This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jsimoni
Participant
‎2020-11-11 04:06 AM

AWS CIS Foundations v. 1.3.0

When will Check Point publish a RuleSet for AWS CIS Foundations v. 1.3.0?

0 Kudos
9 Replies
Omer_Shliva
Employee
Employee
‎2020-11-11 08:33 AM

The release of AWS CIS Foundations v. 1.3.0 is planned to occur in Q1 2021.

Please follow Cloud Security Posture Management release notes.

0 Kudos
jsimoni
Participant
‎2020-11-12 04:08 AM
In response to Omer_Shliva

Is there any ability to contribute to the development of RuleSets?  I'd be interested in contributing to potentially help deliver that capability to the community sooner.

0 Kudos
Omer_Shliva
Employee
Employee
‎2020-11-12 06:53 AM
In response to jsimoni

0 Kudos
jsimoni
Participant
‎2020-11-12 06:55 AM
In response to Omer_Shliva

where is the repo that I can contribute to?

0 Kudos
Omer_Shliva
Employee
Employee
‎2020-11-12 07:01 AM
In response to jsimoni

You can email me as an attachment for now.

omersh@checkpoint.com

0 Kudos
Chris_Beckett1
Employee Alumnus
Employee Alumnus
‎2020-12-08 07:00 AM

Available now!

jsimoni
Participant
‎2020-12-11 10:51 AM
In response to Chris_Beckett1

Unfortunately there are significant gaps in CheckPoint's implementation of the CIS v1.3 checks.  There are checks that you had v1.2 that are still relevant in v1.3 that weren't included.  For example, CIS v1.3 Recommendation 1.4 - Ensure no root user account access key exists, which was included in the CheckPoint CIS v1.2 RuleSet.

https://gsl.dome9.com/D9.AWS.IAM.16.html

0 Kudos
Omer_Shliva
Employee
Employee
‎2020-12-11 11:26 AM
In response to jsimoni

Thank you, we will add it.

Have you seen another gap between the versions?

0 Kudos
jsimoni
Participant
‎2020-12-21 07:48 AM
In response to Omer_Shliva

Here are the gaps I have found so far:

section #recommendation #CloudGuard?title
11.12Added from v1.2Ensure credentials unused for 90 days or greater are disabled
11.13CreatedEnsure there is only one active access key available for any single IAM user
11.14Added from v1.2Ensure access keys are rotated every 90 days or less
11.15Copied from CloudGuard Best PracticesEnsure IAM Users Receive Permissions Only Through Groups
11.16Added from v1.2Ensure IAM policies that allow full "*:*" administrative privileges are not attached
11.19CreatedEnsure that all the expired SSL/TLS certificates stored in AWS IAM are removed
11.20CreatedEnsure that S3 Buckets are configured with 'Block public access (bucket settings)'
11.21CreatedEnsure that IAM Access analyzer is enabled
11.22CreatedEnsure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
11.4Added from v1.2Ensure no root user account access key exists
11.5Added from v1.2Ensure MFA is enabled for the "root user" account
11.6Added from v1.2Ensure hardware MFA is enabled for the "root user" account
11.7Added from v1.2Eliminate use of the root user for administrative and daily tasks
2.12.1.1Copied from CloudGuard Best PracticesEnsure all S3 buckets employ encryption-at-rest
2.12.1.2Copied from AWS CloudGuard S3 Bucket SecurityEnsure S3 Bucket Policy allows HTTPS requests
33.1Doesn't align with CISEnsure CloudTrail is enabled in all regions
33.10CreatedEnsure that Object-level logging for write events is enabled for S3 bucket
33.11CreatedEnsure that Object-level logging for read events is enabled for S3 bucket
33.2CreatedEnsure CloudTrail log file validation is enabled
0 Kudos
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events