Service Screener

Reserve Bank of India (RBI) Cloud Computing Guidelines

The Reserve Bank of India (RBI) has issued guidelines for regulated entities on cloud adoption and security. This framework maps AWS services and configurations to RBI compliance requirements, helping financial institutions in India ensure their cloud deployments meet regulatory standards.
Read more

Summary: [Not available:0] | [Compliant:16] | [Need Attention:12]

Breakdown

Framework. Reserve Bank of India (RBI) Cloud Computing Guidelines

Category	Rule ID	Compliance Status	Description	Reference
Data Security and Privacy	1.1	Compliant	[KeyRotationEnabled] [KeyInPendingDeletion]
Data Security and Privacy	1.2	Compliant	[ServerSideEncrypted] [SSEWithKMS] [EBSEncrypted] [StorageEncrypted] [EncryptedAtRest] [EncyptionAtRest]
Data Security and Privacy	1.3	Need Attention	[TlsEnforced] - Enforce Encryption of Data in Transit [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01 [EncryptionInTransit] [TLSEnforced] [NodeToNodeEncryption] [EncryptedInTransit]	AWS Docs
Data Security and Privacy	1.4	Compliant	[PublicReadAccessBlock] [PublicWriteAccessBlock] [S3AccountPublicAccessBlock] [EBSSnapshotIsPublic] [PubliclyAccessible] [SnapshotRDSIsPublic] [PubliclyAccessible]
Data Security and Privacy	1.5	Need Attention	[BucketVersioning] - Enable Versioning [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01 [BucketLogging] - Enable Server Access Logging [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01	AWS Docs Manage Versioning Example AWS Docs
Access Control	2.1	Need Attention	[rootMfaActive] - Enable MFA on root user [GLOBAL]User::root_id [mfaActive]	AWS MFA IAM Best Practices
Access Control	2.2	Need Attention	[passwordPolicy] - Set a custom password policy. [GLOBAL]Account::Config [passwordPolicyWeak]	IAM Password Policy
Access Control	2.3	Need Attention	[FullAdminAccess] - Limit permissions. [GLOBAL]Role::AWSReservedSSO_AWSAdministratorAccess_fae89f7963febc98, Role::DojoEC2AdminRole, Role::EC2AdminRole, Role::itadmin, Role::OrganizationAccountAccessRole, Role::PACICloudFormationStackSetExecutionRole, Role::ServiceScreenerAutomationRole, Role::stacksets-exec-7ca18804340a75b25a831ca17fba8659 [ManagedPolicyFullAccessOneServ] - Limit permissions. [GLOBAL]Role::CodeStarWorker-dojo-ToolChain, Role::OrthancRole	AWS Docs Organization GuardRail Blog AWS Docs
Access Control	2.4	Compliant	[rootHasAccessKey]
Access Control	2.5	Need Attention	[userNotUsingGroup] - Place IAM user within User Group [GLOBAL]User::kuettai [InlinePolicy] - Use managed policies [GLOBAL]User::kuettai, Role::AccessAnalyzerTrustedService, Role::AVMContainersUserRole, Role::awslogs.prod.kelex.molecule.toppatterns, Role::CloudSecAuditRole, Role::CloudSeerTrustedServiceRole, Role::CodeGuruProfilerForwardToAmazonProfiler, Role::CodeStarWorker-dojo-CloudFormation, Role::CodeStarWorker-dojo-ToolChain, Role::CodeStarWorker-dojo-WebApp, Role::Cognito_dojoIdPAuth_Role, Role::Cognito_dojoIdPUnauth_Role, Role::DocumentUnderstandingSolutionCICD-CodeBuildRole-26NRX1QIOV08, Role::EC2AdminRole, Role::IMDSv2-automigrator, Role::OrthancRole, Role::PACICloudFormationStackSetAdministrationRole, Role::SaltyTrustedService, Role::ServiceScreenerAssumeRole, Role::ShadowTrooperRole, Role::TurtleRoleManagement	IAM Group AWS Docs
Access Control	2.6	Compliant	[hasAccessKeyNoRotate90days] [consoleLastAccess90]
Monitoring and Logging	3.1	Need Attention	[NeedToEnableCloudTrail] [EnableCloudTrailLogging] [HasOneMultiRegionTrail] [LogFileValidationEnabled] [RequiresKmsKey] - Enable SSE [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Encrypt CloudTrail using AWS KMS CloudTrail Security Best Practices
Monitoring and Logging	3.2	Need Attention	[CloudWatchLogsLogGroupArn] - CloudWatch for CloudTrail [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE [SetRetentionDays] - Set retention days [ap-southeast-1]Log::/aws/codebuild/dojo, Log::/aws/lambda/isengard-create-inventory-association, Log::/aws/lambda/isengard-create-vpc-endpoints-for-ssm, Log::/aws/lambda/isengard-set-default-instance-role, Log::/aws/lambda/isengard-set-default-patch-baseline, Log::/aws/lambda/webScrapNew, Log::/aws/lambda/webScrapper [us-east-1]Log::/aws/lambda/isengard-create-inventory-association, Log::/aws/lambda/isengard-create-vpc-endpoints-for-ssm, Log::/aws/lambda/isengard-set-default-instance-role, Log::/aws/lambda/isengard-set-default-patch-baseline	Using CloudWatch Logs with CloudTrail CIS Cloudwatch Controls
Monitoring and Logging	3.3	Need Attention	[VPCFlowLogEnabled] - Enable VPC Flow Log [ap-southeast-1]VPC::vpc-0229dd64 [us-east-1]VPC::vpc-8d976df0	Amazon Elastic Compute Cloud controls
Monitoring and Logging	3.4	Compliant	[ExecutionLogging] [AuditLogging] [ApplicationLogs]
Monitoring and Logging	3.5	Compliant	[enableGuardDuty]
Network Security	4.1	Need Attention	[SGDefaultInUsed] [SGSensitivePortOpenToAll] [SGAllTCPOpen] [SGAllUDPOpen] [SGAllPortOpen] - All ports open. [ap-southeast-1]SG::sg-34753642 [us-east-1]SG::sg-9b3e45a4 [SGAllPortOpenToAll]	Best practices for Amazon EC2
Network Security	4.2	Compliant	[EC2SubnetAutoPublicIP] [EC2InstancePublicIP]
Network Security	4.3	Compliant	[DomainWithinVPC] [EnhancedVpcRouting]
Network Security	4.4	Compliant	[WAFWACL] [ELBEnableWAF]
Resilience and Business Continuity	5.1	Compliant	[MultiAZ] [ELBCrossZone] [ASGELBHealthCheckEnabled]
Resilience and Business Continuity	5.2	Compliant	[Backup] [disabledPointInTimeRecovery] [AutomatedBackup] [AutomaticSnapshots]
Resilience and Business Continuity	5.3	Compliant	[DeleteProtection]
Resilience and Business Continuity	5.4	Need Attention	[autoScalingStatus] [lambdaReservedConcurrencyDisabled] - Provisioned Concurrency Disabled [ap-southeast-1]Lambda::isengard-create-vpc-endpoints-for-ssm, Lambda::webScrapNew, Lambda::webScrapper, Lambda::isengard-create-inventory-association, Lambda::testFunction, Lambda::isengard-set-default-instance-role, Lambda::isengard-set-default-patch-baseline [us-east-1]Lambda::isengard-set-default-instance-role, Lambda::isengard-create-vpc-endpoints-for-ssm, Lambda::isengard-set-default-patch-baseline, Lambda::isengard-create-inventory-association	Configuring provisioned concurrency
Compliance and Governance	6.1	Compliant	[hasOrganization]
Compliance and Governance	6.2	Need Attention	[EnableTrailS3BucketLogging] - Enable S3 Bucket Logging [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Configure S3 Logging Resilience in CloudTrail
Compliance and Governance	6.3	Compliant	[EC2DetailedMonitor] [EnhancedMonitor]
Compliance and Governance	6.4	Compliant	[AutomaticUpgrades]