- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- CNAPP
- :
- AWS CIS Foundations v. 1.3.0
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AWS CIS Foundations v. 1.3.0
When will Check Point publish a RuleSet for AWS CIS Foundations v. 1.3.0?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The release of AWS CIS Foundations v. 1.3.0 is planned to occur in Q1 2021.
Please follow Cloud Security Posture Management release notes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there any ability to contribute to the development of RuleSets? I'd be interested in contributing to potentially help deliver that capability to the community sooner.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
where is the repo that I can contribute to?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can email me as an attachment for now.
omersh@checkpoint.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Available now!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately there are significant gaps in CheckPoint's implementation of the CIS v1.3 checks. There are checks that you had v1.2 that are still relevant in v1.3 that weren't included. For example, CIS v1.3 Recommendation 1.4 - Ensure no root user account access key exists, which was included in the CheckPoint CIS v1.2 RuleSet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you, we will add it.
Have you seen another gap between the versions?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here are the gaps I have found so far:
section # | recommendation # | CloudGuard? | title |
1 | 1.12 | Added from v1.2 | Ensure credentials unused for 90 days or greater are disabled |
1 | 1.13 | Created | Ensure there is only one active access key available for any single IAM user |
1 | 1.14 | Added from v1.2 | Ensure access keys are rotated every 90 days or less |
1 | 1.15 | Copied from CloudGuard Best Practices | Ensure IAM Users Receive Permissions Only Through Groups |
1 | 1.16 | Added from v1.2 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached |
1 | 1.19 | Created | Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed |
1 | 1.20 | Created | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' |
1 | 1.21 | Created | Ensure that IAM Access analyzer is enabled |
1 | 1.22 | Created | Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments |
1 | 1.4 | Added from v1.2 | Ensure no root user account access key exists |
1 | 1.5 | Added from v1.2 | Ensure MFA is enabled for the "root user" account |
1 | 1.6 | Added from v1.2 | Ensure hardware MFA is enabled for the "root user" account |
1 | 1.7 | Added from v1.2 | Eliminate use of the root user for administrative and daily tasks |
2.1 | 2.1.1 | Copied from CloudGuard Best Practices | Ensure all S3 buckets employ encryption-at-rest |
2.1 | 2.1.2 | Copied from AWS CloudGuard S3 Bucket Security | Ensure S3 Bucket Policy allows HTTPS requests |
3 | 3.1 | Doesn't align with CIS | Ensure CloudTrail is enabled in all regions |
3 | 3.10 | Created | Ensure that Object-level logging for write events is enabled for S3 bucket |
3 | 3.11 | Created | Ensure that Object-level logging for read events is enabled for S3 bucket |
3 | 3.2 | Created | Ensure CloudTrail log file validation is enabled |