Dome9 Ruleset Change Resulting in New Critical Findings
Hello fellow CheckMates,
I've recently joined this community so dipping a toe in with a first post.
CheckPoint CloudGuard Dome9 recently changed their Posture Management Policy Ruleset AWS ISO 27001:2013 ruleset (changed 15th March 2023). There were a number of rules that were 'upgraded' from severity High to Critical. This has resulted in our compliance having a significant number of Critical findings. There is one rule in particular that I don't understand why it's matching a number of our Security Groups as being non compliant. The rule is as follows:
Rule ID: D9.AWS.NET.08
Rule Name: Ensure no security groups allow ingress from 0.0.0.0/0 to ALL ports and protocols
I interpret this as meaning do not allow inbound traffic from ALL IP addresses to ALL ports and protocols.
I've checked all the Security Groups that are being reported as non-compliant to this rule and none of them permit inbound traffic from ALL IP addresses to ALL ports and protocols. Some of the Security Groups do permit traffic from ALL IP addresses to specific ports and protocols (e.g. port 443 protocol HTTPS where a public web server is hosted).
Am I misinterpreting this rule? Does it really mean "do not allow inbound traffic from ALL IP addresses to ANY port and protocol."?
Any help would be appreciated.