Create a Post
jsimoni
Participant

AWS CIS Foundations v. 1.3.0

When will Check Point publish a RuleSet for AWS CIS Foundations v. 1.3.0?

0 Kudos
9 Replies
Omer_Shliva
Employee
Employee

The release of AWS CIS Foundations v. 1.3.0 is planned to occur in Q1 2021.

Please follow Cloud Security Posture Management release notes.

0 Kudos
jsimoni
Participant

Is there any ability to contribute to the development of RuleSets?  I'd be interested in contributing to potentially help deliver that capability to the community sooner.

0 Kudos
Omer_Shliva
Employee
Employee

0 Kudos
jsimoni
Participant

where is the repo that I can contribute to?

0 Kudos
Omer_Shliva
Employee
Employee

You can email me as an attachment for now.

omersh@checkpoint.com

0 Kudos
Chris_Beckett1
Employee Alumnus
Employee Alumnus

Available now!

jsimoni
Participant

Unfortunately there are significant gaps in CheckPoint's implementation of the CIS v1.3 checks.  There are checks that you had v1.2 that are still relevant in v1.3 that weren't included.  For example, CIS v1.3 Recommendation 1.4 - Ensure no root user account access key exists, which was included in the CheckPoint CIS v1.2 RuleSet.

https://gsl.dome9.com/D9.AWS.IAM.16.html

0 Kudos
Omer_Shliva
Employee
Employee

Thank you, we will add it.

Have you seen another gap between the versions?

0 Kudos
jsimoni
Participant

Here are the gaps I have found so far:

section #recommendation #CloudGuard?title
11.12Added from v1.2Ensure credentials unused for 90 days or greater are disabled
11.13CreatedEnsure there is only one active access key available for any single IAM user
11.14Added from v1.2Ensure access keys are rotated every 90 days or less
11.15Copied from CloudGuard Best PracticesEnsure IAM Users Receive Permissions Only Through Groups
11.16Added from v1.2Ensure IAM policies that allow full "*:*" administrative privileges are not attached
11.19CreatedEnsure that all the expired SSL/TLS certificates stored in AWS IAM are removed
11.20CreatedEnsure that S3 Buckets are configured with 'Block public access (bucket settings)'
11.21CreatedEnsure that IAM Access analyzer is enabled
11.22CreatedEnsure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
11.4Added from v1.2Ensure no root user account access key exists
11.5Added from v1.2Ensure MFA is enabled for the "root user" account
11.6Added from v1.2Ensure hardware MFA is enabled for the "root user" account
11.7Added from v1.2Eliminate use of the root user for administrative and daily tasks
2.12.1.1Copied from CloudGuard Best PracticesEnsure all S3 buckets employ encryption-at-rest
2.12.1.2Copied from AWS CloudGuard S3 Bucket SecurityEnsure S3 Bucket Policy allows HTTPS requests
33.1Doesn't align with CISEnsure CloudTrail is enabled in all regions
33.10CreatedEnsure that Object-level logging for write events is enabled for S3 bucket
33.11CreatedEnsure that Object-level logging for read events is enabled for S3 bucket
33.2CreatedEnsure CloudTrail log file validation is enabled
0 Kudos