Scribd Logo
Upload

Welcome to Scribd!

  • 70 views

    Compliance Summary 2021 10 17 20 15

    Uploaded by

    Nithin j
    This document provides a compliance summary for an AWS account. It found a compliance score of 19% with 43 policies, of which 8 passed and 35 failed. The inventory included over 200,000 resources, with over half failing compliance checks. The top areas of non-compliance were identity and access management (passing only 6 of 17 policies) and logging (passing none of 9 policies). The accounts with the worst compliance scores were listed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Compliance Summary 2021 10 17 20 15

    Uploaded by

    Nithin j
    70 views12 pages
    This document provides a compliance summary for an AWS account. It found a compliance score of 19% with 43 policies, of which 8 passed and 35 failed. The inventory included over 200,000 resources, with over half failing compliance checks. The top areas of non-compliance were identity and access management (passing only 6 of 17 policies) and logging (passing none of 9 policies). The accounts with the worst compliance scores were listed.

    Original Description:

    Original Title

    COMPLIANCE_SUMMARY_2021_10_17_20_15

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a compliance summary for an AWS account. It found a compliance score of 19% with 43 policies, of which 8 passed and 35 failed. The inventory included over 200,000 resources, with over half failing compliance checks. The top areas of non-compliance were identity and access management (passing only 6 of 17 policies) and logging (passing none of 9 policies). The accounts with the worst compliance scores were listed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    70 views12 pages

    Compliance Summary 2021 10 17 20 15

    Uploaded by

    Nithin j
    This document provides a compliance summary for an AWS account. It found a compliance score of 19% with 43 policies, of which 8 passed and 35 failed. The inventory included over 200,000 resources, with over half failing compliance checks. The top areas of non-compliance were identity and access management (passing only 6 of 17 policies) and logging (passing none of 9 policies). The accounts with the worst compliance scores were listed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 12

    Compliance Summary

    Anil-TestReport
    Created For :
    C3M Solutions

    Package Name :
    AWS CIS BENCHMARK V1.2.0

    Cloud Accounts :
    AWS : 1607

    Created Time :
    Oct 17, 2021 08:15 PM UTC

    Powered by C3M Confidential


    Compliance Summary

    BRIEF SUMMARY

    Compliance Score

    19%

    Policies
    Total Policies Passed Policies Failed Policies
    Critical 1

    43 8 35 High
    Medium
    26
    7
    Low 1

    Inventory
    Total Passed Failed

    226740 172963 53777

    Powered by C3M, LLC Page 1 Confidential


    Compliance Summary

    INVENTORY SUMMARY

    Resource Type Total Passed Failed Service Type


    EC2 Instances 2 Compute

    IAM Policies 3458 Identity & Access Manage…

    IAM Users 43457 43354 103 Identity & Access Manage…

    CloudTrail 46 0 46 Management & Governan…

    Security Groups 151668 126093 25575 Networking

    VPC 25733 16 25717 Networking

    Web Application Firewalls 5 2 3 Networking

    CMK 67 13 54 Security & Compliance

    S3 Buckets 697 25 672 Storage

    Powered by C3M, LLC Page 2 Confidential


    Compliance Summary

    ACCOUNTS SUMMARY (showing top 10 non-compliant accounts)

    Accounts Compliance

    fling-m 26% 11/43

    fling-k 28% 12/43

    fling-t 28% 12/43

    fling-r 30% 13/43

    fling-o 30% 13/43

    fling-q 30% 13/43

    c3m-demo-10 33% 14/43

    fling-L 33% 14/43

    fling-p 33% 14/43

    load-test-1704 33% 14/43

    Powered by C3M, LLC Page 3 Confidential


    Compliance Summary

    CONTROLS SUMMARY

    Control Compliance

    1. Identity and Access Management 6/17

    2. Logging 0/9

    3. Monitoring 0/14

    4. Networking 2/3

    Powered by C3M, LLC Page 4 Confidential


    Compliance Summary

    EVALUATION SUMMARY

    1. Identity and Access Management 6/17

    Policy Name Compliance Passed Failed


    Ensure hardware MFA is enabled for the "root" account
    1 1606

    Ensure IAM password policy expires passwords within 90


    days or less 1607 0

    Ensure IAM user with console access should have MFA


    enabled 43444 13

    Ensure MFA is enabled for the "root" account


    1 1606

    Avoid the use of the "root" account


    1607 0

    Ensure IAM password policy prevents password reuse


    1607 0

    Ensure IAM user is not directly attached to policies


    43396 61

    Ensure IAM password policy require at least one lowercase


    letter 2 1605

    Do not set up access keys during initial user setup for all
    IAM users that have a console password 43457 0

    Ensure IAM user access keys are rotated within 90 days or


    less 43379 78

    Ensure IAM password policy requires at least one uppercase


    letter 2 1605

    Ensure IAM password policy require at least one number


    6 1601

    Powered by C3M, LLC Page 5 Confidential


    Compliance Summary

    EVALUATION SUMMARY

    1. Identity and Access Management 6/17

    Policy Name Compliance Passed Failed


    Ensure IAM policies that allow full "*:*" administrative
    privileges are not created 3458 0

    Ensure no root account access key exists


    1607 0

    Ensure IAM password policy requires a minimum length of


    14 or greater 1603 4

    Ensure IAM password policy require at least one symbol


    2 1605

    Ensure credentials unused for 90 days or greater are


    disabled 43380 77

    Powered by C3M, LLC Page 6 Confidential


    Compliance Summary

    EVALUATION SUMMARY

    2. Logging 0/9

    Policy Name Compliance Passed Failed


    Ensure CloudTrail log file validation is enabled
    34 12

    Ensure cloud trails logs are encrypted at rest using AWS


    KMS customer master keys (CMKs) 14 32

    Ensure VPC Flow Logs are enabled


    16 25717

    Ensure Sampled requests is enabled for Web ACL rules


    2 3

    Ensure CloudTrail logs are pushed to S3 bucket that has


    access logging enabled 0 46

    Ensure CloudTrail is enabled in all regions


    14 1593

    Ensure CloudTrail trails are integrated with CloudWatch Logs


    7 39

    Ensure rotation of keys is enabled for customer managed


    CMKs 13 54

    Ensure S3 buckets enable server access logging


    25 672

    Powered by C3M, LLC Page 7 Confidential


    Compliance Summary

    EVALUATION SUMMARY

    3. Monitoring 0/14

    Policy Name Compliance Passed Failed


    Ensure a log metric filter and alarm exist for Management
    Console sign-in without MFA 0 1607

    Ensure a log metric filter and alarm exist for changes to


    Network Access Control Lists (NACL) 0 1607

    Ensure a log metric filter and alarm exist for usage of "root"
    account 0 1607

    Ensure a log metric filter and alarm exist for unauthorized


    API calls 0 1607

    Ensure a log metric filter and alarm exist for S3 bucket


    policy changes 1 1606

    Ensure a log metric filter and alarm exist for VPC changes
    0 1607

    Ensure a log metric filter and alarm exist for CloudTrail


    configuration changes 1 1606

    Ensure a log metric filter and alarm exist for route table
    changes 0 1607

    Ensure a log metric filter and alarm exist for changes to


    network gateways 0 1607

    Ensure a log metric filter and alarm exist for IAM policy
    changes 1 1606

    Ensure a log metric filter and alarm exist for disabling or


    scheduled deletion of customer created CMKs 0 1607

    Ensure a log metric filter and alarm exist for security group
    changes 1 1606

    Powered by C3M, LLC Page 8 Confidential


    Compliance Summary

    EVALUATION SUMMARY

    3. Monitoring 0/14

    Policy Name Compliance Passed Failed


    Ensure a log metric filter and alarm exist for AWS Config
    configuration changes 0 1607

    Ensure a log metric filter and alarm exist for AWS


    Management Console authentication failures 0 1607

    Powered by C3M, LLC Page 9 Confidential


    Compliance Summary

    EVALUATION SUMMARY

    4. Networking 2/3

    Policy Name Compliance Passed Failed


    Ensure no rules exist in the default Security Group
    126093 25575

    Ensure no EC2 Instance allows Public access on SSH port 22


    2 0

    Ensure no EC2 Instance allows Public access on RDP port


    3389 2 0

    Powered by C3M, LLC Page 10 Confidential


    Compliance Summary

    Disclaimer

    The report generated for the compliance assessment is indicative and based on the assessment period, mapped controls, and
    does not in any way indicate complete compliance with a specific standard or regulation. C3M does not certify your compliance
    against any particular standard since all of them involve some level of MANUAL checks which must be completed outside of our
    system.

    Powered by C3M, LLC Page 11 Confidential

    You might also like