fix: remove defaults from control-groups

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1.yaml

@@ -3,10 +3,6 @@ control-group:
   title: ACSC Essential Eight Maturity Level 1
   description: The availability category refers to the accessibility of information used by the entity’s systems, as well as the products or services provided to its customers.
   section-code: ml_1
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_1_2
   - id: aws_acsc_essential_eight_ml_1_5

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2.yaml

@@ -3,9 +3,5 @@ control-group:
   title: "ACSC-EE-ML1-2: Patch applications ML1"
   description: A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities.
   section-code: "2"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_1_2_5

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_2_5.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-2.5: Patch applications ML1"
   description: Patches, updates or vendor mitigations for security vulnerabilities in internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists.
   section-code: "5"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_ecs_service_fargate_using_latest_platform_version
   - aws_eks_cluster_with_latest_kubernetes_version

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-5: Restrict administrative privileges ML1"
   description: The restriction of administrative privileges is the practice of limiting the number of privileged accounts and the extent of their access to systems and data.
   section-code: "5"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_1_5_2
   - id: aws_acsc_essential_eight_ml_1_5_3

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_2.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-5.2: Restrict administrative privileges ML1"
   description: Privileged accounts (excluding privileged service accounts) are prevented from accessing the internet, email and web services.
   section-code: "2"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_codebuild_project_environment_privileged_mode_disabled
   - aws_ecs_task_definition_container_non_privileged

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_3.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-5.3: Restrict administrative privileges ML1"
   description: Privileged users use separate privileged and unprivileged operating environments.
   section-code: "3"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_codebuild_project_environment_privileged_mode_disabled
   - aws_codebuild_project_source_repo_oauth_configured

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_4.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-5.4: Restrict administrative privileges ML1"
   description: Unprivileged accounts cannot logon to privileged operating environments.
   section-code: "4"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_codebuild_project_source_repo_oauth_configured
   - aws_ec2_instance_iam_profile_attached

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_5_5.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-5.5: Restrict administrative privileges ML1"
   description: Privileged accounts (excluding local administrator accounts) cannot logon to unprivileged operating environments.
   section-code: "5"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_codebuild_project_environment_privileged_mode_disabled
   - aws_codebuild_project_source_repo_oauth_configured

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-6: Patch operating systems ML1"
   description: The patching of operating systems is the practice of applying patches, updates or vendor mitigations to security vulnerabilities in operating systems.
   section-code: "6"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_1_6_2
   - id: aws_acsc_essential_eight_ml_1_6_3

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_2.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-6.2: Patch operating systems ML1"
   description: A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities.
   section-code: "2"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_1test
   - aws_ecr_repository_image_scan_on_push_enabled

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_3.yaml

@@ -3,9 +3,5 @@ control-group:
   title: "ACSC-EE-ML1-6.3: Patch operating systems ML1"
   description: A vulnerability scanner is used at least daily to identify missing patches or updates for security vulnerabilities in operating systems of internet-facing services.
   section-code: "3"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_ecr_repository_image_scan_on_push_enabled

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_4.yaml

@@ -3,9 +3,5 @@ control-group:
   title: "ACSC-EE-ML1-6.4: Patch operating systems ML1"
   description: A vulnerability scanner is used at least fortnightly to identify missing patches or updates for security vulnerabilities in operating systems of workstations, servers and network devices.
   section-code: "4"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_ecr_repository_image_scan_on_push_enabled

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_5.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-6.5: Patch operating systems ML1"
   description: Patches, updates or vendor mitigations for security vulnerabilities in operating systems of internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists.
   section-code: "5"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_ecs_service_fargate_using_latest_platform_version
   - aws_eks_cluster_with_latest_kubernetes_version

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_6.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-6.6: Patch operating systems ML1"
   description: Patches, updates or vendor mitigations for security vulnerabilities in operating systems of workstations, servers and network devices are applied within one month of release.
   section-code: "6"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_ecs_service_fargate_using_latest_platform_version
   - aws_eks_cluster_with_latest_kubernetes_version

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_6_7.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-6.7: Patch operating systems ML1"
   description: Operating systems that are no longer supported by vendors are replaced.
   section-code: "7"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_ecs_service_fargate_using_latest_platform_version
   - aws_eks_cluster_with_latest_kubernetes_version

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-7: Application control ML1"
   description: Application control is the practice of restricting the execution of applications to those that have been authorised and are known to be secure.
   section-code: "7"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_1_7_1
   - id: aws_acsc_essential_eight_ml_1_7_2

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_1.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-7.1: Multi-factor authentication ML1"
   description: Multi-factor authentication is used by an organisation's users if they authenticate to their organisations internet-facing services.
   section-code: "1"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_iam_root_user_hardware_mfa_enabled
   - aws_iam_root_user_mfa_enabled

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_2.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-7.2: Multi-factor authentication ML1"
   description: Multi-factor authentication is used by an organisations users if they authenticate to third-party internet-facing services that process, store or communicate their organisation's sensitive data.
   section-code: "2"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_iam_root_user_hardware_mfa_enabled
   - aws_iam_root_user_mfa_enabled

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_3.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-7.3: Multi-factor authentication ML1"
   description: Multi-factor authentication (where available) is used by an organisations users if they authenticate to third-party internet-facing services that process, store or communicate their organisation's non-sensitive data.
   section-code: "3"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_iam_root_user_hardware_mfa_enabled
   - aws_iam_root_user_mfa_enabled

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_7_4.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-7.4: Multi-factor authentication ML1"
   description: Multi-factor authentication is enabled by default for non-organisational users (but users can choose to opt out) if they authenticate to an organisations internet-facing services.
   section-code: "4"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_iam_root_user_hardware_mfa_enabled
   - aws_iam_root_user_mfa_enabled

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-8: Regular backups ML1"
   description: Regular backups of important data, software and configuration settings are performed and retained with a frequency and retention timeframe in accordance with business continuity requirements.
   section-code: "8"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_1_8_1
   - id: aws_acsc_essential_eight_ml_1_8_2

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_1.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-8.1: Regular backups ML1"
   description: Backups of important data, software and configuration settings are performed and retained with a frequency and retention timeframe in accordance with business continuity requirements.
   section-code: "1"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_backup_plan_min_retention_35_days
   - aws_backup_recovery_point_min_retention_35_days

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_2.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-8.2: Regular backups ML1"
   description: Backups of important data, software and configuration settings are synchronised to enable restoration to a common point in time.
   section-code: "2"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_backup_plan_min_retention_35_days
   - aws_backup_recovery_point_min_retention_35_days

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_3.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-8.3: Regular backups ML1"
   description: Backups of important data, software and configuration settings are retained in a secure and resilient manner.
   section-code: "3"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_backup_plan_min_retention_35_days
   - aws_backup_recovery_point_min_retention_35_days

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_5.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-8.5: Regular backups ML1"
   description: Unprivileged accounts cannot access backups belonging to other accounts.
   section-code: "5"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_codebuild_project_source_repo_oauth_configured
   - aws_ec2_instance_iam_profile_attached

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_1_8_6.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML1-8.6: Regular backups ML1"
   description: Unprivileged accounts are prevented from modifying and deleting backups.
   section-code: "6"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_codebuild_project_source_repo_oauth_configured
   - aws_ec2_instance_iam_profile_attached

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2.yaml

@@ -3,10 +3,6 @@ control-group:
   title: ACSC Essential Eight Maturity Level 2
   description: The Essential Eight Maturity Model is a prioritised list of strategies to mitigate cyber security incidents. The model consists of 8 essential strategies that organisations can implement to protect their systems from a range of adversaries.
   section-code: ml_2
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_2_1
   - id: aws_acsc_essential_eight_ml_2_2

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_1.yaml

@@ -3,9 +3,5 @@ control-group:
   title: "ACSC-EE-ML2-1: Patch applications ML2"
   description: An automated method of asset discovery is used at least weekly to support the detection of assets for subsequent vulnerability scanning activities.
   section-code: "1"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_2_1_3

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_1_3.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML2-1.3: Application control ML2"
   description: Allowed and blocked execution events on workstations and internet-facing servers are logged.
   section-code: "3"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_apigateway_rest_api_stage_xray_tracing_enabled
   - aws_apigateway_stage_logging_enabled

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_2.yaml

@@ -3,9 +3,5 @@ control-group:
   title: "ACSC-EE-ML2-2: Patch operating systems ML2"
   description: An automated method of asset discovery is used at least weekly to support the detection of assets for subsequent vulnerability scanning activities.
   section-code: "2"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_2_2_5

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_2_5.yaml

@@ -3,9 +3,5 @@ control-group:
   title: "ACSC-EE-ML2-2.5: Patch applications ML2"
   description: A vulnerability scanner is used at least fortnightly to identify missing patches or updates for security vulnerabilities in other applications.
   section-code: "5"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_ecr_repository_image_scan_on_push_enabled

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML2-5: Restrict administrative privileges ML2"
   description: Requests for privileged access to systems and applications are validated when first requested.
   section-code: "5"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   control-group:
   - id: aws_acsc_essential_eight_ml_2_5_2
   - id: aws_acsc_essential_eight_ml_2_5_3

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_10.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML2-5.10: Restrict administrative privileges ML2"
   description: Credentials for local administrator accounts and service accounts are long, unique, unpredictable and managed.
   section-code: "10"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_codebuild_project_environment_privileged_mode_disabled
   - aws_ecs_task_definition_container_non_privileged

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_11.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML2-5.11: Restrict administrative privileges ML2"
   description: Privileged access events are logged.
   section-code: "11"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_apigateway_rest_api_stage_xray_tracing_enabled
   - aws_apigateway_stage_logging_enabled

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_12.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML2-5.12: Restrict administrative privileges ML2"
   description: Privileged account and group management events are logged.
   section-code: "12"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_apigateway_rest_api_stage_xray_tracing_enabled
   - aws_apigateway_stage_logging_enabled

compliance/frameworks/aws/aws_acsc_essential_eight/aws_acsc_essential_eight_ml_2_5_2.yaml

@@ -3,10 +3,6 @@ control-group:
   title: "ACSC-EE-ML2-5.2: Restrict administrative privileges ML2"
   description: Privileged access to systems and applications is automatically disabled after 12 months unless revalidated.
   section-code: "2"
-  defaults:
-    auto-assign: null
-    enabled: false
-    tracks-drift-events: false
   controls:
   - aws_account_part_of_organizations
   - aws_backup_recovery_point_manual_deletion_disabled