CloudWiki

ISO 27001

Visit Website

ISO 27001 is an international standard on how to manage information security. It specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) within the context of the organization. The aim of which is to help organizations make the information assets they hold more secure. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005 and then revised in 2013.

Compliance checks for Amazon Web Services

Warning
Ensure IAM policies that allow over privileges access to data are not created
Critical
Ensure root user has mfa enabled
Warning
Resource is Internet facing
Warning
Resource is Internet facing via NLB
Warning
Resource is Internet facing via ELB
Warning
Resource is Internet facing via ALB
Critical
Ensure no root account access key exists
Critical
Ensure there is no unrestricted inbound access to TCP port 22 (SSH)
Critical
Ensure there is no unrestricted inbound access to TCP port 3389 (RDP)
Critical
Ensure IAM password policy expires passwords within 90 days or less
Warning
Ensure IAM password policy requires minimum length of 14 or greater
Warning
Ensure IAM password policy require at least one symbol
Warning
Ensure IAM password policy requires at least one uppercase letter
Warning
Ensure IAM password policy require at least one number
Warning
Ensure IAM password policy require at least one lowercase letter
Warning
Ensure IAM password policy prevents password reuse
Critical
Ensure EKS Public access is restricted to specific sources
Critical
Ensure IAM policies that allow full "*:*" administrative privileges are not created
Warning
Ensure that S3 Buckets are configured with "Block public access"
Critical
S3 inline policy is over permissive
Warning
Ensure IAM users receive permissions only through groups
Warning
Ensure VPC flow logging is enabled in all VPCs
Warning
Ensure default security groups do not allow unrestricted traffic
Critical
Ensure all IAM users with console access have MFA enabled
Info
Resource has access to S3 bucket
Warning
Ensure EBS volumes are encrypted
Critical
Ensure the S3 bucket for CloudTrail logs is not publicly accessible
Warning
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket