CloudWiki

ISO 27701

Visit Website

ISO 27701 is an international standard, which is a privacy extension to ISO 27001, that defines the framework for how personally identifiable information should be managed. It specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS).

Compliance checks for Amazon Web Services

Critical
Ensure there is no unrestricted inbound access to TCP port 27017 (MongoDB)
Critical
Ensure there is no unrestricted inbound access to TCP port 9300 (ElasticSearch)
Critical
Ensure there is no unrestricted inbound access to TCP port 9200 (ElasticSearch)
Critical
Ensure there is no unrestricted inbound access to TCP port 6379 (Redis)
Critical
Ensure there is no unrestricted inbound access to TCP port 1521 (OracleDB)
Critical
Ensure there is no unrestricted inbound access to TCP port 8888 (Cassandra)
Critical
Ensure there is no unrestricted inbound access to TCP port 11211 (Memcached)
Critical
Ensure there is no unrestricted inbound access to TCP port 61621 (Cassandra)
Critical
Ensure there is no unrestricted inbound access to TCP port 7000 (Cassandra Internode)
Critical
Ensure there is no unrestricted inbound access to TCP port 61620 (OpsCenter)
Info
Route Table changes alarm
Warning
Ensure SageMaker Notebook Direct Internet Access is disabled
Critical
Ensure EBS snapshots are not publicly accessible
Critical
Ensure EC2 AMIs are not publicly accessible
Warning
Ensure EMR clusters are encrypted in-transit and at-rest
Critical
Ensure MSK (Kafka) broker instances are not publicly accessible
Critical
EC2 with Admin access (*:*)
Warning
Ensure SNS is not publicly accessible
Warning
Ensure SQS is not publicly accessible
Warning
Ensure Kubernetes API servers are not publicly accessible
Critical
Ensure Lambda functions prohibit public access
Warning
Ensure RDS database instances are not publicly accessible
Warning
Ensure MSK (Kafka) clusters have encryption in transit enabled between clients and brokers using TLS
Warning
Ensure MSK (Kafka) clusters have encryption in transit enabled between brokers within a cluster
Critical
Ensure the S3 bucket for CloudTrail logs is not publicly accessible