NIST

  1. Home
  2. NIST

National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5

[Work In Progress] The NIST Special Publication 800-53 Revision 5 provides a catalog of security and privacy controls for federal information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats including hostile cyber attacks, natural disasters, structural failures, and human errors.
Read more

Summary: [Not available:173] | [Compliant:73] | [Need Attention:23]

Breakdown

Framework. National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5

CategoryRule IDCompliance StatusDescriptionReference
Account.1Need Attention
[hasAlternateContact] - Configure AWS account contacts
  • [GLOBAL]Account::Config
Alternate Contact
Account.2Compliant
[hasOrganization]
ACM.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
APIGateway.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
APIGateway.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
APIGateway.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
APIGateway.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
APIGateway.5Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
APIGateway.8Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
APIGateway.9Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Appsync.5Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Autoscaling.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Autoscaling.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Autoscaling.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Autoscaling.5Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Autoscaling.6Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Autoscaling.9Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Backup.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
CloudFront.1Need Attention
[defaultRootObject] - Specify a default root object for your distribution.
  • [GLOBAL]Cloudfront::E2X390QMMYIRUF
AWS Docs
CloudFront.3Need Attention
[viewerPolicyHttps] - Configure one or more cache behaviors in your CloudFront distribution to require HTTPS for communication between viewers and CloudFront.
  • [GLOBAL]Cloudfront::E2X390QMMYIRUF
AWS Docs
CloudFront.4Need Attention
[originFailover] - Create an origin group with two origins: a primary and a secondary.
  • [GLOBAL]Cloudfront::E2X390QMMYIRUF
AWS Docs
CloudFront.5Need Attention
[accessLogging] - Enable CloudFront standard logs (access logs)
  • [GLOBAL]Cloudfront::E2X390QMMYIRUF
AWS Docs
CloudFront.6Need Attention
[WAFAssociation] - Use Web Application Firewall (WAF) for enhanced security.
  • [GLOBAL]Cloudfront::E2X390QMMYIRUF
AWS Docs
Developer Guide
CloudFront.7Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
CloudFront.8Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
CloudFront.9Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
CloudFront.10Compliant
[DeprecatedSSLProtocol]
CloudFront.12Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
CloudFront.13Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
CloudFront.14Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
CloudTrail.1Compliant
[HasOneMultiRegionTrail]
CloudTrail.2Need Attention
[RequiresKmsKey] - Enable SSE
  • [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE
Encrypt CloudTrail using AWS KMS
CloudTrail Security Best Practices
CloudTrail.4Compliant
[LogFileValidationEnabled]
CloudTrail.5Need Attention
[CloudWatchLogsLogGroupArn] - CloudWatch for CloudTrail
  • [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE
Using CloudWatch Logs with CloudTrail
CloudWatch.15Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
CloudWatch.16Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
CloudWatch.17Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
CodeBuild.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
CodeBuild.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
CodeBuild.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
CodeBuild.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Config.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
DMS.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
DMS.6Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
DMS.7Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
DMS.8Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
DMS.9Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
DocumentDB.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
DocumentDB.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
DocumentDB.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
DocumentDB.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
DocumentDB.5Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
DynamoDB.1Compliant
[autoScalingStatus]
DynamoDB.2Compliant
[disabledPointInTimeRecovery]
DynamoDB.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
DynamoDB.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
DynamoDB.5Compliant
[resourcesWithoutTags]
DynamoDB.6Compliant
[deleteTableProtection]
EC2.1Compliant
[EBSSnapshotIsPublic]
EC2.2Need Attention
[SGDefaultDisallowTraffic] - Default Security Group with Rules
  • [ap-southeast-1]SG::sg-34753642
  • [us-east-1]SG::sg-9b3e45a4
VPC default security group rules
EC2.3Compliant
[EBSInUse]
[EBSEncrypted]
EC2.4Compliant
[EC2Active]
EC2.5Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EC2.6Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EC2.7Compliant
[EBSEncrypted]
EC2.8Compliant
[ASGIMDSv2]
EC2.9Compliant
[EC2InstancePublicIP]
EC2.10Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EC2.12Compliant
[EC2EIPNotInUse]
EC2.13Compliant
[SGSensitivePortOpenToAll]
[SGAllPortOpenToAll]
EC2.15Compliant
[EC2SubnetAutoPublicIP]
EC2.16Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EC2.17Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EC2.18Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EC2.19Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EC2.20Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EC2.21Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EC2.23Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EC2.24Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EC2.25Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EC2.28Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EC2.51Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ECR.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ECR.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ECR.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ECS.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ECS.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ECS.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ECS.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ECS.5Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ECS.8Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ECS.9Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ECS.10Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ECS.12Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EFS.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EFS.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EFS.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EFS.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EKS.1Compliant
[eksEndpointPublicAccess]
EKS.2Compliant
[eksClusterVersionEol]
EKS.8Compliant
[eksClusterLogging]
ElastiCache.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ElastiCache.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ElastiCache.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ElastiCache.4Compliant
[EncInTransitAndRest]
ElastiCache.5Compliant
[EncInTransitAndRest]
ElastiCache.6Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ElastiCache.7Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ElasticBeanstalk.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ElasticBeanstalk.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ELB.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ELB.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ELB.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ELB.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ELB.5Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ELB.6Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ELB.7Compliant
[ELBConnectionDraining]
ELB.8Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ELB.9Compliant
[ELBCrossZone]
ELB.10Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ELB.12Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ELB.13Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ELB.14Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ELB.16Compliant
[ELBEnableWAF]
EMR.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EMR.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ES.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ES.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ES.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ES.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ES.5Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ES.6Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ES.7Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
ES.8Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EventBridge.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
EventBridge.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
FSx.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
GuardDuty.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
IAM.1Need Attention
[FullAdminAccess] - Limit permissions.
  • [GLOBAL]Role::AWSReservedSSO_AWSAdministratorAccess_fae89f7963febc98, Role::DojoEC2AdminRole, Role::EC2AdminRole, Role::itadmin, Role::OrganizationAccountAccessRole, Role::PACICloudFormationStackSetExecutionRole, Role::ServiceScreenerAutomationRole, Role::stacksets-exec-7ca18804340a75b25a831ca17fba8659
AWS Docs
Organization GuardRail Blog
IAM.2Need Attention
[userNotUsingGroup] - Place IAM user within User Group
  • [GLOBAL]User::kuettai
[InlinePolicy] - Use managed policies
  • [GLOBAL]User::kuettai, Role::AccessAnalyzerTrustedService, Role::AVMContainersUserRole, Role::awslogs.prod.kelex.molecule.toppatterns, Role::CloudSecAuditRole, Role::CloudSeerTrustedServiceRole, Role::CodeGuruProfilerForwardToAmazonProfiler, Role::CodeStarWorker-dojo-CloudFormation, Role::CodeStarWorker-dojo-ToolChain, Role::CodeStarWorker-dojo-WebApp, Role::Cognito_dojoIdPAuth_Role, Role::Cognito_dojoIdPUnauth_Role, Role::DocumentUnderstandingSolutionCICD-CodeBuildRole-26NRX1QIOV08, Role::EC2AdminRole, Role::IMDSv2-automigrator, Role::OrthancRole, Role::PACICloudFormationStackSetAdministrationRole, Role::SaltyTrustedService, Role::ServiceScreenerAssumeRole, Role::ShadowTrooperRole, Role::TurtleRoleManagement
IAM Group
AWS Docs
IAM.3Compliant
[hasAccessKeyNoRotate90days]
IAM.4Compliant
[rootHasAccessKey]
IAM.5Compliant
[mfaActive]
IAM.6Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
IAM.7Compliant
[passwordPolicyWeak]
IAM.8Compliant
[consoleLastAccess90]
[consoleLastAccess365]
IAM.9Need Attention
[rootMfaActive] - Enable MFA on root user
  • [GLOBAL]User::root_id
AWS MFA
IAM Best Practices
IAM.19Compliant
[mfaActive]
IAM.21Need Attention
[ManagedPolicyFullAccessOneServ] - Limit permissions.
  • [GLOBAL]Role::CodeStarWorker-dojo-ToolChain, Role::OrthancRole
AWS Docs
Kinesis.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
KMS.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
KMS.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
KMS.3Compliant
[KeyInPendingDeletion]
KMS.4Compliant
[KeyRotationEnabled]
Lambda.1Compliant
[lambdaPublicAccess]
Lambda.2Need Attention
[lambdaRuntimeUpdate] - Runtime Update Available
  • [ap-southeast-1]Lambda::isengard-create-vpc-endpoints-for-ssm, Lambda::webScrapNew, Lambda::webScrapper, Lambda::isengard-create-inventory-association, Lambda::testFunction, Lambda::isengard-set-default-instance-role, Lambda::isengard-set-default-patch-baseline
  • [us-east-1]Lambda::isengard-set-default-instance-role, Lambda::isengard-create-vpc-endpoints-for-ssm, Lambda::isengard-set-default-patch-baseline, Lambda::isengard-create-inventory-association
Lambda runtimes
Lambda.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Lambda.5Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Macie.1Need Attention
[MacieToEnable] - Enable Macie
  • [ap-southeast-1]Macie
  • [us-east-1]Macie
Getting started with Amazon Macie
Macie.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
MSK.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
MSK.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
MQ.5Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
MQ.6Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Neptune.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Neptune.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Neptune.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Neptune.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Neptune.5Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Neptune.6Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Neptune.7Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Neptune.8Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Neptune.9Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
NetworkFirewall.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
NetworkFirewall.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
NetworkFirewall.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
NetworkFirewall.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
NetworkFirewall.5Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
NetworkFirewall.6Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
NetworkFirewall.9Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Opensearch.1Compliant
[EncyptionAtRest]
Opensearch.2Compliant
[DomainWithinVPC]
Opensearch.3Compliant
[NodeToNodeEncryption]
Opensearch.4Compliant
[ApplicationLogs]
Opensearch.5Compliant
[AuditLogs]
Opensearch.6Compliant
[DataNodes]
Opensearch.7Compliant
[FineGrainedAccessControl]
Opensearch.8Compliant
[TLSEnforced]
Opensearch.10Compliant
[ServiceSoftwareVersion]
PCA.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.1Compliant
[SnapshotRDSIsPublic]
RDS.2Compliant
[PubliclyAccessible]
RDS.3Compliant
[StorageEncrypted]
RDS.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.5Compliant
[MultiAZ]
RDS.6Compliant
[EnhancedMonitor]
RDS.7Compliant
[DeleteProtection]
RDS.8Compliant
[DeleteProtection]
RDS.9Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.10Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.11Compliant
[Backup]
RDS.12Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.13Compliant
[AutoMinorVersionUpgrade]
RDS.14Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.15Compliant
[MultiAZ]
RDS.16Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.17Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.18Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.19Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.20Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.21Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.22Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.23Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.24Compliant
[DefaultMasterAdmin]
RDS.25Compliant
[DefaultMasterAdmin]
RDS.26Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.27Compliant
[StorageEncrypted]
RDS.34Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
RDS.35Compliant
[AutoMinorVersionUpgrade]
Redshift.1Compliant
[PubliclyAcessible]
Redshift.2Compliant
[EncryptedInTransit]
Redshift.3Compliant
[AutomaticSnapshots]
Redshift.4Compliant
[AuditLogging]
Redshift.6Compliant
[AutomaticUpgrades]
Redshift.7Compliant
[EnhancedVPCRouting]
Redshift.8Compliant
[DefaultAdminUsername]
Redshift.9Compliant
[DefaultDatabaseName]
Redshift.10Compliant
[EncryptedAtRest]
Route53.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
S3.1Compliant
[S3AccountPublicAccessBlock]
S3.2Compliant
[PublicAccessBlock]
S3.3Compliant
[PublicAccessBlock]
S3.5Need Attention
[TlsEnforced] - Enforce Encryption of Data in Transit
  • [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1
  • [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01
AWS Docs
S3.7Compliant
[CrossRegionReplication]
S3.8Compliant
[PublicAccessBlock]
S3.9Need Attention
[BucketLogging] - Enable Server Access Logging
  • [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1
  • [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01
AWS Docs
S3.10Need Attention
[BucketVersioning] - Enable Versioning
  • [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1
  • [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01
[BucketLifecycle] - Configure Lifecycle Policies
  • [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1
  • [us-east-1]Bucket::kuettai-dojo01
AWS Docs
Manage Versioning Example
AWS Docs
S3.11Compliant
[EventNotification]
S3.12Need Attention
[AccessControlList] - Enable SSE
  • [ap-southeast-1]Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::kuettai-solutions-bucket-ap-southeast-1
  • [us-east-1]Bucket::kuettai-dojo01
Protecting data with IAM
S3.13Need Attention
[BucketLifecycle] - Configure Lifecycle Policies
  • [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1
  • [us-east-1]Bucket::kuettai-dojo01
AWS Docs
S3.14Need Attention
[BucketVersioning] - Enable Versioning
  • [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1
  • [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01
AWS Docs
Manage Versioning Example
S3.15Need Attention
[ObjectLock] - Enable Object Lock
  • [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1
  • [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01
AWS Docs
S3.17Compliant
[ServerSideEncrypted]
[SSEWithKMS]
S3.19Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
S3.20Need Attention
[MFADelete] - Enable MFA Delete
  • [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1
  • [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01
Prevention for Accidental Deletions on S3
AWS Docs
Sagemaker.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Sagemaker.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
Sagemaker.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
SecretsManager.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
SecretsManager.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
SecretsManager.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
SecretsManager.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
SNS.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
SQS.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
SSM.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
SSM.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
SSM.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
SSM.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
WAF.1Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
WAF.2Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
WAF.3Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
WAF.4Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
WAF.5Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
WAF.6Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
WAF.7Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
WAF.8Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
WAF.10Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
WAF.11Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.
WAF.12Not availablePlease refer to the NIST control section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective NIST control.