vulnerabilities_remediated diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0710_10m2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0710_10m2organizational.yaml index da6c9f2aa..9c2c0580b 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0710_10m2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0710_10m2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/MySQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mssql_managed_instance_vulnerability_assessment_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0711_10m2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0711_10m2organizational.yaml index d08e86104..96ab144f9 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0711_10m2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0711_10m2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_vulnerability_assessment_solution_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0713_10m2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0713_10m2organizational.yaml index 132268cf8..d1ed85545 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0713_10m2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0713_10m2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_security_configuration_vulnerabilities_remediated diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0714_10m2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0714_10m2organizational.yaml index 534f8064d..fa9917c06 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0714_10m2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0714_10m2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_scale_set_security_configuration_vulnerabilities_remediated diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0715_10m2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0715_10m2organizational.yaml index 80f7302da..491724d64 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0715_10m2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0715_10m2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_container_security_configurations_vulnerabilities_remediated diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0716_10m3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0716_10m3organizational.yaml index d974fa3b4..9536155da 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0716_10m3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0716_10m3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_sql_database_vulnerability_findings_resolved diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0717_10m3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0717_10m3organizational.yaml index e310e0c1b..13f4f64c6 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0717_10m3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0717_10m3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_scale_set_security_configuration_vulnerabilities_remediated diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0718_10m3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0718_10m3organizational.yaml index 48e565601..0093efbe5 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0718_10m3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0718_10m3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_security_configuration_vulnerabilities_remediated diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0719_10m3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0719_10m3organizational.yaml index 23c1819b1..ef61bb171 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0719_10m3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0719_10m3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/MySQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mssql_managed_instance_vulnerability_assessment_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0805_01m1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0805_01m1organizational.yaml index adc13a258..aaee070ff 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0805_01m1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0805_01m1organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_use_virtual_service_endpoint - azure_compute_vm_attached_with_network diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0806_01m2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0806_01m2organizational.yaml index 966360edb..3f78a0859 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0806_01m2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0806_01m2organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_use_virtual_service_endpoint - azure_compute_vm_attached_with_network diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0809_01n2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0809_01n2organizational.yaml index 6007e4bf4..a213a0924 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0809_01n2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0809_01n2organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_latest_tls_version - azure_appservice_api_app_use_https diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0810_01n2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0810_01n2organizational.yaml index 0c6017e7c..b54758584 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0810_01n2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0810_01n2organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_latest_tls_version - azure_appservice_api_app_use_https diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0811_01n2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0811_01n2organizational.yaml index bcbb74987..a68f562e4 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0811_01n2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0811_01n2organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_latest_tls_version - azure_appservice_api_app_use_https diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0812_01n2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0812_01n2organizational.yaml index 5050007df..afed4be34 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0812_01n2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0812_01n2organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_latest_tls_version - azure_appservice_api_app_use_https diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0814_01n1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0814_01n1organizational.yaml index 6297fd8b5..299c7b5f6 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0814_01n1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0814_01n1organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_latest_tls_version - azure_appservice_api_app_use_https diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0835_09n1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0835_09n1organizational.yaml index a98cff98f..3f0f51c51 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0835_09n1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0835_09n1organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_network_traffic_data_collection_windows_agent_installed - azure_compute_vm_uses_azure_resource_manager diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0836_09_n2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0836_09_n2organizational.yaml index 370974080..154ae0c7b 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0836_09_n2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0836_09_n2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_network_traffic_data_collection_linux_agent_installed diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0837_09_n2Organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0837_09_n2Organizational.yaml index 0a92ab3af..3ef9efdb5 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0837_09_n2Organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0837_09_n2Organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Network type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_network_watcher_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0858_09m1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0858_09m1organizational.yaml index 479a0b1d2..81a9c97b3 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0858_09m1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0858_09m1organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_jit_access_protected - azure_compute_vm_meet_firewall_properties_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0859_09m1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0859_09m1organizational.yaml index 86d030c6c..8b2e8d4c4 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0859_09m1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0859_09m1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_adaptive_network_hardening_recommendation_applied diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0860_09m1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0860_09m1organizational.yaml index 01f1da9b3..ec5fe56cb 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0860_09m1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0860_09m1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Network type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_network_security_group_diagnostic_setting_deployed diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0861_09m2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0861_09m2organizational.yaml index 6da7ad3f6..2215827e7 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0861_09m2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0861_09m2organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_use_virtual_service_endpoint - azure_compute_vm_meet_security_options_network_access_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0862_09m2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0862_09m2organizational.yaml index 8fcdfd18d..d44b3078e 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0862_09m2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0862_09m2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_sql_server_use_virtual_service_endpoint diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0863_09m2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0863_09m2organizational.yaml index fa6d9a08d..70e27931a 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0863_09m2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0863_09m2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/EventHub type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_eventhub_namespace_use_virtual_service_endpoint diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0864_09m2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0864_09m2organizational.yaml index c4160f41b..6fc1698e2 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0864_09m2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0864_09m2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/CosmosDB type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cosmosdb_use_virtual_service_endpoint diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0865_09m2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0865_09m2organizational.yaml index 4058b9426..88f6805ea 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0865_09m2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0865_09m2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/KeyVault type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_keyvault_vault_use_virtual_service_endpoint diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0866_09m3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0866_09m3organizational.yaml index 9593b90b7..d20861998 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0866_09m3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0866_09m3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Storage type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_storage_account_default_network_access_rule_denied diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0867_09m3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0867_09m3organizational.yaml index 7d71910d2..afe855ccb 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0867_09m3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0867_09m3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Storage type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_storage_account_use_virtual_service_endpoint diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0868_09m3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0868_09m3organizational.yaml index 7f6bc6d5e..2e2aca913 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0868_09m3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0868_09m3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/ContainerRegistry type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_container_registry_use_virtual_service_endpoint diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0869_09m3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0869_09m3organizational.yaml index 9467ded73..a05344777 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0869_09m3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0869_09m3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/ContainerRegistry type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_container_registry_use_virtual_service_endpoint diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0870_09m3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0870_09m3organizational.yaml index 5ed68dcf7..879803e72 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0870_09m3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0870_09m3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/ContainerRegistry type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_container_registry_use_virtual_service_endpoint diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0871_09m3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0871_09m3organizational.yaml index 06f628ace..f37d18133 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0871_09m3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0871_09m3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/ContainerRegistry type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_container_registry_use_virtual_service_endpoint diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0885_09n2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0885_09n2organizational.yaml index 78184b466..133b1b7ec 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0885_09n2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0885_09n2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_network_traffic_data_collection_linux_agent_installed diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0886_09n2Organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0886_09n2Organizational.yaml index 46d3472f6..ae4fb624d 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0886_09n2Organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0886_09n2Organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Network type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_network_watcher_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0887_09n2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0887_09n2organizational.yaml index 138600502..e892c6ff3 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0887_09n2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0887_09n2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_network_traffic_data_collection_windows_agent_installed diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0888_09n2Organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0888_09n2Organizational.yaml index a4716f17d..6921128bb 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0888_09n2Organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0888_09n2Organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Network type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_network_watcher_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0894_01m2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0894_01m2organizational.yaml index 7eb3510a8..c0128eff9 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0894_01m2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0894_01m2organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_use_virtual_service_endpoint - azure_compute_vm_attached_with_network diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0901_09s1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0901_09s1organizational.yaml index 5fd09c2b5..77f6a644f 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0901_09s1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0901_09s1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_cors_no_star diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0902_09s2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0902_09s2organizational.yaml index 86bd381a5..a7ff86189 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0902_09s2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0902_09s2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_cors_no_star diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0912_09s1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0912_09s1organizational.yaml index cc1b4574b..fdd93007d 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0912_09s1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0912_09s1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_remote_debugging_disabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0913_09s1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0913_09s1organizational.yaml index 1f72f14a7..a0511593c 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0913_09s1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0913_09s1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_remote_debugging_disabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0915_09s2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0915_09s2organizational.yaml index 18898054a..c501a2e1f 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0915_09s2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0915_09s2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_client_certificates_on diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0916_09s2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0916_09s2organizational.yaml index 7b0a7f8fc..9a98c600d 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0916_09s2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0916_09s2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_cors_no_star diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0943_09y1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0943_09y1organizational.yaml index fe9514baf..0428eda87 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0943_09y1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0943_09y1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Storage type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_storage_account_secure_transfer_required_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0945_09y1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0945_09y1organizational.yaml index 5dc24096c..ee94c8dd3 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0945_09y1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0945_09y1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_with_no_specified_certificates_in_trusted_root_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0946_09y2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0946_09y2organizational.yaml index 5231cbae7..b129b26d4 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0946_09y2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0946_09y2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Redis type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_redis_cache_ssl_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0947_09y2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0947_09y2organizational.yaml index bfc6e4bce..c5ad700d9 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0947_09y2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0947_09y2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/PostgreSQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_postgres_sql_ssl_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0948_09y2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0948_09y2organizational.yaml index 390e2e1da..61fa9b692 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0948_09y2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0948_09y2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/MySQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mysql_ssl_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0949_09y2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0949_09y2organizational.yaml index e9d5d920b..b84c9f8e0 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0949_09y2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0949_09y2organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_latest_tls_version - azure_appservice_api_app_use_https diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0960_09scsporganizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0960_09scsporganizational.yaml index 32be0760a..9a4f2ea74 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0960_09scsporganizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_0960_09scsporganizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_cors_no_star diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11109_01q1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11109_01q1organizational.yaml index 64cc57de4..8d1cab329 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11109_01q1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11109_01q1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_owner_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11110_01q1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11110_01q1organizational.yaml index 3ecbc8842..e4c3718f4 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11110_01q1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11110_01q1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_write_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11111_01q2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11111_01q2system.yaml index 6455a9570..f22c61a92 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11111_01q2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11111_01q2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_read_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11112_01q2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11112_01q2organizational.yaml index 18803cdb9..3ae975fe8 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11112_01q2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11112_01q2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_subscription_owner_max_3 diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1116_01j1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1116_01j1organizational.yaml index f89e9be14..9fbafcdff 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1116_01j1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1116_01j1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_owner_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1117_01j1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1117_01j1organizational.yaml index 020eb4472..5e11c6943 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1117_01j1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1117_01j1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_write_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11180_01c3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11180_01c3system.yaml index 1a348ab22..beb433400 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11180_01c3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11180_01c3system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_jit_access_protected diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1118_01j2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1118_01j2organizational.yaml index 84ee931a8..b4e57ac4f 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1118_01j2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1118_01j2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_read_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1119_01j2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1119_01j2organizational.yaml index 7c2e56ccb..e914efa89 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1119_01j2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1119_01j2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_jit_access_protected diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11208_01q1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11208_01q1organizational.yaml index 0081e990c..98cc9e5e0 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11208_01q1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11208_01q1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_subscription_owner_more_than_1 diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1120_09ab3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1120_09ab3system.yaml index 24352604f..ba21d2bc0 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1120_09ab3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1120_09ab3system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Monitor type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_monitor_log_profile_enabled_for_all_regions diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11210_01q2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11210_01q2organizational.yaml index 80de6edb0..f4e711a14 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11210_01q2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11210_01q2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_administrators_group_with_specified_members_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11211_01q2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11211_01q2organizational.yaml index 425b07f8c..4c221dcb6 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11211_01q2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_11211_01q2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_administrators_group_with_no_specified_members_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1121_01j3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1121_01j3organizational.yaml index e2c6f1c42..3e775099a 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1121_01j3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1121_01j3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_owner_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1123_01q1system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1123_01q1system.yaml index f12e76664..64b4ac8df 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1123_01q1system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1123_01q1system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_administrators_group_with_extra_accounts_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1125_01q2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1125_01q2system.yaml index 3685b1fcf..edb434776 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1125_01q2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1125_01q2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_administrators_group_with_specified_members_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1127_01q2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1127_01q2system.yaml index deb16a426..c55df2f4d 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1127_01q2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1127_01q2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_administrators_group_with_no_specified_members_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1143_01c1system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1143_01c1system.yaml index da6996836..d82ac266f 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1143_01c1system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1143_01c1system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Network type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_network_security_group_remote_access_restricted diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1144_01c1system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1144_01c1system.yaml index 48b639345..819255294 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1144_01c1system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1144_01c1system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_subscription_owner_max_3 diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1145_01c2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1145_01c2system.yaml index d33bbd1b3..366619a43 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1145_01c2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1145_01c2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_subscription_owner_more_than_1 diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1146_01c2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1146_01c2system.yaml index 05ffe09f9..3073b0592 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1146_01c2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1146_01c2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_external_user_with_owner_role diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1147_01c2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1147_01c2system.yaml index cee36c1c6..926788b51 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1147_01c2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1147_01c2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_deprecated_account_with_owner_roles diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1148_01c2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1148_01c2system.yaml index 76ac161c2..7b263844d 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1148_01c2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1148_01c2system.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_no_custom_role - azure_compute_vm_meet_security_option_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1149_01c2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1149_01c2system.yaml index 3e8bedcb6..b1012d3c2 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1149_01c2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1149_01c2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/KubernetesService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_kubernetes_instance_rbac_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1150_01c2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1150_01c2system.yaml index 01ae87ef7..53b20775b 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1150_01c2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1150_01c2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Network type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_network_security_group_remote_access_restricted diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1151_01c3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1151_01c3system.yaml index 5e20869e2..f2564371d 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1151_01c3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1151_01c3system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_subscription_owner_max_3 diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1152_01c3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1152_01c3system.yaml index d2056f351..2e2981fb5 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1152_01c3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1152_01c3system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_subscription_owner_more_than_1 diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1153_01c3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1153_01c3system.yaml index 3039e1e06..4f3698aec 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1153_01c3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1153_01c3system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/KubernetesService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_kubernetes_instance_rbac_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1154_01c3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1154_01c3system.yaml index b83707366..ddaa0cf27 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1154_01c3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1154_01c3system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_subscription_owner_max_3 diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1173_01j1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1173_01j1organizational.yaml index 76e25f162..5a8dcd603 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1173_01j1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1173_01j1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_write_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1174_01j1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1174_01j1organizational.yaml index afdbd73b0..450a3adf0 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1174_01j1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1174_01j1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_read_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1175_01j1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1175_01j1organizational.yaml index cf348950c..72601ca68 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1175_01j1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1175_01j1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_jit_access_protected diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1176_01j2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1176_01j2organizational.yaml index 8e65e159c..7799b2bcd 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1176_01j2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1176_01j2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_owner_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1177_01j2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1177_01j2organizational.yaml index 71f523c90..2ea908553 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1177_01j2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1177_01j2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_write_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1178_01j2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1178_01j2organizational.yaml index 8dd1c3532..4896d8bef 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1178_01j2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1178_01j2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_read_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1179_01j3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1179_01j3organizational.yaml index 0e07011cd..6822f550f 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1179_01j3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1179_01j3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_jit_access_protected diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1192_01l1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1192_01l1organizational.yaml index 9db63af39..ea005cec2 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1192_01l1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1192_01l1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_jit_access_protected diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1193_01l2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1193_01l2organizational.yaml index f516e5f67..78db5dbde 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1193_01l2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1193_01l2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Network type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_network_security_group_remote_access_restricted diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1194_01l2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1194_01l2organizational.yaml index 0baa0949a..e14ec34ad 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1194_01l2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1194_01l2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_remote_debugging_disabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1195_01l3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1195_01l3organizational.yaml index 13351ef3b..d2d073c17 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1195_01l3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1195_01l3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_remote_debugging_disabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1197_01l3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1197_01l3organizational.yaml index c779a1ec2..f1f02dc54 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1197_01l3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1197_01l3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_adaptive_application_controls_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1202_09aa1system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1202_09aa1system.yaml index 1e1c0e778..1be74fac4 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1202_09aa1system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1202_09aa1system.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_scale_set_system_updates_installed - azure_datalake_store_account_logging_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1203_09aa1system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1203_09aa1system.yaml index 522e5e563..d0efa7b8a 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1203_09aa1system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1203_09aa1system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Logic type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_logic_app_workflow_logging_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1204_09aa1system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1204_09aa1system.yaml index 3ef80bafb..7d67762c3 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1204_09aa1system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1204_09aa1system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IoTHub type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iot_hub_logging_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1205_09aa2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1205_09aa2system.yaml index 68d26a31b..656ce61af 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1205_09aa2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1205_09aa2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Batch type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_batch_account_logging_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1207_09aa2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1207_09aa2system.yaml index 0dc20b3cc..2a17e5417 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1207_09aa2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1207_09aa2system.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_eventhub_namespace_logging_enabled - azure_stream_analytics_job_logging_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1208_09aa3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1208_09aa3system.yaml index 8f4fa397e..0df5e4503 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1208_09aa3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1208_09aa3system.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_search_service_logging_enabled - azure_servicebus_namespace_logging_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1209_09aa3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1209_09aa3system.yaml index 1044e129f..0a5fbb220 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1209_09aa3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1209_09aa3system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_diagnostic_logs_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_12100_09ab2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_12100_09ab2system.yaml index 7d538681c..7c70f184b 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_12100_09ab2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_12100_09ab2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_12101_09ab1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_12101_09ab1organizational.yaml index 341e97410..844a77435 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_12101_09ab1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_12101_09ab1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_scale_set_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_12102_09ab1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_12102_09ab1organizational.yaml index 19e6ccc54..d89a46cd2 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_12102_09ab1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_12102_09ab1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_log_analytics_agent_installed_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1210_09aa3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1210_09aa3system.yaml index 43b3c3934..78c362648 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1210_09aa3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1210_09aa3system.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_audit_diagnostic_setting - azure_datalake_analytics_account_logging_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1211_09aa3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1211_09aa3system.yaml index 4ebbafe0e..ec58e8a44 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1211_09aa3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1211_09aa3system.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_keyvault_logging_enabled - azure_keyvault_managed_hms_logging_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1212_09ab1system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1212_09ab1system.yaml index 16c74cb32..6e685fc26 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1212_09ab1system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1212_09ab1system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Monitor type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_monitor_log_profile_enabled_for_all_categories diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1213_09ab2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1213_09ab2system.yaml index 3ffdce82b..cf3aeb0d2 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1213_09ab2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1213_09ab2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_automatic_provisioning_monitoring_agent_on diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1214_09ab2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1214_09ab2system.yaml index 737f51791..df6333a27 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1214_09ab2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1214_09ab2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Monitor type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_monitor_log_profile_enabled_for_all_regions diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1215_09ab2system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1215_09ab2system.yaml index 671728b13..9c79f1fe8 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1215_09ab2system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1215_09ab2system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1216_09ab3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1216_09ab3system.yaml index cadd5335f..fd57bdea9 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1216_09ab3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1216_09ab3system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_scale_set_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1217_09ab3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1217_09ab3system.yaml index 3b143e266..e2cd420e6 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1217_09ab3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1217_09ab3system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_log_analytics_agent_installed_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1219_09ab3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1219_09ab3system.yaml index 0aca50f4a..13bf031fa 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1219_09ab3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1219_09ab3system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Monitor type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_monitor_log_profile_enabled_for_all_categories diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1220_09ab3system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1220_09ab3system.yaml index 96b87bd38..d72b1a4fb 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1220_09ab3system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1220_09ab3system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_automatic_provisioning_monitoring_agent_on diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1229_09c1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1229_09c1organizational.yaml index fd747284c..8c206595f 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1229_09c1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1229_09c1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/KubernetesService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_kubernetes_instance_rbac_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1230_09c2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1230_09c2organizational.yaml index c09a3acb1..b1ded6d7c 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1230_09c2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1230_09c2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/IAM type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_no_custom_role diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1232_09c3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1232_09c3organizational.yaml index fc98f216a..6f5d8f876 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1232_09c3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1232_09c3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Network type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_network_security_group_rdp_access_restricted diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1270_09ad1system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1270_09ad1system.yaml index 4532193dd..7824b72f9 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1270_09ad1system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1270_09ad1system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Monitor type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_monitor_log_alert_for_administrative_operations diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1271_09ad1system.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1271_09ad1system.yaml index b5c5a2d05..a0d3e6574 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1271_09ad1system.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1271_09ad1system.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Monitor type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_monitor_log_alert_for_administrative_operations diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1277_09c2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1277_09c2organizational.yaml index 0c1ff3288..6fcd8a053 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1277_09c2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1277_09c2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_meet_security_options_user_account_control_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1325_09s1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1325_09s1organizational.yaml index 304fea2d9..46e0e7dc4 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1325_09s1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1325_09s1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_remote_debugging_disabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1401_05i1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1401_05i1organizational.yaml index 5323f72f6..abd2e93d3 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1401_05i1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1401_05i1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Storage type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_storage_account_secure_transfer_required_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1402_05i1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1402_05i1organizational.yaml index 3f330cf4c..3dda84742 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1402_05i1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1402_05i1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_only_https_accessible diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1403_05i1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1403_05i1organizational.yaml index 1b2185f6e..b0b323759 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1403_05i1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1403_05i1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/AppService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_use_https diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1418_05i1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1418_05i1organizational.yaml index a72f9bb63..2f97ab8a1 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1418_05i1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1418_05i1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/MySQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mysql_ssl_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1450_05i2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1450_05i2organizational.yaml index 3b0a99511..de871e11e 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1450_05i2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1450_05i2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/PostgreSQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_postgres_sql_ssl_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1451_05icsporganizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1451_05icsporganizational.yaml index 207f0ff55..ec2c252ce 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1451_05icsporganizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1451_05icsporganizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Redis type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_redis_cache_ssl_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1616_09l1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1616_09l1organizational.yaml index 735005ea9..a2cdb5504 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1616_09l1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1616_09l1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_sql_database_long_term_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1617_09l1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1617_09l1organizational.yaml index 603be525d..81e37a66b 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1617_09l1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1617_09l1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/MySQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mysql_db_server_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1618_09l1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1618_09l1organizational.yaml index e0d465bba..0144a5ad1 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1618_09l1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1618_09l1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/PostgreSQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_postgres_db_server_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1619_09l1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1619_09l1organizational.yaml index be0c70cb7..b26c30fda 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1619_09l1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1619_09l1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/MariaDB type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mariadb_server_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1620_09l1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1620_09l1organizational.yaml index a80d1c835..fdb6c0d08 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1620_09l1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1620_09l1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_azure_backup_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1621_09l2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1621_09l2organizational.yaml index f6ed2d792..6c82d0e73 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1621_09l2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1621_09l2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_sql_database_long_term_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1622_09l2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1622_09l2organizational.yaml index a46110046..1af17f0b9 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1622_09l2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1622_09l2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/MySQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mysql_db_server_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1623_09l2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1623_09l2organizational.yaml index 9d82f2c25..5338d7d8e 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1623_09l2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1623_09l2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/PostgreSQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_postgres_db_server_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1624_09l3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1624_09l3organizational.yaml index d0988344f..160aa0891 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1624_09l3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1624_09l3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/MariaDB type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mariadb_server_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1625_09l3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1625_09l3organizational.yaml index 829fd06f1..220cd3b4d 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1625_09l3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1625_09l3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_azure_backup_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1626_09l3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1626_09l3organizational.yaml index 5b0de2d47..37bf26c33 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1626_09l3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1626_09l3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/PostgreSQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_postgres_db_server_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1627_09l3organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1627_09l3organizational.yaml index ec88310c7..bc5a0d254 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1627_09l3organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1627_09l3organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/MariaDB type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mariadb_server_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1634_12b1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1634_12b1organizational.yaml index b84764b9d..4f26947b5 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1634_12b1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1634_12b1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_disaster_recovery_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1635_12b1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1635_12b1organizational.yaml index 26bff422c..151c3f131 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1635_12b1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1635_12b1organizational.yaml @@ -14,10 +14,6 @@ control-group: - Azure/KeyVault type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_keyvault_managed_hms_purge_protection_enabled - azure_keyvault_purge_protection_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1637_12b2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1637_12b2organizational.yaml index 70479f8c5..e18833fa5 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1637_12b2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1637_12b2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_meet_security_options_requirement_windows diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1638_12b2organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1638_12b2organizational.yaml index f4100a8a6..adcb56e88 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1638_12b2organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1638_12b2organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_disaster_recovery_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1699_09l1organizational.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1699_09l1organizational.yaml index 0a514d75a..61dbe439a 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1699_09l1organizational.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_1699_09l1organizational.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_azure_backup_enabled diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_access_control.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_access_control.yaml index d30c525c2..1f5f2df03 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_access_control.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_access_control.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_11109_01q1organizational - id: azure_hipaa_hitrust_v92_11111_01q2system diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_audit_logging_and_monitoring.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_audit_logging_and_monitoring.yaml index a79f3f001..28727c386 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_audit_logging_and_monitoring.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_audit_logging_and_monitoring.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_1202_09aa1system - id: azure_hipaa_hitrust_v92_1203_09aa1system diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_back_up.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_back_up.yaml index 2471e0cae..21f24f19f 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_back_up.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_back_up.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_1699_09l1organizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_business_continuity_and_disaster_recovery.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_business_continuity_and_disaster_recovery.yaml index 5ce9170ff..2bc49182a 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_business_continuity_and_disaster_recovery.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_business_continuity_and_disaster_recovery.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_1616_09l1organizational - id: azure_hipaa_hitrust_v92_1617_09l1organizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_configuration_management.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_configuration_management.yaml index 30dd77b53..1861b0c84 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_configuration_management.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_configuration_management.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_0605_10h1system - id: azure_hipaa_hitrust_v92_0635_10k1organizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_control_of_operational_software.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_control_of_operational_software.yaml index 424486b0e..6d61c7328 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_control_of_operational_software.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_control_of_operational_software.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_0606_10h2system - id: azure_hipaa_hitrust_v92_0607_10h2system diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_education_training_and_awareness.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_education_training_and_awareness.yaml index f4dae1ccf..516474fdc 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_education_training_and_awareness.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_education_training_and_awareness.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_1325_09s1organizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_endpoint_protection.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_endpoint_protection.yaml index a8a489ec2..81dd69a7c 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_endpoint_protection.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_endpoint_protection.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_0201_09j1organizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_identification_of_risks_related_to_external_parties.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_identification_of_risks_related_to_external_parties.yaml index 787aaaa56..8e10d2353 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_identification_of_risks_related_to_external_parties.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_identification_of_risks_related_to_external_parties.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_1401_05i1organizational - id: azure_hipaa_hitrust_v92_1402_05i1organizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_network_controls.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_network_controls.yaml index bc03fb811..0559e52dc 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_network_controls.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_network_controls.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_0867_09m3organizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_network_protection.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_network_protection.yaml index b91f14743..600ec4e01 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_network_protection.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_network_protection.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_0805_01m1organizational - id: azure_hipaa_hitrust_v92_0806_01m2organizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_on_line_transactions.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_on_line_transactions.yaml index 89bf118b9..15ebf0539 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_on_line_transactions.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_on_line_transactions.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_0946_09y2organizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_portable_media_security.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_portable_media_security.yaml index 97b361cca..1b9e8f17e 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_portable_media_security.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_portable_media_security.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_0301_09o1organizational - id: azure_hipaa_hitrust_v92_0302_09o2organizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_privilege_management.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_privilege_management.yaml index d9400763c..b7e51e452 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_privilege_management.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_privilege_management.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_1149_01c2system - id: azure_hipaa_hitrust_v92_1154_01c3system diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_third_party_assurance.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_third_party_assurance.yaml index 4a5effb34..0cddb0e40 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_third_party_assurance.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_third_party_assurance.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_1450_05i2organizational - id: azure_hipaa_hitrust_v92_1451_05icsporganizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_transmission_protection.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_transmission_protection.yaml index 2a11034cf..c35d8c500 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_transmission_protection.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_transmission_protection.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_0901_09s1organizational - id: azure_hipaa_hitrust_v92_0902_09s2organizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_user_authentication_for_external_connections.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_user_authentication_for_external_connections.yaml index 6f5468da4..177204a2c 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_user_authentication_for_external_connections.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_user_authentication_for_external_connections.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_1117_01j1organizational - id: azure_hipaa_hitrust_v92_1173_01j1organizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_user_identification_and_authentication.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_user_identification_and_authentication.yaml index 39e590234..a5d75fcb9 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_user_identification_and_authentication.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_user_identification_and_authentication.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_11110_01q1organizational - id: azure_hipaa_hitrust_v92_11208_01q1organizational diff --git a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_vulnerability_management.yaml b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_vulnerability_management.yaml index 640011576..1a3807f3c 100755 --- a/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_vulnerability_management.yaml +++ b/compliance/frameworks/azure/azure_hipaa_hitrust_v92/azure_hipaa_hitrust_v92_vulnerability_management.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_hipaa_hitrust_v92_0709_10m1organizational - id: azure_hipaa_hitrust_v92_0710_10m2organizational diff --git a/compliance/frameworks/azure/azure_msb/azure_msb_5.yaml b/compliance/frameworks/azure/azure_msb/azure_msb_5.yaml index 232f35f5c..44af09e78 100755 --- a/compliance/frameworks/azure/azure_msb/azure_msb_5.yaml +++ b/compliance/frameworks/azure/azure_msb/azure_msb_5.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_cis_v200_5_1 - id: azure_cis_v200_5_2 diff --git a/compliance/frameworks/azure/azure_msb/azure_msb_aks.yaml b/compliance/frameworks/azure/azure_msb/azure_msb_aks.yaml index dc0f3a39e..febb76ffc 100755 --- a/compliance/frameworks/azure/azure_msb/azure_msb_aks.yaml +++ b/compliance/frameworks/azure/azure_msb/azure_msb_aks.yaml @@ -18,10 +18,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_check_for_kubernetes_version - azure_enable_defender_for_cloud_for_aks_clusters diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1.yaml index 604371896..bef8ec9d7 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1.yaml @@ -3,10 +3,6 @@ control-group: title: Access Control description: This family of requirements deals with access to networks, systems, and information. The 22 different requirements help to ensure only authorized users access the system. Requirements also safeguard the flow of sensitive information within the network and provide guidance on network devices in the system. section-code: "3_1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_171_rev_2_3_1_1 - id: azure_nist_sp_800_171_rev_2_3_1_2 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_11.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_11.yaml index d93655915..fe5e44fdb 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_11.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_11.yaml @@ -3,10 +3,6 @@ control-group: title: Risk Assessment description: The RA control family relates to an organization's risk assessment policies and vulnerability scanning capabilities. Using an integrated risk management solution like CyberStrong can help streamline and automate your NIST 800 53 compliance efforts. section-code: "3_11" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_171_rev_2_3_11_2 - id: azure_nist_sp_800_171_rev_2_3_11_3 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_11_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_11_2.yaml index f09b83e98..d71c1ea4c 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_11_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_11_2.yaml @@ -3,10 +3,6 @@ control-group: title: 11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified description: "Organizations determine the required vulnerability scanning for all system components, ensuring that potential sources of vulnerabilities such as networked printers, scanners, and copiers are not overlooked. The vulnerabilities to be scanned are readily updated as new vulnerabilities are discovered, announced, and scanning methods developed. This process ensures that potential vulnerabilities in the system are identified and addressed as quickly as possible. Vulnerability analyses for custom software applications may require additional approaches such as static analysis, dynamic analysis, binary analysis, or a hybrid of the three approaches. Organizations can employ these analysis approaches in source code reviews and in a variety of tools (e.g., static analysis tools, web-based application scanners, binary analyzers) and in source code reviews. Vulnerability scanning includes: scanning for patch levels; scanning for functions, ports, protocols, and services that should not be accessible to users or devices; and scanning for improperly configured or incorrectly operating information flow control mechanisms. To facilitate interoperability, organizations consider using products that are Security Content Automated Protocol (SCAP)-validated, scanning tools that express vulnerabilities in the Common Vulnerabilities and Exposures (CVE) naming convention, and that employ the Open Vulnerability Assessment Language (OVAL) to determine the presence of system vulnerabilities. Sources for vulnerability information include the Common Weakness Enumeration (CWE) listing and the National Vulnerability Database (NVD). Security assessments, such as red team exercises, provide additional sources of potential vulnerabilities for which to scan. Organizations also consider using scanning tools that express vulnerability impact by the Common Vulnerability Scoring System (CVSS). In certain situations, the nature of the vulnerability scanning may be more intrusive or the system component that is the subject of the scanning may contain highly sensitive information. Privileged access authorization to selected system components facilitates thorough vulnerability scanning and protects the sensitive nature of such scanning." section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_vulnerability_assessment_solution_enabled - azure_mssql_managed_instance_vulnerability_assessment_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_11_3.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_11_3.yaml index d58d2940a..9ba0527f1 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_11_3.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_11_3.yaml @@ -3,10 +3,6 @@ control-group: title: 11.3 Remediate vulnerabilities in accordance with risk assessments description: Vulnerabilities discovered, for example, via the scanning conducted in response to 3.11.2, are remediated with consideration of the related assessment of risk. The consideration of risk influences the prioritization of remediation efforts and the level of effort to be expended in the remediation for specific vulnerabilities. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_vulnerability_assessment_solution_enabled - azure_mssql_managed_instance_vulnerability_assessment_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13.yaml index b4ca3f3ee..3fdf6690f 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13.yaml @@ -3,10 +3,6 @@ control-group: title: System and Communications Protection description: The SC control family is responsible for systems and communications protection procedures. This includes boundary protection, protection of information at rest, collaborative computing devices, cryptographic protection, denial of service protection, and many others. section-code: "3_13" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_171_rev_2_3_13_1 - id: azure_nist_sp_800_171_rev_2_3_13_2 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_1.yaml index dc9582967..f1ae2e47f 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_1.yaml @@ -3,10 +3,6 @@ control-group: title: 13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems description: Communications can be monitored, controlled, and protected at boundary components and by restricting or prohibiting interfaces in organizational systems. Boundary components include gateways, routers, firewalls, guards, network-based malicious code analysis and virtualization systems, or encrypted tunnels implemented within a system security architecture (e.g., routers protecting firewalls or application gateways residing on protected subnetworks). Restricting or prohibiting interfaces in organizational systems includes restricting external web communications traffic to designated web servers within managed interfaces and prohibiting external traffic that appears to be spoofing internal addresses. Organizations consider the shared nature of commercial telecommunications services in the implementation of security requirements associated with the use of such services. Commercial telecommunications services are commonly based on network components and consolidated management systems shared by all attached commercial customers and may also include third party-provided access lines and other service elements. Such transmission services may represent sources of increased risk despite contract security provisions. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_apimanagement_service_with_virtual_network - azure_app_configuration_private_link_used diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_10.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_10.yaml index 3dd74daaa..f4621b0fc 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_10.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_10.yaml @@ -3,10 +3,6 @@ control-group: title: 13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems description: Cryptographic key management and establishment can be performed using manual procedures or mechanisms supported by manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, policies, directives, regulations, and standards specifying appropriate options, levels, and parameters. section-code: "10" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_batch_account_encrypted_with_cmk - azure_cognitive_account_encrypted_with_cmk diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_16.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_16.yaml index ce7f86091..ac1002e71 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_16.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_16.yaml @@ -3,10 +3,6 @@ control-group: title: 13.16 Protect the confidentiality of CUI at rest description: Information at rest refers to the state of information when it is not in process or in transit and is located on storage devices as specific components of systems. The focus of protection at rest is not on the type of storage device or the frequency of access but rather the state of the information. Organizations can use different mechanisms to achieve confidentiality protections, including the use of cryptographic mechanisms and file share scanning. Organizations may also use other controls including secure off-line storage in lieu of online storage when adequate protection of information at rest cannot otherwise be achieved or continuous monitoring to identify malicious code at rest. section-code: "16" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_app_service_environment_internal_encryption_enabled - azure_automation_account_variable_encryption_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_2.yaml index 0942f4b65..8f39587c8 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_2.yaml @@ -3,10 +3,6 @@ control-group: title: 13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems description: Organizations apply systems security engineering principles to new development systems or systems undergoing major upgrades. For legacy systems, organizations apply systems security engineering principles to system upgrades and modifications to the extent feasible, given the current state of hardware, software, and firmware components within those systems. The application of systems security engineering concepts and principles helps to develop trustworthy, secure, and resilient systems and system components and reduce the susceptibility of organizations to disruptions, hazards, and threats. Examples of these concepts and principles include developing layered protections; establishing security policies, architecture, and controls as the foundation for design; incorporating security requirements into the system development life cycle; delineating physical and logical security boundaries; ensuring that developers are trained on how to build secure software; and performing threat modeling to identify use cases, threat agents, attack vectors and patterns, design patterns, and compensating controls needed to mitigate risk. Organizations that apply security engineering concepts and principles can facilitate the development of trustworthy, secure systems, system components, and system services; reduce risk to acceptable levels; and make informed risk-management decisions. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_apimanagement_service_with_virtual_network - azure_app_configuration_private_link_used diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_5.yaml index 81eecd339..f2a0fb586 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_5.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_5.yaml @@ -3,10 +3,6 @@ control-group: title: 13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks description: Subnetworks that are physically or logically separated from internal networks are referred to as demilitarized zones (DMZs). DMZs are typically implemented with boundary control devices and techniques that include routers, gateways, firewalls, virtualization, or cloud-based technologies. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_apimanagement_service_with_virtual_network - azure_app_configuration_private_link_used diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_6.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_6.yaml index 9a909b736..d7e2fd043 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_6.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_6.yaml @@ -3,10 +3,6 @@ control-group: title: 13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception) description: This requirement applies to inbound and outbound network communications traffic at the system boundary and at identified points within the system. A deny-all, permit-by-exception network communications traffic policy ensures that only those connections which are essential and approved are allowed. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_application_gateway_waf_enabled - azure_cognitive_service_local_auth_disabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_8.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_8.yaml index 6073ef718..1c7de0d95 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_8.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_13_8.yaml @@ -3,10 +3,6 @@ control-group: title: 13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards description: This requirement applies to internal and external networks and any system components that can transmit information including servers, notebook computers, desktop computers, mobile devices, printers, copiers, scanners, and facsimile machines. Communication paths outside the physical protection of controlled boundaries are susceptible to both interception and modification. Organizations relying on commercial providers offering transmission services as commodity services rather than as fully dedicated services (i.e., services which can be highly specialized to individual customer needs), may find it difficult to obtain the necessary assurances regarding the implementation of the controls for transmission confidentiality. In such situations, organizations determine what types of confidentiality services are available in commercial telecommunication service packages. If it is infeasible or impractical to obtain the necessary safeguards and assurances of the effectiveness of the safeguards through appropriate contracting vehicles, organizations implement compensating safeguards or explicitly accept the additional risk. An example of an alternative physical safeguard is a protected distribution system (PDS) where the distribution medium is protected against electronic or physical intercept, thereby ensuring the confidentiality of the information being transmitted. section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_latest_tls_version - azure_appservice_function_app_ftps_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14.yaml index 4dc30fa5f..0f1937323 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14.yaml @@ -3,10 +3,6 @@ control-group: title: System and Information Integrity description: The SI control family correlates to controls that protect system and information integrity. These include flaw remediation, malicious code protection, information system monitoring, security alerts, software and firmware integrity, and spam protection. section-code: "3_14" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_171_rev_2_3_14_1 - id: azure_nist_sp_800_171_rev_2_3_14_2 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_1.yaml index b17f0e401..5ade9ea88 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_1.yaml @@ -3,10 +3,6 @@ control-group: title: 14.1 Identify, report, and correct system flaws in a timely manner description: Organizations identify systems that are affected by announced software and firmware flaws including potential vulnerabilities resulting from those flaws and report this information to designated personnel with information security responsibilities. Security-relevant updates include patches, service packs, hot fixes, and anti-virus signatures. Organizations address flaws discovered during security assessments, continuous monitoring, incident response activities, and system error handling. Organizations can take advantage of available resources such as the Common Weakness Enumeration (CWE) database or Common Vulnerabilities and Exposures (CVE) database in remediating flaws discovered in organizational systems. Organization-defined time periods for updating security-relevant software and firmware may vary based on a variety of factors including the criticality of the update (i.e., severity of the vulnerability related to the discovered flaw). Some types of flaw remediation may require more testing than other types of remediation. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_latest_http_version - azure_appservice_web_app_latest_http_version diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_2.yaml index b69391939..9b4d335d3 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_2.yaml @@ -3,10 +3,6 @@ control-group: title: 14.2 Provide protection from malicious code at designated locations within organizational systems description: Designated locations include system entry and exit points which may include firewalls, remoteaccess servers, workstations, electronic mail servers, web servers, proxy servers, notebook computers, and mobile devices. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code can be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files, or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways including web accesses, electronic mail, electronic mail attachments, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities. Malicious code protection mechanisms include anti-virus signature definitions and reputationbased technologies. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. Pervasive configuration management and comprehensive software integrity controls may be effective in preventing execution of unauthorized code. In addition to commercial off-the-shelf software, malicious code may also be present in custom-built software. This could include logic bombs, back doors, and other types of cyber-attacks that could affect organizational missions/business functions. Traditional malicious code protection mechanisms cannot always detect such code. In these situations, organizations rely instead on other safeguards including secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to help ensure that software does not perform functions other than the functions intended. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_malware_agent_automatic_upgrade_enabled - azure_compute_vm_malware_agent_installed diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_3.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_3.yaml index facc8cd65..316a8d1f0 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_3.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_3.yaml @@ -3,10 +3,6 @@ control-group: title: 14.3 Monitor system security alerts and advisories and take action in response description: There are many publicly available sources of system security alerts and advisories. For example, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) generates security alerts and advisories to maintain situational awareness across the federal government and in nonfederal organizations. Software vendors, subscription services, and industry information sharing and analysis centers (ISACs) may also provide security alerts and advisories. Examples of response actions include notifying relevant external organizations, for example, external mission/business partners, supply chain partners, external service providers, and peer or supporting organizations. section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_azure_defender_on_for_appservice - azure_securitycenter_azure_defender_on_for_containers diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_4.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_4.yaml index 41147cd74..98e18daa9 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_4.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_4.yaml @@ -3,10 +3,6 @@ control-group: title: 14.4 Update malicious code protection mechanisms when new releases are available description: Malicious code protection mechanisms include anti-virus signature definitions and reputationbased technologies. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. Pervasive configuration management and comprehensive software integrity controls may be effective in preventing execution of unauthorized code. In addition to commercial off-the-shelf software, malicious code may also be present in custom-built software. This could include logic bombs, back doors, and other types of cyber-attacks that could affect organizational missions/business functions. Traditional malicious code protection mechanisms cannot always detect such code. In these situations, organizations rely instead on other safeguards including secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to help ensure that software does not perform functions other than the functions intended. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_malware_agent_automatic_upgrade_enabled - azure_compute_vm_malware_agent_installed diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_5.yaml index dbf868ee4..5842317af 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_5.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_5.yaml @@ -3,10 +3,6 @@ control-group: title: 14.5 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed description: Periodic scans of organizational systems and real-time scans of files from external sources can detect malicious code. Malicious code can be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files, or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways including web accesses, electronic mail, electronic mail attachments, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_malware_agent_automatic_upgrade_enabled - azure_compute_vm_malware_agent_installed diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_6.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_6.yaml index 9ba2c0df4..540fc6c16 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_6.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_6.yaml @@ -3,10 +3,6 @@ control-group: title: 14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks description: System monitoring includes external and internal monitoring. External monitoring includes the observation of events occurring at the system boundary (i.e., part of perimeter defense and boundary protection). Internal monitoring includes the observation of events occurring within the system. Organizations can monitor systems, for example, by observing audit record activities in real time or by observing other system aspects such as access patterns, characteristics of access, and other actions. The monitoring objectives may guide determination of the events. System monitoring capability is achieved through a variety of tools and techniques (e.g., intrusion detection systems, intrusion prevention systems, malicious code protection software, scanning tools, audit record monitoring software, network monitoring software). Strategic locations for monitoring devices include selected perimeter locations and near server farms supporting critical applications, with such devices being employed at managed system interfaces. The granularity of monitoring information collected is based on organizational monitoring objectives and the capability of systems to support such objectives. System monitoring is an integral part of continuous monitoring and incident response programs. Output from system monitoring serves as input to continuous monitoring and incident response programs. A network connection is any connection with a device that communicates through a network (e.g., local area network, Internet). A remote connection is any connection with a device communicating through an external network (e.g., the Internet). Local, network, and remote connections can be either wired or wireless. Unusual or unauthorized activities or conditions related to inbound/outbound communications traffic include internal traffic that indicates the presence of malicious code in systems or propagating among system components, the unauthorized exporting of information, or signaling to external systems. Evidence of malicious code is used to identify potentially compromised systems or system components. System monitoring requirements, including the need for specific types of system monitoring, may be referenced in other requirements. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_arc_compute_machine_linux_log_analytics_agent_installed - azure_arc_compute_machine_windows_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_7.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_7.yaml index ecf17c978..63f789271 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_7.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_14_7.yaml @@ -3,10 +3,6 @@ control-group: title: 14.7 Identify unauthorized use of organizational systems description: System monitoring includes external and internal monitoring. System monitoring can detect unauthorized use of organizational systems. System monitoring is an integral part of continuous monitoring and incident response programs. Monitoring is achieved through a variety of tools and techniques (e.g., intrusion detection systems, intrusion prevention systems, malicious code protection software, scanning tools, audit record monitoring software, network monitoring software). Output from system monitoring serves as input to continuous monitoring and incident response programs. Unusual/unauthorized activities or conditions related to inbound and outbound communications traffic include internal traffic that indicates the presence of malicious code in systems or propagating among system components, the unauthorized exporting of information, or signaling to external systems. Evidence of malicious code is used to identify potentially compromised systems or system components. System monitoring requirements, including the need for specific types of system monitoring, may be referenced in other requirements. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_arc_compute_machine_linux_log_analytics_agent_installed - azure_arc_compute_machine_windows_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_1.yaml index ff05a66bf..28fc87487 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_1.yaml @@ -3,10 +3,6 @@ control-group: title: 1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems) description: Access control policies (e.g., identity or role-based policies, control matrices, and cryptography) control access between active entities or subjects (i.e., users or processes acting on behalf of users) and passive entities or objects (e.g., devices, files, records, and domains) in systems. Access enforcement mechanisms can be employed at the application and service level to provide increased information security. Other systems include systems internal and external to the organization. This requirement focuses on account management for systems and applications. The definition of and enforcement of access authorizations, other than those determined by account type (e.g., privileged verses non-privileged) are addressed in requirement 3.1.2. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_app_configuration_private_link_used - azure_appservice_api_app_remote_debugging_disabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_12.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_12.yaml index ffd3852d0..60c661573 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_12.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_12.yaml @@ -3,10 +3,6 @@ control-group: title: 1.12 Monitor and control remote access sessions description: Remote access is access to organizational systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet). Remote access methods include dial-up, broadband, and wireless. Organizations often employ encrypted virtual private networks (VPNs) to enhance confidentiality over remote connections. The use of encrypted VPNs does not make the access non-remote; however, the use of VPNs, when adequately provisioned with appropriate control (e.g., employing encryption techniques for confidentiality protection), may provide sufficient assurance to the organization that it can effectively treat such connections as internal networks. VPNs with encrypted tunnels can affect the capability to adequately monitor network communications traffic for malicious code. Automated monitoring and control of remote access sessions allows organizations to detect cyberattacks and help to ensure ongoing compliance with remote access policies by auditing connection activities of remote users on a variety of system components (e.g., servers, workstations, notebook computers, smart phones, and tablets). section-code: "12" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_app_configuration_private_link_used - azure_appservice_api_app_remote_debugging_disabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_13.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_13.yaml index db06e1cd3..583f9c414 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_13.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_13.yaml @@ -3,10 +3,6 @@ control-group: title: 1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions description: Cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. section-code: "13" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_app_configuration_private_link_used - azure_cognitive_account_private_link_used diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_14.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_14.yaml index d6a70a6a7..f077007c8 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_14.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_14.yaml @@ -3,10 +3,6 @@ control-group: title: 1.14 Route remote access via managed access control points description: Routing remote access through managed access control points enhances explicit, organizational control over such connections, reducing the susceptibility to unauthorized access to organizational systems resulting in the unauthorized disclosure of CUI. section-code: "14" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_app_configuration_private_link_used - azure_cognitive_account_private_link_used diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_2.yaml index 6cc83d5f9..e236a570d 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_2.yaml @@ -3,10 +3,6 @@ control-group: title: 1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute description: Organizations may choose to define access privileges or other attributes by account, by type of account, or a combination of both. System account types include individual, shared, group, system, anonymous, guest, emergency, developer, manufacturer, vendor, and temporary. Other attributes required for authorizing access include restrictions on time-of-day, day-of-week, and point-oforigin. In defining other account attributes, organizations consider system-related requirements (e.g., system upgrades scheduled maintenance,) and mission or business requirements, (e.g., time zone differences, customer requirements, remote access to support travel requirements). section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_remote_debugging_disabled - azure_appservice_function_app_remote_debugging_disabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_3.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_3.yaml index cab089d8a..9269dd84b 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_3.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_3.yaml @@ -3,10 +3,6 @@ control-group: title: 1.3 Control the flow of CUI in accordance with approved authorizations description: "Information flow control regulates where information can travel within a system and between systems (versus who can access the information) and without explicit regard to subsequent accesses to that information. Flow control restrictions include the following: keeping exportcontrolled information from being transmitted in the clear to the Internet; blocking outside traffic that claims to be from within the organization; restricting requests to the Internet that are not from the internal web proxy server; and limiting information transfers between organizations based on data structures and content. Organizations commonly use information flow control policies and enforcement mechanisms to control the flow of information between designated sources and destinations (e.g., networks, individuals, and devices) within systems and between interconnected systems. Flow control is based on characteristics of the information or the information path. Enforcement occurs in boundary protection devices (e.g., gateways, routers, guards, encrypted tunnels, firewalls) that employ rule sets or establish configuration settings that restrict system services, provide a packetfiltering capability based on header information, or message-filtering capability based on message content (e.g., implementing key word searches or using document characteristics). Organizations also consider the trustworthiness of filtering and inspection mechanisms (i.e., hardware, firmware, and software components) that are critical to information flow enforcement. Transferring information between systems representing different security domains with different security policies introduces risk that such transfers violate one or more domain security policies. In such situations, information owners or stewards provide guidance at designated policy enforcement points between interconnected systems. Organizations consider mandating specific architectural solutions when required to enforce specific security policies. Enforcement includes: prohibiting information transfers between interconnected systems (i.e., allowing access only); employing hardware mechanisms to enforce one-way information flows; and implementing trustworthy regrading mechanisms to reassign security attributes and security labels." section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_apimanagement_service_with_virtual_network - azure_app_configuration_private_link_used diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_4.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_4.yaml index 503f6cf45..5f4ecb24c 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_4.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_4.yaml @@ -3,9 +3,5 @@ control-group: title: 1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion description: Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes dividing mission functions and system support functions among different individuals or roles; conducting system support functions with different individuals (e.g., configuration management, quality assurance and testing, system management, programming, and network security); and ensuring that security personnel administering access control functions do not also administer audit functions. Because separation of duty violations can span systems and application domains, organizations consider the entirety of organizational systems and system components when developing policy on separation of duties. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_subscription_owner_more_than_1 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_5.yaml index b64fd687b..41d6ba234 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_5.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_1_5.yaml @@ -3,10 +3,6 @@ control-group: title: 1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts description: Organizations employ the principle of least privilege for specific duties and authorized accesses for users and processes. The principle of least privilege is applied with the goal of authorized privileges no higher than necessary to accomplish required organizational missions or business functions. Organizations consider the creation of additional processes, roles, and system accounts as necessary, to achieve least privilege. Organizations also apply least privilege to the development, implementation, and operation of organizational systems. Security functions include establishing system accounts, setting events to be logged, setting intrusion detection parameters, and configuring access authorizations (i.e., permissions, privileges). Privileged accounts, including super user accounts, are typically described as system administrator for various types of commercial off-the-shelf operating systems. Restricting privileged accounts to specific personnel or roles prevents day-to-day users from having access to privileged information or functions. Organizations may differentiate in the application of this requirement between allowed privileges for local accounts and for domain accounts provided organizations retain the ability to control system configurations for key security parameters and as otherwise necessary to sufficiently mitigate risk. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_no_custom_role - azure_iam_subscription_owner_max_3 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3.yaml index b7df5ab47..eb2cdf690 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3.yaml @@ -3,10 +3,6 @@ control-group: title: Audit and Accountability description: The AU control family consists of security controls related to an organization’s audit capabilities. This includes audit policies and procedures, audit logging, audit report generation, and protection of audit information. section-code: "3_3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_171_rev_2_3_3_1 - id: azure_nist_sp_800_171_rev_2_3_3_2 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_1.yaml index 08c30b990..dd44bcfee 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_1.yaml @@ -3,10 +3,6 @@ control-group: title: 3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity description: An event is any observable occurrence in a system, which includes unlawful or unauthorized system activity. Organizations identify event types for which a logging functionality is needed as those events which are significant and relevant to the security of systems and the environments in which those systems operate to meet specific and ongoing auditing needs. Event types can include password changes, failed logons or failed accesses related to systems, administrative privilege usage, or third-party credential usage. In determining event types that require logging, organizations consider the monitoring and auditing appropriate for each of the CUI security requirements. Monitoring and auditing requirements can be balanced with other system needs. For example, organizations may determine that systems must have the capability to log every file access both successful and unsuccessful, but not activate that capability except for specific circumstances due to the potential burden on system performance. Audit records can be generated at various levels of abstraction, including at the packet level as information traverses the network. Selecting the appropriate level of abstraction is a critical aspect of an audit logging capability and can facilitate the identification of root causes to problems. Organizations consider in the definition of event types, the logging necessary to cover related events such as the steps in distributed, transaction-based processes (e.g., processes that are distributed across multiple organizations) and actions that occur in service-oriented or cloudbased architectures. Audit record content that may be necessary to satisfy this requirement includes time stamps, source and destination addresses, user or process identifiers, event descriptions, success or fail indications, filenames involved, and access control or flow control rules invoked. Event outcomes can include indicators of event success or failure and event-specific results (e.g., the security state of the system after the event occurred). Detailed information that organizations may consider in audit records includes full text recording of privileged commands or the individual identities of group account users. Organizations consider limiting the additional audit log information to only that information explicitly needed for specific audit requirements. This facilitates the use of audit trails and audit logs by not including information that could potentially be misleading or could make it more difficult to locate information of interest. Audit logs are reviewed and analyzed as often as needed to provide important information to organizations to facilitate risk-based decision making. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_diagnostic_logs_enabled - azure_arc_compute_machine_linux_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_2.yaml index e907bedc0..b21e2d2a3 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_2.yaml @@ -3,10 +3,6 @@ control-group: title: 3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions description: This requirement ensures that the contents of the audit record include the information needed to link the audit event to the actions of an individual to the extent feasible. Organizations consider logging for traceability including results from monitoring of account usage, remote access, wireless connectivity, mobile device connection, communications at system boundaries, configuration settings, physical access, nonlocal maintenance, use of maintenance tools, temperature and humidity, equipment delivery and removal, system component inventory, use of mobile code, and use of Voice over Internet Protocol (VoIP). section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_diagnostic_logs_enabled - azure_arc_compute_machine_linux_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_4.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_4.yaml index 5fec0105f..c20cfbfea 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_4.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_4.yaml @@ -3,10 +3,6 @@ control-group: title: 3.4 Alert in the event of an audit logging process failure description: Audit logging process failures include software and hardware errors, failures in the audit record capturing mechanisms, and audit record storage capacity being reached or exceeded. This requirement applies to each audit record data storage repository (i.e., distinct system component where audit records are stored), the total audit record storage capacity of organizations (i.e., all audit record data storage repositories combined), or both. section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_azure_defender_on_for_appservice - azure_securitycenter_azure_defender_on_for_containers diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_5.yaml index 6f8aa0cc2..c9ef77dca 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_5.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_3_5.yaml @@ -3,10 +3,6 @@ control-group: title: 3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity description: Correlating audit record review, analysis, and reporting processes helps to ensure that they do not operate independently, but rather collectively. Regarding the assessment of a given organizational system, the requirement is agnostic as to whether this correlation is applied at the system level or at the organization level across all systems. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_azure_defender_on_for_appservice - azure_securitycenter_azure_defender_on_for_containers diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4.yaml index 297676405..78317c8ef 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4.yaml @@ -3,10 +3,6 @@ control-group: title: Configuration Management description: CM controls are specific to an organization's configuration management policies. This includes a baseline configuration to operate as the basis for future builds or changes to information systems. Additionally, this includes information system component inventories and a security impact analysis control. section-code: "3_4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_171_rev_2_3_4_1 - id: azure_nist_sp_800_171_rev_2_3_4_2 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4_1.yaml index 2f6796b6a..859cca296 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4_1.yaml @@ -3,10 +3,6 @@ control-group: title: 4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles description: Baseline configurations are documented, formally reviewed, and agreed-upon specifications for systems or configuration items within those systems. Baseline configurations serve as a basis for future builds, releases, and changes to systems. Baseline configurations include information about system components (e.g., standard software packages installed on workstations, notebook computers, servers, network components, or mobile devices; current version numbers and update and patch information on operating systems and applications; and configuration settings and parameters), network topology, and the logical placement of those components within the system architecture. Baseline configurations of systems also reflect the current enterprise architecture. Maintaining effective baseline configurations requires creating new baselines as organizational systems change over time. Baseline configuration maintenance includes reviewing and updating the baseline configuration when changes are made based on security risks and deviations from the established baseline configuration Organizations can implement centralized system component inventories that include components from multiple organizational systems. In such situations, organizations ensure that the resulting inventories include system-specific information required for proper component accountability (e.g., system association, system owner). Information deemed necessary for effective accountability of system components includes hardware inventory specifications, software license information, software version numbers, component owners, and for networked components or devices, machine names and network addresses. Inventory specifications include manufacturer, device type, model, serial number, and physical location. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_remote_debugging_disabled - azure_appservice_function_app_client_certificates_on diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4_2.yaml index b9c08598c..06bf34438 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4_2.yaml @@ -3,10 +3,6 @@ control-group: title: 4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems description: "Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the system that affect the security posture or functionality of the system. Information technology products for which security-related configuration settings can be defined include mainframe computers, servers, workstations, input and output devices (e.g., scanners, copiers, and printers), network components (e.g., firewalls, routers, gateways, voice and data switches, wireless access points, network appliances, sensors), operating systems, middleware, and applications. Security parameters are those parameters impacting the security state of systems including the parameters required to satisfy other security requirements. Security parameters include: registry settings; account, file, directory permission settings; and settings for functions, ports, protocols, and remote connections. Organizations establish organization-wide configuration settings and subsequently derive specific configuration settings for systems. The established settings become part of the systems configuration baseline. Common secure configurations (also referred to as security configuration checklists, lockdown and hardening guides, security reference guides, security technical implementation guides) provide recognized, standardized, and established benchmarks that stipulate secure configuration settings for specific information technology platforms/products and instructions for configuring those system components to meet operational requirements. Common secure configurations can be developed by a variety of organizations including information technology product developers, manufacturers, vendors, consortia, academia, industry, federal agencies, and other organizations in the public and private sectors." section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_remote_debugging_disabled - azure_appservice_function_app_client_certificates_on diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4_6.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4_6.yaml index a2b2f0e1a..d0d33160f 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4_6.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_4_6.yaml @@ -3,9 +3,5 @@ control-group: title: 4.6 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities description: Systems can provide a wide variety of functions and services. Some of the functions and services routinely provided by default, may not be necessary to support essential organizational missions, functions, or operations. It is sometimes convenient to provide multiple services from single system components. However, doing so increases risk over limiting the services provided by any one component. Where feasible, organizations limit component functionality to a single function per component. Organizations review functions and services provided by systems or components of systems, to determine which functions and services are candidates for elimination. Organizations disable unused or unnecessary physical and logical ports and protocols to prevent unauthorized connection of devices, transfer of information, and tunneling. Organizations can utilize network scanning tools, intrusion detection and prevention systems, and end-point protections such as firewalls and host-based intrusion detection systems to identify and prevent the use of prohibited functions, ports, protocols, and services. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_azure_defender_on_for_server diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5.yaml index 92d4c8257..ff0a02e5c 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5.yaml @@ -3,10 +3,6 @@ control-group: title: Identification and Authentication description: This family of requirements ensures only authenticated users can access the organization’s network or systems. The 11 requirements cover password and authentication procedures and policy, alongside the reliable identification of users. Requirements ensure the distinction between privileged and non-privileged accounts is reflected in network access. section-code: "3_5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_171_rev_2_3_5_1 - id: azure_nist_sp_800_171_rev_2_3_5_2 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_1.yaml index a542cb963..d9fec00be 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_1.yaml @@ -3,10 +3,6 @@ control-group: title: 5.1 Identify system users, processes acting on behalf of users, and devices description: Common device identifiers include Media Access Control (MAC), Internet Protocol (IP) addresses, or device-unique token identifiers. Management of individual identifiers is not applicable to shared system accounts. Typically, individual identifiers are the user names associated with the system accounts assigned to those individuals. Organizations may require unique identification of individuals in group accounts or for detailed accountability of individual activity. In addition, this requirement addresses individual identifiers that are not necessarily associated with system accounts. Organizational devices requiring identification may be defined by type, by device, or by a combination of type/device. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_uses_managed_identity - azure_appservice_web_app_uses_managed_identity diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_10.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_10.yaml index f7b0398cc..097917b87 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_10.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_10.yaml @@ -3,10 +3,6 @@ control-group: title: 5.10 Store and transmit only cryptographically-protected passwords description: Cryptographically-protected passwords use salted one-way cryptographic hashes of passwords. section-code: "10" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_guest_configuration_installed_linux - azure_compute_vm_guest_configuration_installed_windows diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_2.yaml index 69e94ffdc..cf51509b5 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_2.yaml @@ -3,10 +3,6 @@ control-group: title: 5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. description: "Individual authenticators include the following: passwords, key cards, cryptographic devices, and one-time password devices. Initial authenticator content is the actual content of the authenticator, for example, the initial password. In contrast, the requirements about authenticator content include the minimum password length. Developers ship system components with factory default authentication credentials to allow for initial installation and configuration. Default authentication credentials are often well known, easily discoverable, and present a significant security risk. Systems support authenticator management by organization-defined settings and restrictions for various authenticator characteristics including minimum password length, validation time window for time synchronous one-time tokens, and number of allowed rejections during the verification stage of biometric authentication. Authenticator management includes issuing and revoking, when no longer needed, authenticators for temporary access such as that required for remote maintenance. Device authenticators include certificates and passwords." section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_uses_managed_identity - azure_appservice_web_app_uses_managed_identity diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_5.yaml index e9a989e03..38b86e34f 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_5.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_5.yaml @@ -3,10 +3,6 @@ control-group: title: 5.5 Prevent reuse of identifiers for a defined period description: Identifiers are provided for users, processes acting on behalf of users, or devices (3.5.1). Preventing reuse of identifiers implies preventing the assignment of previously used individual, group, role, or device identifiers to different individuals, groups, roles, or devices. section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_uses_managed_identity - azure_appservice_web_app_uses_managed_identity diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_6.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_6.yaml index e61f2d89b..01e18ab3a 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_6.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_6.yaml @@ -3,10 +3,6 @@ control-group: title: 5.6 Disable identifiers after a defined period of inactivity description: Inactive identifiers pose a risk to organizational information because attackers may exploit an inactive identifier to gain undetected access to organizational devices. The owners of the inactive accounts may not notice if unauthorized access to the account has been obtained. section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_uses_managed_identity - azure_appservice_web_app_uses_managed_identity diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_7.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_7.yaml index 80ed2c775..e7470a20f 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_7.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_7.yaml @@ -3,10 +3,6 @@ control-group: title: 5.7 Enforce a minimum password complexity and change of characters when new passwords are created description: This requirement applies to single-factor authentication of individuals using passwords as individual or group authenticators, and in a similar manner, when passwords are used as part of multifactor authenticators. The number of changed characters refers to the number of changes required with respect to the total number of positions in the current password. To mitigate certain brute force attacks against passwords, organizations may also consider salting passwords. section-code: "7" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_guest_configuration_installed_windows - azure_compute_vm_guest_configuration_with_no_managed_identity diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_8.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_8.yaml index 60442299b..6d9d589c9 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_8.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_5_8.yaml @@ -3,10 +3,6 @@ control-group: title: 5.8 Prohibit password reuse for a specified number of generations description: Password lifetime restrictions do not apply to temporary passwords. section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_guest_configuration_installed_windows - azure_compute_vm_guest_configuration_with_no_managed_identity diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_6.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_6.yaml index 4aafe14e1..6f99379a7 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_6.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_6.yaml @@ -3,9 +3,5 @@ control-group: title: Incident response description: IR controls are specific to an organization's incident response policies and procedures. This includes incident response training, testing, monitoring, reporting, and response plan. section-code: "3_6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_171_rev_2_3_6_2 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_6_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_6_2.yaml index bec100f8d..c41a77fd3 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_6_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_6_2.yaml @@ -3,10 +3,6 @@ control-group: title: 6.2 Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization description: Tracking and documenting system security incidents includes maintaining records about each incident, the status of the incident, and other pertinent information necessary for forensics, evaluating incident details, trends, and handling. Incident information can be obtained from a variety of sources including incident reports, incident response teams, audit monitoring, network monitoring, physical access monitoring, and user/administrator reports. Reporting incidents addresses specific incident reporting requirements within an organization and the formal incident reporting requirements for the organization. Suspected security incidents may also be reported and include the receipt of suspicious email communications that can potentially contain malicious code. The types of security incidents reported, the content and timeliness of the reports, and the designated reporting authorities reflect applicable laws, Executive Orders, directives, regulations, and policies. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_email_configured - azure_securitycenter_notify_alerts_configured diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_8.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_8.yaml index ac9162289..603f767aa 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_8.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_8.yaml @@ -3,9 +3,5 @@ control-group: title: Media Protection description: This control family help organizations control access to sensitive media. Requirements cover best practice storage or destruction of sensitive information and media in both physical and digital formats. section-code: "3_8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_171_rev_2_3_8_9 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_8_9.yaml b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_8_9.yaml index 919bdf4cd..27a4b593c 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_8_9.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_171_rev_2/azure_nist_sp_800_171_rev_2_3_8_9.yaml @@ -3,10 +3,6 @@ control-group: title: 8.9 Protect the confidentiality of backup CUI at storage locations description: Organizations can employ cryptographic mechanisms or alternative physical controls to protect the confidentiality of backup information at designated storage locations. Backed-up information containing CUI may include system-level information and user-level information. System-level information includes system-state information, operating system software, application software, and licenses. User-level information includes information other than system-level information. section-code: "9" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_keyvault_purge_protection_enabled - azure_keyvault_soft_delete_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac.yaml index f878e9887..57d6be4fc 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_ac_2 - id: azure_nist_sp_800_53_rev_5_ac_3 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_16.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_16.yaml index 0ebbad063..4ca12e50d 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_16.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_16.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_azure_defender_on_for_sqlservervm - azure_sql_server_azure_defender_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_17.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_17.yaml index 2595d09ca..370fd97ff 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_17.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_17.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_ac_17_1 controls: diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_17_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_17_1.yaml index af5ad762b..57ca6fbfd 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_17_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_17_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_app_configuration_private_link_used - azure_appservice_api_app_remote_debugging_disabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2.yaml index ae32740b1..2c1df7472 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_ac_2_1 - id: azure_nist_sp_800_53_rev_5_ac_2_7 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2_1.yaml index 29e27895c..af000ee6d 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cognitive_service_local_auth_disabled - azure_servicefabric_cluster_active_directory_authentication_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2_12.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2_12.yaml index c4d93813c..9b0faa98d 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2_12.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2_12.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_arc_kubernetes_cluster_azure_defender_extension_installed - azure_compute_vm_jit_access_protected diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2_7.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2_7.yaml index 536d0aa5c..2694a4247 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2_7.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_2_7.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_cognitive_service_local_auth_disabled - azure_iam_no_custom_role diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_3.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_3.yaml index 244f6f8e7..d860bc9b7 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_3.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_3.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_ac_3_7 controls: diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_3_7.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_3_7.yaml index e35cb9d0d..4b953f18f 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_3_7.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_3_7.yaml @@ -14,9 +14,5 @@ control-group: - Azure/KubernetesService type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_kubernetes_instance_rbac_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_4.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_4.yaml index c6c836517..555b415b8 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_4.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_4.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_ac_4_3 controls: diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_4_3.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_4_3.yaml index 7fdd0e52b..e07f9031b 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_4_3.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_4_3.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_adaptive_network_hardening_recommendation_applied - azure_compute_vm_jit_access_protected diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_5.yaml index 375d258c9..373a4bfc5 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_5.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_5.yaml @@ -14,9 +14,5 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_subscription_owner_more_than_1 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_6.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_6.yaml index c8d174d7c..a694b8116 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_6.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_6.yaml @@ -14,10 +14,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_ac_6_7 controls: diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_6_7.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_6_7.yaml index 59a02dc76..577482244 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_6_7.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ac_6_7.yaml @@ -14,10 +14,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_no_custom_role - azure_iam_subscription_owner_max_3 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au.yaml index 803d41adc..e3d2d69dd 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_au_6 - id: azure_nist_sp_800_53_rev_5_au_11 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_11.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_11.yaml index a69c4555d..13f5fb05e 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_11.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_11.yaml @@ -14,9 +14,5 @@ control-group: - Azure/SQL type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_sql_server_auditing_storage_account_destination_retention_90_days diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_12.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_12.yaml index c285440c1..e3524f6f8 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_12.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_12.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_au_12_1 controls: diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_12_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_12_1.yaml index 1b5e8a755..03abe5ffb 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_12_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_12_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_diagnostic_logs_enabled - azure_arc_compute_machine_linux_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_6.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_6.yaml index 59f4c221a..49dc9950d 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_6.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_6.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_au_6_4 - id: azure_nist_sp_800_53_rev_5_au_6_5 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_6_4.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_6_4.yaml index 42186144e..6ec83ddd2 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_6_4.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_6_4.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_diagnostic_logs_enabled - azure_arc_compute_machine_linux_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_6_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_6_5.yaml index e6109c281..e8fd8ed2d 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_6_5.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_au_6_5.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_web_app_diagnostic_logs_enabled - azure_arc_compute_machine_linux_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm.yaml index e4e90e5de..1986e5767 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_cm_6 - id: azure_nist_sp_800_53_rev_5_cm_7 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_10.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_10.yaml index 648a7320f..3cf697bfc 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_10.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_10.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_adaptive_application_controls_enabled - azure_compute_vm_allowlist_rules_in_adaptive_application_control_policy_updated diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_11.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_11.yaml index 0cb448260..d098dae50 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_11.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_11.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_adaptive_application_controls_enabled - azure_compute_vm_allowlist_rules_in_adaptive_application_control_policy_updated diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_6.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_6.yaml index d18872235..6bc370f92 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_6.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_6.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_client_certificates_on - azure_appservice_api_app_cors_no_star diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_7.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_7.yaml index ce347c243..77b1885c0 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_7.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_7.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_cm_7_2 - id: azure_nist_sp_800_53_rev_5_cm_7_5 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_7_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_7_2.yaml index f340ea8ba..802694dbb 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_7_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_7_2.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_adaptive_application_controls_enabled - azure_compute_vm_allowlist_rules_in_adaptive_application_control_policy_updated diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_7_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_7_5.yaml index b220bdb8f..87f6a75d5 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_7_5.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cm_7_5.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_adaptive_application_controls_enabled - azure_compute_vm_allowlist_rules_in_adaptive_application_control_policy_updated diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp.yaml index 6d587b6ec..99bd8faf0 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_cp_6 - id: azure_nist_sp_800_53_rev_5_cp_7 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_6.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_6.yaml index 18309742e..0c32422ea 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_6.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_6.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_cp_6_1 controls: diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_6_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_6_1.yaml index 76d1b3821..b46c8a2d6 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_6_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_6_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mariadb_server_geo_redundant_backup_enabled - azure_mysql_db_server_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_7.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_7.yaml index c5e28c54f..adaea598d 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_7.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_7.yaml @@ -14,9 +14,5 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_disaster_recovery_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_9.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_9.yaml index fcc39a71b..757e941a5 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_9.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_cp_9.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_keyvault_purge_protection_enabled - azure_keyvault_soft_delete_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia.yaml index 4ff08935d..cb5e82247 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_ia_2 - id: azure_nist_sp_800_53_rev_5_ia_4 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_2.yaml index cf10a123c..3d50c92d3 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_2.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_ia_2_1 - id: azure_nist_sp_800_53_rev_5_ia_2_2 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_2_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_2_1.yaml index 653ae552f..75d63a035 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_2_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_2_1.yaml @@ -3,10 +3,6 @@ control-group: title: Multi-factor Authentication to Privileged Accounts IA-2(1) description: Implement multi-factor authentication for access to privileged accounts. section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_owner_permission_on_subscription_mfa_enabled - azure_iam_user_with_write_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_2_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_2_2.yaml index f108d5c62..fe450d679 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_2_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_2_2.yaml @@ -3,9 +3,5 @@ control-group: title: Multi-factor Authentication to Non-privileged Accounts description: Implement multi-factor authentication for access to non-privileged accounts. section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_user_with_read_permission_on_subscription_mfa_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_4.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_4.yaml index 48a82a8c2..a06508a8e 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_4.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_4.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_uses_managed_identity - azure_appservice_web_app_uses_managed_identity diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_5.yaml index b229a880b..7288c6e54 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_5.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_5.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_ia_5_1 controls: diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_5_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_5_1.yaml index 4c93d8cae..88ec888d1 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_5_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ia_5_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_guest_configuration_installed_linux - azure_compute_vm_guest_configuration_installed_windows diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir.yaml index f154ee971..b2722659a 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_ir_4 - id: azure_nist_sp_800_53_rev_5_ir_5 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir_4.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir_4.yaml index e9c0ca2b4..ab4ec59c6 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir_4.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir_4.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_azure_defender_on_for_appservice - azure_securitycenter_azure_defender_on_for_containers diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir_5.yaml index 2dd9521f7..8d8510eb7 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir_5.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir_5.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_azure_defender_on_for_appservice - azure_securitycenter_azure_defender_on_for_containers diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir_6_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir_6_2.yaml index dc5f75f02..e65b0160e 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir_6_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ir_6_2.yaml @@ -14,10 +14,6 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_email_configured - azure_securitycenter_notify_alerts_configured diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ra.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ra.yaml index 3e2024529..368c80714 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ra.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ra.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_ra_5 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ra_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ra_5.yaml index 9ea0eea2b..e24939452 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ra_5.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_ra_5.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_container_security_configurations_vulnerabilities_remediated - azure_compute_vm_scale_set_security_configuration_vulnerabilities_remediated diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc.yaml index 147c962a5..e8c5bb3ee 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_sc_3 - id: azure_nist_sp_800_53_rev_5_sc_5 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_12.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_12.yaml index 0af34870d..9b998dd54 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_12.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_12.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_automation_account_encrypted_with_cmk - azure_batch_account_encrypted_with_cmk diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_28.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_28.yaml index 67ebb3e10..ef2cac4d3 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_28.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_28.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_sc_28_1 controls: diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_28_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_28_1.yaml index 0932af755..1ec284b18 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_28_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_28_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_app_service_environment_internal_encryption_enabled - azure_compute_vm_and_sacle_set_encryption_at_host_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_3.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_3.yaml index 5c8113fc0..89e98dfa7 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_3.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_3.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_monitor_missing_endpoint_protection_in_asc - azure_compute_vm_scale_set_endpoint_protection_solution_installed diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_5.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_5.yaml index 803d2ae85..86e71c75f 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_5.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_5.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_application_gateway_waf_enabled - azure_frontdoor_waf_enabled diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_7.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_7.yaml index a4a5f75d4..892287be1 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_7.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_7.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_sc_7_3 controls: diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_7_3.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_7_3.yaml index 22f7935e7..38c0e4742 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_7_3.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_7_3.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_apimanagement_service_with_virtual_network - azure_app_configuration_private_link_used diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_8.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_8.yaml index 495b47253..c538f3fd6 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_8.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_8.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_sc_8_1 controls: diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_8_1.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_8_1.yaml index ffaec21d0..0e45babc3 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_8_1.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_sc_8_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_ftps_enabled - azure_appservice_api_app_latest_tls_version diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si.yaml index 68de9d736..86d8f66f3 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_si_2 - id: azure_nist_sp_800_53_rev_5_si_3 diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_16.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_16.yaml index 2ffe3d38a..8f06c91ce 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_16.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_16.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_windows_defender_exploit_guard_enabled - azure_securitycenter_azure_defender_on_for_server diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_2.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_2.yaml index 684c6f98f..e44f53233 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_2.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_2.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_si_2_6 controls: diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_2_6.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_2_6.yaml index 321d59c51..e94eac2c5 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_2_6.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_2_6.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_latest_http_version - azure_appservice_web_app_latest_http_version diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_3.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_3.yaml index 0d0bae490..d66fef953 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_3.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_3.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_azure_defender_on_for_server - azure_compute_vm_monitor_missing_endpoint_protection_in_asc diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_4.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_4.yaml index 95ac4cd48..52dc577e2 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_4.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_4.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_nist_sp_800_53_rev_5_si_4_12 controls: diff --git a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_4_12.yaml b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_4_12.yaml index 6fb587bc3..be14fe77c 100755 --- a/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_4_12.yaml +++ b/compliance/frameworks/azure/azure_nist_sp_800_53_rev_5/azure_nist_sp_800_53_rev_5_si_4_12.yaml @@ -14,10 +14,6 @@ control-group: - Azure/SecurityCenter type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_securitycenter_email_configured - azure_securitycenter_notify_alerts_configured diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1.yaml index 33274197f..f7c50c996 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_1_3 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_10.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_10.yaml index 8a381c684..403521c8e 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_10.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_10.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_10_5 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_10_5.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_10_5.yaml index 79f39ae4a..390db2180 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_10_5.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_10_5.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_10_5_4 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_10_5_4.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_10_5_4.yaml index 32a25f4ac..34b5d6237 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_10_5_4.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_10_5_4.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_audit_diagnostic_setting - azure_compute_vm_uses_azure_resource_manager diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_11.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_11.yaml index db7de78fa..162277840 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_11.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_11.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_11_2 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_11_2.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_11_2.yaml index ba436c851..a008f7212 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_11_2.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_11_2.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_11_2_1 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_11_2_1.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_11_2_1.yaml index 0c468329f..97dd02b89 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_11_2_1.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_11_2_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_endpoint_protection_agent_installed - azure_compute_vm_security_configuration_vulnerabilities_remediated diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1_3.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1_3.yaml index 1bb0cd723..7d4bb01e4 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1_3.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1_3.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_1_3_2 - id: azure_pci_dss_v321_requirement_1_3_4 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1_3_2.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1_3_2.yaml index 15ed332d6..e00642feb 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1_3_2.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1_3_2.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_remote_access_restricted_all_ports - azure_storage_account_default_network_access_rule_denied diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1_3_4.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1_3_4.yaml index c2367529d..8fed04b18 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1_3_4.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_1_3_4.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_remote_access_restricted_all_ports - azure_storage_account_default_network_access_rule_denied diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_3.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_3.yaml index 63f273f06..3e5af153c 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_3.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_3.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_3_2 - id: azure_pci_dss_v321_requirement_3_4 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_3_2.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_3_2.yaml index 6877a8c00..76e169612 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_3_2.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_3_2.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_external_user_with_owner_role - azure_iam_external_user_with_read_permission diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_3_4.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_3_4.yaml index 698911fee..d6cd0cdc8 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_3_4.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_3_4.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_use_https - azure_appservice_function_app_only_https_accessible diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_4.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_4.yaml index c48e0b8c2..399d43e3f 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_4.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_4.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_4_1 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_4_1.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_4_1.yaml index 09cb5de69..e55a62fd3 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_4_1.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_4_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_use_https - azure_appservice_function_app_only_https_accessible diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_5.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_5.yaml index 159526dfa..0c18d9e5f 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_5.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_5.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_5_1 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_5_1.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_5_1.yaml index 332eda36e..c1b59c6e1 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_5_1.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_5_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_endpoint_protection_agent_installed - azure_compute_vm_security_configuration_vulnerabilities_remediated diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6.yaml index e4eb6d768..ade8c3347 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_6_2 - id: azure_pci_dss_v321_requirement_6_5 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_2.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_2.yaml index 060dbd0b8..b0cd2607c 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_2.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_2.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_endpoint_protection_agent_installed - azure_compute_vm_security_configuration_vulnerabilities_remediated diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_5.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_5.yaml index d071ef9dd..9fe7eb5aa 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_5.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_5.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_6_5_3 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_5_3.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_5_3.yaml index 057dc8742..a1e7bd916 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_5_3.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_5_3.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_use_https - azure_appservice_function_app_only_https_accessible diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_6.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_6.yaml index df553b8f3..faa0a9298 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_6.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_6_6.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_endpoint_protection_agent_installed - azure_compute_vm_security_configuration_vulnerabilities_remediated diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7.yaml index 0188b3710..04ee536e9 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_7_1 - id: azure_pci_dss_v321_requirement_7_2 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1.yaml index 8a8b035fb..e20dc8fc2 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_7_1_1 - id: azure_pci_dss_v321_requirement_7_1_2 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1_1.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1_1.yaml index 4c164dd09..86dcb2453 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1_1.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_subscription_owner_max_3 - azure_iam_subscription_owner_more_than_1 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1_2.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1_2.yaml index 8b5d7154f..df105ba1c 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1_2.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1_2.yaml @@ -14,10 +14,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_subscription_owner_max_3 - azure_iam_subscription_owner_more_than_1 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1_3.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1_3.yaml index 12280f8b0..b743947aa 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1_3.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_1_3.yaml @@ -14,10 +14,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_subscription_owner_max_3 - azure_iam_subscription_owner_more_than_1 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_2.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_2.yaml index 22e788579..7f97420ae 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_2.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_2.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_7_2_1 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_2_1.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_2_1.yaml index 5deb7b311..d05adde7d 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_2_1.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_7_2_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_external_user_with_owner_role - azure_iam_external_user_with_read_permission diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8.yaml index 83bc4e67a..0d30b820d 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_8_1 - id: azure_pci_dss_v321_requirement_8_2 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1.yaml index f3adbc90e..8fe302b21 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_8_1_2 - id: azure_pci_dss_v321_requirement_8_1_3 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1_2.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1_2.yaml index af8bd3b70..243b638a9 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1_2.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1_2.yaml @@ -14,10 +14,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_deprecated_account_with_owner_roles - azure_iam_deprecated_account diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1_3.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1_3.yaml index 28425c3b7..f1ced8712 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1_3.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1_3.yaml @@ -14,10 +14,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_deprecated_account - azure_iam_deprecated_account_with_owner_roles diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1_5.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1_5.yaml index 1768d5454..fee86555c 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1_5.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_1_5.yaml @@ -14,10 +14,6 @@ control-group: - Azure/ActiveDirectory type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_deprecated_account_with_owner_roles - azure_iam_deprecated_account diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_2.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_2.yaml index 2448c2e7a..e278190f5 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_2.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_2.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_8_2_3 - id: azure_pci_dss_v321_requirement_8_2_5 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_2_3.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_2_3.yaml index 3251d8048..8da3aed82 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_2_3.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_2_3.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_guest_configuration_installed_windows - azure_compute_vm_guest_configuration_with_no_managed_identity diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_2_5.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_2_5.yaml index 2f31e030f..8aaf81fe5 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_2_5.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_2_5.yaml @@ -14,10 +14,6 @@ control-group: - Azure/Compute type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_guest_configuration_installed_windows - azure_compute_vm_guest_configuration_with_no_managed_identity diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_3.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_3.yaml index 7e903e2f8..cb0cf56b6 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_3.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_3.yaml @@ -14,9 +14,5 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_pci_dss_v321_requirement_8_3_1 diff --git a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_3_1.yaml b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_3_1.yaml index 4677a4f0f..84a0dfbbd 100755 --- a/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_3_1.yaml +++ b/compliance/frameworks/azure/azure_pci_dss_v321/azure_pci_dss_v321_requirement_8_3_1.yaml @@ -14,10 +14,6 @@ control-group: - Azure type: - Benchmark - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_external_user_with_owner_role - azure_iam_external_user_with_read_permission diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning.yaml index b343e3e0f..9aa25b06a 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning.yaml @@ -3,9 +3,5 @@ control-group: title: Business Continuity Planning description: Business Continuity Planning section-code: business_continuity_planning - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_rbi_itf_nbfc_v2017_business_continuity_planning_6 diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6.yaml index 0d12c73ce..125334e89 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6.yaml @@ -3,10 +3,6 @@ control-group: title: Business Continuity Planning (BCP) and Disaster Recovery-6 description: Business Continuity Planning (BCP) and Disaster Recovery-6 section-code: "6" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_2 - id: azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_3 diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_2.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_2.yaml index 74a11988f..b77eb1ee3 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_2.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_2.yaml @@ -3,10 +3,6 @@ control-group: title: Recovery strategy / Contingency Plan-6.2 description: Recovery strategy / Contingency Plan-6.2 section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_disaster_recovery_enabled - azure_mariadb_server_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_3.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_3.yaml index 65a2ee5b2..891cbaa65 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_3.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_3.yaml @@ -3,10 +3,6 @@ control-group: title: Recovery strategy / Contingency Plan-6.3 description: Recovery strategy / Contingency Plan-6.3 section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mariadb_server_geo_redundant_backup_enabled - azure_mysql_db_server_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_4.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_4.yaml index 1cd40dbe8..379450693 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_4.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_business_continuity_planning_6_4.yaml @@ -3,10 +3,6 @@ control-group: title: Recovery strategy / Contingency Plan-6.4 description: Recovery strategy / Contingency Plan-6.4 section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_disaster_recovery_enabled - azure_recovery_service_vault_uses_private_link diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_is_audit.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_is_audit.yaml index ec10fb756..1c3075bd7 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_is_audit.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_is_audit.yaml @@ -3,9 +3,5 @@ control-group: title: IS Audit description: IS Audit section-code: is_audit - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_rbi_itf_nbfc_v2017_is_audit_5 diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_is_audit_5.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_is_audit_5.yaml index 7d7bdde46..98e56a512 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_is_audit_5.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_is_audit_5.yaml @@ -3,10 +3,6 @@ control-group: title: Policy for Information System Audit (IS Audit)-5 description: Policy for Information System Audit (IS Audit)-5 section-code: "5" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_rbi_itf_nbfc_v2017_is_audit_5_2 controls: diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_is_audit_5_2.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_is_audit_5_2.yaml index 0ea0925e9..e78dfacd3 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_is_audit_5_2.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_is_audit_5_2.yaml @@ -3,10 +3,6 @@ control-group: title: Policy for Information System Audit (IS Audit)-5.2 description: Policy for Information System Audit (IS Audit)-5.2 section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_mariadb_server_geo_redundant_backup_enabled - azure_mysql_db_server_geo_redundant_backup_enabled diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_governance.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_governance.yaml index 08a0a3c19..099b0377a 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_governance.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_governance.yaml @@ -3,9 +3,5 @@ control-group: title: IT Governance description: IT Governance section-code: it_governance - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_rbi_itf_nbfc_v2017_it_governance_1 diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_governance_1.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_governance_1.yaml index 53737ecab..94509bac8 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_governance_1.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_governance_1.yaml @@ -3,10 +3,6 @@ control-group: title: IT Governance-1 description: IT Governance-1 section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_rbi_itf_nbfc_v2017_it_governance_1_1 controls: diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_governance_1_1.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_governance_1_1.yaml index e7ae34f19..e342af8fd 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_governance_1_1.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_governance_1_1.yaml @@ -3,10 +3,6 @@ control-group: title: IT Governance-1.1 description: IT Governance-1.1 section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_jit_access_protected - azure_network_interface_ip_forwarding_disabled diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security.yaml index 7b1fb8c51..e75feec3d 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security.yaml @@ -3,9 +3,5 @@ control-group: title: Information and Cyber Security description: Information and Cyber Security section-code: it_information_and_cyber_security - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3 diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3.yaml index 50405dbf3..b16fb330c 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3.yaml @@ -3,10 +3,6 @@ control-group: title: Information Security-3 description: Information Security-3 section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1 - id: azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_3 diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1.yaml index 7a53be27b..d95094c5c 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1.yaml @@ -3,10 +3,6 @@ control-group: title: Identification and Classification of Information Assets-3.1 description: Identification and Classification of Information Assets-3.1 section-code: "1" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_a - id: azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_b diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_a.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_a.yaml index 8c660b7af..12d73566e 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_a.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_a.yaml @@ -3,10 +3,6 @@ control-group: title: Identification and Classification of Information Assets-3.1.a description: Identification and Classification of Information Assets-3.1.a section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_deprecated_account - azure_iam_deprecated_account_with_owner_roles diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_b.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_b.yaml index 781538491..ea6168622 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_b.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_b.yaml @@ -3,10 +3,6 @@ control-group: title: Segregation of Functions-3.1.b description: Segregation of Functions-3.1.b section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_api_app_remote_debugging_disabled - azure_appservice_function_app_client_certificates_on diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_c.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_c.yaml index fb1fc3b61..b5794b683 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_c.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_c.yaml @@ -3,10 +3,6 @@ control-group: title: Role based Access Control-3.1.c description: Role based Access Control-3.1.c section-code: c - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_jit_access_protected - azure_iam_deprecated_account diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_f.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_f.yaml index 42483f4b0..889d9d2e1 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_f.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_f.yaml @@ -3,10 +3,6 @@ control-group: title: Maker-checker-3.1.f description: Maker-checker-3.1.f section-code: f - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_iam_deprecated_account - azure_iam_deprecated_account_with_owner_roles diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_g.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_g.yaml index 67765f3ff..1749742fa 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_g.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_g.yaml @@ -3,10 +3,6 @@ control-group: title: Trails-3.1.g description: Trails-3.1.g section-code: g - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_application_insights_block_log_ingestion_and_querying_from_public - azure_compute_vm_log_analytics_agent_installed diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_h.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_h.yaml index 68802b33c..4eeb6c8a9 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_h.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_h.yaml @@ -3,10 +3,6 @@ control-group: title: Public Key Infrastructure (PKI)-3.1.h description: Public Key Infrastructure (PKI)-3.1.h section-code: h - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_app_configuration_encryption_enabled - azure_app_service_environment_internal_encryption_enabled diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_3.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_3.yaml index 59150ea47..11e1cdfc0 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_3.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_3.yaml @@ -3,10 +3,6 @@ control-group: title: Vulnerability Management-3.3 description: Vulnerability Management-3.3 section-code: "3" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_system_updates_installed - azure_compute_vm_vulnerability_assessment_solution_enabled diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_8.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_8.yaml index b9013abc8..db91b1a51 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_8.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_8.yaml @@ -3,10 +3,6 @@ control-group: title: Digital Signatures-3.8 description: Digital Signatures-3.8 section-code: "8" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_appservice_function_app_client_certificates_on - azure_appservice_web_app_client_certificates_on diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations.yaml index 1c1e4ae85..9d961bbb6 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations.yaml @@ -3,9 +3,5 @@ control-group: title: IT Operations description: IT Operations section-code: it_operations - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_rbi_itf_nbfc_v2017_it_operations_4 diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4.yaml index 52a15bced..f9cd9d3f0 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4.yaml @@ -3,10 +3,6 @@ control-group: title: IT Operations-4 description: IT Operations-4 section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_rbi_itf_nbfc_v2017_it_operations_4_2 - id: azure_rbi_itf_nbfc_v2017_it_operations_4_4 diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_2.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_2.yaml index 0f530349f..2a28da59d 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_2.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_2.yaml @@ -3,9 +3,5 @@ control-group: title: IT Operations-4.2 description: IT Operations-4.2 section-code: "2" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_network_traffic_data_collection_linux_agent_installed diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_4.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_4.yaml index c9d72b6c6..9c2e1d68f 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_4.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_4.yaml @@ -3,10 +3,6 @@ control-group: title: IT Operations-4.4 description: IT Operations-4.4 section-code: "4" - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false control-group: - id: azure_rbi_itf_nbfc_v2017_it_operations_4_4_a - id: azure_rbi_itf_nbfc_v2017_it_operations_4_4_b diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_4_a.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_4_a.yaml index 7fd1345d1..83acdc61e 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_4_a.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_4_a.yaml @@ -3,10 +3,6 @@ control-group: title: IT Operations-4.4.a description: IT Operations-4.4.a section-code: a - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_vulnerability_assessment_solution_enabled - azure_securitycenter_azure_defender_on_for_appservice diff --git a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_4_b.yaml b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_4_b.yaml index aa353cec5..e4ab69488 100755 --- a/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_4_b.yaml +++ b/compliance/frameworks/azure/azure_rbi_itf_nbfc_v2017/azure_rbi_itf_nbfc_v2017_it_operations_4_4_b.yaml @@ -3,10 +3,6 @@ control-group: title: IT Operations-4.4.b description: IT Operations-4.4.b section-code: b - defaults: - auto-assign: null - enabled: false - tracks-drift-events: false controls: - azure_compute_vm_network_traffic_data_collection_linux_agent_installed - azure_securitycenter_azure_defender_on_for_sqldb diff --git a/compliance/frameworks/baseline/target.yml b/compliance/frameworks/baseline/target.yml index 95bd03014..15b852c3e 100644 --- a/compliance/frameworks/baseline/target.yml +++ b/compliance/frameworks/baseline/target.yml @@ -3,78 +3,74 @@ framework: title: "NIST Cybersecurity Framework (CSF) v1.1" description: "NIST Cybersecurity Framework is a set of best practices, standards, and recommendations that help an organization improve its cybersecurity measures." section-code: aws_nist_csf - metadata: - defaults: - auto-assign: false - enabled: true - tracks-drift-events: false - tags: - category: - - "Compliance" - nist_csf: - - "true" - platform_benchmark_type: - - "compliance" - platform_category: - - "Frameworks" - - "Best Practices" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + defaults: + auto-assign: false + enabled: true + tracks-drift-events: false + tags: + category: + - "Compliance" + nist_csf: + - "true" + platform_benchmark_type: + - "compliance" + platform_category: + - "Frameworks" + - "Best Practices" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_de title: "Detect (DE)" description: "Develop and implement appropriate activities to identify the occurrence of a cybersecurity event." section-code: de - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_de_ae title: "Anomalies and Events (DE.AE)" description: "Anomalous activity is detected and the potential impact of events is understood." section-code: ae - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_de_ae_1 title: "DE.AE-1" description: "A baseline of network operations and expected data flows for users and systems is established and managed." section-code: "1" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_apigateway_stage_logging_enabled - aws_apigateway_stage_use_waf_web_acl @@ -120,18 +116,17 @@ framework: title: "DE.AE-2" description: "Detected events are analyzed to understand attack targets and methods." section-code: "2" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_guardduty_enabled - aws_guardduty_finding_archived @@ -141,18 +136,17 @@ framework: title: "DE.AE-3" description: "Event data are collected and correlated from multiple sources and sensors." section-code: "3" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_apigateway_stage_logging_enabled - aws_cloudfront_distribution_logging_enabled @@ -179,18 +173,17 @@ framework: title: "DE.AE-4" description: "Impact of events is determined." section-code: "4" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled @@ -205,18 +198,17 @@ framework: title: "DE.AE-5" description: "Incident alert thresholds are established." section-code: "5" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_cloudwatch_alarm_action_enabled - aws_codebuild_project_source_repo_oauth_configured @@ -226,35 +218,33 @@ framework: title: "Security Continuous Monitoring (DE.CM)" description: "The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures." section-code: cm - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_de_cm_1 title: "DE.CM-1" description: "The network is monitored to detect potential cybersecurity events." section-code: "1" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled @@ -271,18 +261,17 @@ framework: title: "DE.CM-2" description: "The physical environment is monitored to detect potential cybersecurity events." section-code: "2" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_cloudtrail_bucket_not_public - aws_cloudtrail_multi_region_read_write_enabled @@ -317,18 +306,17 @@ framework: title: "DE.CM-3" description: "Personnel activity is monitored to detect potential cybersecurity events." section-code: "3" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled @@ -341,18 +329,17 @@ framework: title: "DE.CM-4" description: "Malicious code is detected." section-code: "4" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_guardduty_enabled - aws_guardduty_finding_archived @@ -362,18 +349,17 @@ framework: title: "DE.CM-5" description: "Unauthorized mobile code is detected." section-code: "5" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_cloudtrail_trail_integrated_with_logs - aws_cloudwatch_alarm_action_enabled @@ -388,18 +374,17 @@ framework: title: "DE.CM-6" description: "External service provider activity is monitored to detect potential cybersecurity events." section-code: "6" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_s3_data_events_enabled @@ -412,18 +397,17 @@ framework: title: "DE.CM-7" description: "Monitoring for unauthorized personnel, connections, devices, and software is performed." section-code: "7" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled @@ -439,35 +423,33 @@ framework: title: "Detection Processes (DE.DP)" description: "Detection processes and procedures are maintained and tested to ensure awareness of anomalous events." section-code: dp - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_de_dp_4 title: "DE.DP-4" description: "Event detection information is communicated." section-code: "4" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_cloudformation_stack_notifications_enabled - aws_cloudtrail_trail_integrated_with_logs @@ -486,18 +468,17 @@ framework: title: "DE.DP-5" description: "Detection processes are continuously improved." section-code: "5" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS/EC2" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS/EC2" + type: + - "Benchmark" controls: - aws_guardduty_enabled - aws_ec2_instance_detailed_monitoring_enabled @@ -506,52 +487,49 @@ framework: title: "Identify (ID)" description: "Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities." section-code: id - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_id_am title: "Asset Management (ID.AM)" description: "The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance." section-code: am - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_id_am_1 title: "ID.AM-1" description: "Physical devices and systems within the organization are inventoried." section-code: "1" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_config_enabled_all_regions - aws_ec2_instance_ssm_managed @@ -560,18 +538,17 @@ framework: title: "ID.AM-2" description: "Software platforms and applications within the organization are inventoried." section-code: "2" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_ec2_instance_ssm_managed - aws_ec2_stopped_instance_30_days @@ -583,18 +560,17 @@ framework: title: "ID.AM-3" description: "Organizational communication and data flows are mapped." section-code: "3" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_apigateway_stage_logging_enabled - aws_cloudtrail_multi_region_trail_enabled @@ -608,18 +584,17 @@ framework: title: "ID.AM-5" description: "Resources are prioritized based on their classification, criticality, and business value." section-code: "5" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_autoscaling_group_with_lb_use_health_check - aws_dynamodb_table_auto_scaling_enabled @@ -628,18 +603,17 @@ framework: title: "ID.AM-6" description: "Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders are established." section-code: "6" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS/IAM" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS/IAM" + type: + - "Benchmark" controls: - aws_iam_user_in_group @@ -647,35 +621,33 @@ framework: title: "Business Environment (ID.BE)" description: "The organization's mission, objectives, stakeholders, and activities are understood and prioritized." section-code: be - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_id_be_5 title: "ID.BE-5" description: "Resilience requirements for critical services are established." section-code: "5" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_autoscaling_group_multiple_az_configured - aws_autoscaling_group_with_lb_use_health_check @@ -712,35 +684,33 @@ framework: title: "Risk Assessment (ID.RA)" description: "The organization understands the cybersecurity risk to organizational operations and assets." section-code: ra - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_id_ra_1 title: "ID.RA-1" description: "Asset vulnerabilities are identified and documented." section-code: "1" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_cloudtrail_bucket_not_public - aws_cloudtrail_multi_region_read_write_enabled @@ -777,18 +747,17 @@ framework: title: "ID.RA-2" description: "Cyber threat intelligence is received from information sharing forums and sources." section-code: "2" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_guardduty_enabled - aws_securityhub_enabled @@ -797,18 +766,17 @@ framework: title: "ID.RA-3" description: "Threats, both internal and external, are identified and documented." section-code: "3" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_guardduty_enabled - aws_securityhub_enabled @@ -817,18 +785,17 @@ framework: title: "ID.RA-5" description: "Threats, vulnerabilities, likelihoods, and impacts are used to determine risk." section-code: "5" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_cloudtrail_bucket_not_public - aws_cloudtrail_multi_region_read_write_enabled @@ -863,35 +830,33 @@ framework: title: "Supply Chain Risk Management (ID.SC)" description: "The organization uses processes to identify, assess and manage supply chain risks." section-code: sc - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_id_sc_4 title: "ID.SC-4" description: "Suppliers and third-party partners are routinely assessed to confirm they meet obligations." section-code: "4" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_cloudtrail_bucket_not_public - aws_cloudtrail_multi_region_read_write_enabled @@ -926,52 +891,49 @@ framework: title: "Protect (PR)" description: "Develop and implement safeguards to ensure delivery of critical services." section-code: pr - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_pr_ac title: "Identity Management and Access Control (PR.AC)" description: "Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions." section-code: ac - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_pr_ac_1 title: "PR.AC-1" description: "Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes." section-code: "1" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_codebuild_project_environment_privileged_mode_disabled - aws_ec2_instance_iam_profile_attached @@ -1009,18 +971,17 @@ framework: title: "PR.AC-3" description: "Remote access is managed." section-code: "3" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_apigateway_stage_use_waf_web_acl - aws_autoscaling_launch_config_public_ip_disabled @@ -1071,18 +1032,17 @@ framework: title: "PR.AC-4" description: "Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties." section-code: "4" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_codebuild_project_environment_privileged_mode_disabled @@ -1136,18 +1096,17 @@ framework: title: "PR.AC-5" description: "Network integrity is protected (e.g., network segregation, network segmentation)." section-code: "5" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_acm_certificate_expires_30_days - aws_apigateway_stage_use_waf_web_acl @@ -1193,18 +1152,17 @@ framework: title: "PR.AC-6" description: "Identities are proofed and bound to credentials and asserted in interactions." section-code: "6" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_trail_enabled @@ -1216,18 +1174,17 @@ framework: title: "PR.AC-7" description: "Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction." section-code: "7" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS/IAM" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS/IAM" + type: + - "Benchmark" controls: - aws_iam_account_password_policy_strong_min_reuse_24 - aws_iam_root_user_hardware_mfa_enabled @@ -1238,35 +1195,33 @@ framework: title: "Data Security (PR.DS)" description: "Information and records (data) are managed consistent with the organization's risk strategy to protect the confidentiality, integrity, and availability of information." section-code: ds - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_pr_ds_1 title: "PR.DS-1" description: "Data-at-rest is protected." section-code: "1" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_apigateway_stage_cache_encryption_at_rest_enabled - aws_cloudtrail_trail_logs_encrypted_with_kms_cmk @@ -1299,18 +1254,17 @@ framework: title: "PR.DS-2" description: "Data-in-transit is protected." section-code: "2" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_acm_certificate_expires_30_days - aws_apigateway_rest_api_stage_use_ssl_certificate @@ -1333,18 +1287,17 @@ framework: title: "PR.DS-3" description: "Assets are formally managed throughout removal, transfers, and disposition." section-code: "3" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_ec2_instance_ssm_managed - aws_ssm_managed_instance_compliance_association_compliant @@ -1354,18 +1307,17 @@ framework: title: "PR.DS-4" description: "Adequate capacity to ensure availability is maintained." section-code: "4" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_autoscaling_group_multiple_az_configured - aws_autoscaling_group_with_lb_use_health_check @@ -1402,18 +1354,17 @@ framework: title: "PR.DS-5" description: "Protections against data leaks are implemented." section-code: "5" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_cloudtrail_multi_region_trail_enabled @@ -1450,18 +1401,17 @@ framework: title: "PR.DS-6" description: "Integrity checking mechanisms are used to verify software, firmware, and information integrity." section-code: "6" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS/CloudTrail" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS/CloudTrail" + type: + - "Benchmark" controls: - aws_cloudtrail_trail_validation_enabled - aws_s3_bucket_versioning_enabled @@ -1470,18 +1420,17 @@ framework: title: "PR.DS-7" description: "The development and testing environment(s) are separate from the production environment." section-code: "7" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_cloudtrail_security_trail_enabled - aws_ebs_volume_unused @@ -1495,18 +1444,17 @@ framework: title: "PR.DS-8" description: "Integrity checking mechanisms are used to verify hardware integrity." section-code: "8" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_ec2_instance_ssm_managed - aws_securityhub_enabled @@ -1514,35 +1462,33 @@ framework: title: "Information Protection Processes and Procedures (PR.IP)" description: "Security policies (addressing purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets." section-code: ip - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_pr_ip_1 title: "PR.IP-1" description: "A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)." section-code: "1" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_account_part_of_organizations - aws_autoscaling_launch_config_hop_limit @@ -1582,18 +1528,17 @@ framework: title: "PR.IP-2" description: "A System Development Life Cycle to manage systems is implemented." section-code: "2" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values - aws_codebuild_project_source_repo_oauth_configured @@ -1603,18 +1548,17 @@ framework: title: "PR.IP-3" description: "Configuration change control processes are in place." section-code: "3" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS/ELB" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS/ELB" + type: + - "Benchmark" controls: - aws_elb_application_lb_deletion_protection_enabled - aws_rds_db_cluster_deletion_protection_enabled @@ -1624,18 +1568,17 @@ framework: title: "PR.IP-4" description: "Backups of information are conducted, maintained, and tested periodically." section-code: "4" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_dynamodb_table_in_backup_plan - aws_dynamodb_table_point_in_time_recovery_enabled @@ -1657,18 +1600,17 @@ framework: title: "PR.IP-7" description: "Protection processes are improved." section-code: "7" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS/EC2" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS/EC2" + type: + - "Benchmark" controls: - aws_ec2_instance_ebs_optimized @@ -1676,18 +1618,17 @@ framework: title: "PR.IP-8" description: "Effectiveness of protection technologies is shared." section-code: "8" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_dms_replication_instance_not_publicly_accessible - aws_ebs_snapshot_not_publicly_restorable @@ -1709,18 +1650,17 @@ framework: title: "PR.IP-9" description: "Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed." section-code: "9" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled @@ -1753,18 +1693,17 @@ framework: title: "PR.IP-12" description: "A vulnerability management plan is developed and implemented." section-code: "12" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_config_enabled_all_regions - aws_ec2_instance_ssm_managed @@ -1775,35 +1714,33 @@ framework: title: "Maintenance (PR.MA)" description: "Maintenance and repairs of industrial control and information system components are performed consistent with policies and procedures." section-code: ma - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_pr_ma_2 title: "PR.MA-2" description: "Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access." section-code: "2" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS/CloudTrail" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS/CloudTrail" + type: + - "Benchmark" controls: - aws_cloudtrail_multi_region_trail_enabled - aws_cloudtrail_trail_enabled @@ -1813,35 +1750,33 @@ framework: title: "Protective Technology (PR.PT)" description: "Technical security solutions are managed to ensure the security and resilience of systems and assets." section-code: pt - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_pr_pt_1 title: "PR.PT-1" description: "Audit/log records are determined, documented, implemented, and reviewed in accordance with policy." section-code: "1" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_apigateway_rest_api_stage_xray_tracing_enabled - aws_apigateway_stage_logging_enabled @@ -1871,18 +1806,17 @@ framework: title: "PR.PT-3" description: "The principle of least functionality is incorporated by configuring systems to provide only essential capabilities." section-code: "3" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_autoscaling_launch_config_public_ip_disabled - aws_codebuild_project_environment_privileged_mode_disabled @@ -1923,18 +1857,17 @@ framework: title: "PR.PT-4" description: "Communications and control networks are protected." section-code: "4" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_acm_certificate_expires_30_days - aws_apigateway_stage_use_waf_web_acl @@ -1978,18 +1911,17 @@ framework: title: "PR.PT-5" description: "Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations." section-code: "5" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_autoscaling_group_multiple_az_configured - aws_autoscaling_group_with_lb_use_health_check @@ -2028,52 +1960,49 @@ framework: title: "Recover (RC)" description: "Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident." section-code: rc - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_rc_rp title: "Recovery Planning (RC.RP)" description: "Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events." section-code: rp - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_rc_rp_1 title: "RC.RP-1" description: "Recovery plan is executed during or after a cybersecurity incident." section-code: "1" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_autoscaling_group_multiple_az_configured - aws_autoscaling_use_multiple_instance_types_in_multiple_az @@ -2117,52 +2046,49 @@ framework: title: "Respond (RS)" description: "Develop and implement appropriate activities to take action regarding a detected cybersecurity incident." section-code: rs - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_rs_an title: "Analysis (RS.AN)" description: "Analysis is conducted to ensure effective response and support recovery activities." section-code: an - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_rs_an_2 title: "RS.AN-2" description: "The impact of the incident is understood." section-code: "2" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS/GuardDuty" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS/GuardDuty" + type: + - "Benchmark" controls: - aws_guardduty_finding_archived @@ -2170,35 +2096,33 @@ framework: title: "Mitigation (RS.MI)" description: "Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident." section-code: mi - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_rs_mi_3 title: "RS.MI-3" description: "Newly identified vulnerabilities are mitigated or documented as accepted risks." section-code: "3" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS/GuardDuty" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS/GuardDuty" + type: + - "Benchmark" controls: - aws_guardduty_finding_archived @@ -2206,35 +2130,33 @@ framework: title: "Response Planning (RS.RP)" description: "Response processes and procedures are executed and maintained, ensuring timely response to detected cybersecurity events." section-code: rp - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" control-group: - id: aws_nist_csf_rs_rp_1 title: "RS.RP-1" description: "Response plan is executed during or after an incident." section-code: "1" - metadata: - tags: - category: - - "Compliance" - nist_csf: - - "true" - plugin: - - "aws" - service: - - "AWS" - type: - - "Benchmark" + tags: + category: + - "Compliance" + nist_csf: + - "true" + plugin: + - "aws" + service: + - "AWS" + type: + - "Benchmark" controls: - aws_backup_plan_min_retention_35_days - aws_backup_recovery_point_encryption_enabled