CLOUD KNOWLEDGE BASE

Cloud security articles

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
CIS AWS 4.5
Ensure CloudTrail configuration changes are monitored
CIS AWS 3.1
Ensure CloudTrail is enabled in all regions
CIS AWS 3.2
Ensure CloudTrail log file validation is enabled
CIS AWS 3.5
Ensure CloudTrail logs are encrypted at rest using KMS CMKs
CIS AWS 2.2.1
Ensure EBS Volume Encryption is Enabled in all Regions
CIS AWS 1.9
Ensure IAM password policy prevents password reuse
CIS AWS 4.4
Ensure IAM policy changes are monitored
CIS AWS 2.1.2
Ensure MFA Delete is enabled on S3 buckets
CIS AWS 1.5
Ensure MFA is enabled for the 'root' user account
CIS AWS 2.1.1
Ensure S3 Bucket Policy is set to deny HTTP requests
CIS AWS 4.8
Ensure S3 bucket policy changes are monitored
CIS AWS 4.14
Ensure VPC changes are monitored
CIS AWS 3.7
Ensure VPC flow logging is enabled in all VPCs
CIS AWS 1.14
Ensure access keys are rotated every 90 days or less
CIS AWS 1.22
Ensure access to AWSCloudShellFullAccess is restricted
CIS AWS 4.12
Ensure changes to network gateways are monitored
CIS AWS 1.6
Ensure hardware MFA is enabled for the 'root' user account
CIS AWS 4.2
Ensure management console sign-in without MFA is monitored
CIS AWS 1.4
Ensure no 'root' user account access key exists
CIS AWS 4.13
Ensure route table changes are monitored
CIS AWS 5.5
Ensure routing tables for VPC peering are "least access"
CIS AWS 1.2
Ensure security contact information is registered
CIS AWS 4.10
Ensure security group changes are monitored
CIS AWS 1.3
Ensure security questions are registered in the AWS account
CIS AWS 5.6
Ensure that EC2 Metadata Service only allows IMDSv2
CIS AWS 1.20
Ensure that IAM Access analyzer is enabled for all regions
CIS AWS 2.4.1
Ensure that encryption is enabled for EFS file systems
CIS AWS 2.3.1
Ensure that encryption-at-rest is enabled for RDS Instances
CIS AWS 2.3.3
Ensure that public access is not given to RDS Instance
CIS AWS 4.1
Ensure unauthorized API calls are monitored
CIS AWS 4.3
Ensure usage of 'root' account is monitored
CIS AWS 1.15
Ensure-iam-users-receive-permissions-only-through-groups
CSA CCM DCS-13
Environmental Systems | Plerion
CSA CCM DCS-08
Equipment Identification | Plerion
CSA CCM DCS-15
Equipment Location | Plerion
CSA CCM BCR-11
Equipment Redundancy | Plerion
CSA CCM SEF-06
Event Triage Processes | Plerion
CSA CCM CCC-08
Exception Management | Plerion
CSA CCM TVM-05
External Library Vulnerabilities
CSA CCM LOG-13
Failures and Anomalies Reporting
CSA CCM GRC-01
Governance Program Policy and Procedures
CSA CCM GRC-06
Governance Responsibility Model
CSA CCM IAM-03
Identity Inventory | Plerion
CSA CCM IAM-01
Identity and Access Management Policy and Procedures
CSA CCM SEF-05
Incident Response Metrics | Plerion
CSA CCM SEF-03
Incident Response Plans | Plerion
CSA CCM SEF-04
Incident Response Testing | Plerion
CSA CCM A&A-02
Independent Assessments | Plerion
CSA CCM GRC-05
Information Security Program | Plerion
CSA CCM GRC-07
Information System Regulatory Mapping
CSA CCM IVS-01
Infrastructure and Virtualization Security Policy Guidelines
CSA CCM STA-11
Internal Compliance Testing | Plerion
CSA CCM IPY-01
Interoperability and Portability Policy and Procedures
CSA CCM CEK-15
Key Activation | Plerion
CSA CCM CEK-18
Key Archival | Plerion
CSA CCM CEK-19
Key Compromise | Plerion
CSA CCM CEK-17
Key Deactivation | Plerion
CSA CCM CEK-14
Key Destruction | Plerion
CSA CCM CEK-10
Key Generation | Plerion
CSA CCM CEK-21
Key Inventory Management | Plerion
CSA CCM CEK-11
Key Purpose | Plerion
CSA CCM CEK-20
Key Recovery | Plerion
CSA CCM CEK-13
Key Revocation | Plerion
CSA CCM CEK-12
Key Rotation | Plerion
CSA CCM CEK-16
Key Suspension | Plerion
CSA CCM IAM-05
Least Privilege | Plerion
CIS AWS 1.13
Limit IAM Users to One Active Access Key at a Time
CSA CCM DSP-15
Limitation of Production Data Use
CSA CCM DSP-12
Limitation of Purpose in Personal Data Processing
CSA CCM LOG-09
Log Protection | Plerion
CSA CCM LOG-08
Log Records | Plerion
CSA CCM LOG-07
Logging Scope | Plerion
CSA CCM LOG-01
Logging and Monitoring Policy and Procedures
CIS AWS 1.1
Maintain current contact details
CSA CCM TVM-02
Malware Protection Policy and Procedures
CIS AWS 1.21
Manage IAM Users via Identity Federation or AWS Organizations
CSA CCM IAM-10
Management of Privileged Access Roles
CSA CCM IVS-07
Migration to Cloud Environments
CIS AWS 4.6
Monitor AWS Management Console Authentication Failures
CIS AWS 4.11
Monitor Changes to Network Access Control Lists (NACLs)
CIS AWS 4.7
Monitor Deletion or Disabling of Customer-Created CMKs
CSA CCM IVS-08
Network Architecture Documentation
CSA CCM IVS-09
Network Defense | Plerion
CSA CCM IVS-03
Network Security | Plerion
CSA CCM HRS-10
Non-Disclosure Agreements | Plerion
CSA CCM IVS-04
OS Hardening and Base Controls
CSA CCM DCS-01
Off-Site Equipment Disposal Policy and Procedures
CSA CCM DCS-02
Off-Site Transfer Authorization Policy and Procedures
CSA CCM UEM-07
Operating Systems | Plerion
CSA CCM GRC-03
Organizational Policy Reviews | Plerion
CSA CCM IAM-15
Passwords Management | Plerion
CSA CCM TVM-06
Penetration Testing | Plerion
CSA CCM DSP-11
Personal Data Access, Reversal, Rectification and Deletion
CSA CCM DSP-13
Personal Data Sub-processing | Plerion
CSA CCM HRS-12
Personal and Sensitive Data Awareness and Training
CSA CCM HRS-09
Personnel Roles and Responsibilities
CSA CCM SEF-08
Points of Contact Maintenance | Plerion
CSA CCM GRC-04
Policy Exception Process | Plerion
CSA CCM STA-09
Primary Service and Contractual Agreement
CSA CCM IVS-05
Production and Non-Production Environments
Blog

Learn cloud security with our research blog

Your Queues, Your Responsibility | Plerion
August 20, 2024
Things you wish you didn't need to know about S3
May 30, 2024
S3 Bucket Encryption Doesn't Work The Way You Think It Works
April 19, 2024
Read more