Service Screener

Bank Negara Malaysia (BNM) Risk Management in Technology (RMiT)

The Risk Management in Technology (RMiT) is a policy document issued by Bank Negara Malaysia (BNM) to provide guidance on the management of technology risk for financial institutions in Malaysia. This is operational best practices for BNM RMiT, the following items being flagged out by SS can be use as a guidance to identify actions required to be taken on specific resources in order to comply to the these rules.
Read more

Summary: [Not available:112] | [Compliant:147] | [Need Attention:59]

Breakdown

Framework. Bank Negara Malaysia (BNM) Risk Management in Technology (RMiT)

Category	Rule ID	Compliance Status	Description	Reference
10.18	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.18	2	Compliant	[CachingEnabled] [EncryptionAtRest]
10.18	3	Compliant	[EncryptionInTransit]
10.18	4	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.18	5	Need Attention	[NeedToEnableCloudTrail] [EnableCloudTrailLogging] [HasOneMultiRegionTrail] [LogFileValidationEnabled] [RequiresKmsKey] - Enable SSE [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Encrypt CloudTrail using AWS KMS CloudTrail Security Best Practices
10.18	6	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.18	7	Compliant	[KeyRotationEnabled]
10.18	8	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.18	9	Compliant	[EBSEncrypted]
10.18	10	Compliant	[EncryptedAtRest]
10.18	11	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.18	12	Compliant	[EBSEncrypted]
10.18	13	Compliant	[KeyInPendingDeletion]
10.18	14	Compliant	[EncyptionAtRest]
10.18	15	Compliant	[TLSEnforced]
10.18	16	Compliant	[NodeToNodeEncryption]
10.18	17	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.18	18	Compliant	[StorageEncrypted]
10.18	19	Compliant	[EncryptedAtRest] [AuditLogging]
10.18	20	Compliant	[EncryptedWithKMS]
10.18	21	Compliant	[EncryptedInTransit]
10.18	22	Compliant	[ServerSideEncrypted]
10.18	23	Need Attention	[TlsEnforced] - Enforce Encryption of Data in Transit [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01	AWS Docs
10.18	24	Compliant	[SSEWithKMS]
10.18	25	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.18	26	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.18	27	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.18	28	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.2	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.2	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.27	1	Compliant	[ASGELBHealthCheckEnabled]
10.27	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.27	3	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.27	4	Compliant	[trailWithoutCWLogs]
10.27	5	Compliant	[rcuServiceLimit] [wcuServiceLimit]
10.27	6	Compliant	[EC2DetailedMonitor]
10.27	7	Need Attention	[lambdaReservedConcurrencyDisabled] - Provisioned Concurrency Disabled [ap-southeast-1]Lambda::isengard-create-vpc-endpoints-for-ssm, Lambda::webScrapNew, Lambda::webScrapper, Lambda::isengard-create-inventory-association, Lambda::testFunction, Lambda::isengard-set-default-instance-role, Lambda::isengard-set-default-patch-baseline [us-east-1]Lambda::isengard-set-default-instance-role, Lambda::isengard-create-vpc-endpoints-for-ssm, Lambda::isengard-set-default-patch-baseline, Lambda::isengard-create-inventory-association	Configuring provisioned concurrency
10.27	8	Compliant	[ApplicationLogs]
10.27	9	Compliant	[EnhancedMonitor]
10.34	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.34	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.35	1	Compliant	[XRayTracing]
10.35	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.35	3	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.35	4	Need Attention	[VPCFlowLogEnabled] - Enable VPC Flow Log [ap-southeast-1]VPC::vpc-0229dd64 [us-east-1]VPC::vpc-8d976df0	Amazon Elastic Compute Cloud controls
10.36	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.36	2	Compliant	[EncryptionInTransit]
10.36	3	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.36	4	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.36	5	Compliant	[ELBCrossZone]
10.38	1	Need Attention	[SetRetentionDays] - Set retention days [ap-southeast-1]Log::/aws/codebuild/dojo, Log::/aws/lambda/isengard-create-inventory-association, Log::/aws/lambda/isengard-create-vpc-endpoints-for-ssm, Log::/aws/lambda/isengard-set-default-instance-role, Log::/aws/lambda/isengard-set-default-patch-baseline, Log::/aws/lambda/webScrapNew, Log::/aws/lambda/webScrapper [us-east-1]Log::/aws/lambda/isengard-create-inventory-association, Log::/aws/lambda/isengard-create-vpc-endpoints-for-ssm, Log::/aws/lambda/isengard-set-default-instance-role, Log::/aws/lambda/isengard-set-default-patch-baseline	CIS Cloudwatch Controls
10.51	1	Compliant	[hasAccessKeyNoRotate90days]
10.51	2	Compliant	[hasOrganization]
10.51	3	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	4	Compliant	[CachingEnabled] [EncryptionAtRest]
10.51	5	Compliant	[EncryptionInTransit]
10.51	6	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	7	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	8	Need Attention	[NeedToEnableCloudTrail] [EnableCloudTrailLogging] [HasOneMultiRegionTrail] [LogFileValidationEnabled] [RequiresKmsKey] - Enable SSE [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Encrypt CloudTrail using AWS KMS CloudTrail Security Best Practices
10.51	9	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	10	Compliant	[KeyRotationEnabled]
10.51	11	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	12	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	13	Compliant	[EBSSnapshotIsPublic]
10.51	14	Compliant	[EBSEncrypted]
10.51	15	Compliant	[EC2InstancePublicIP]
10.51	16	Compliant	[EncryptedAtRest]
10.51	17	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	18	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	19	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	20	Compliant	[EBSEncrypted]
10.51	21	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	22	Need Attention	[InlinePolicy] - Use managed policies [GLOBAL]User::kuettai, Role::AccessAnalyzerTrustedService, Role::AVMContainersUserRole, Role::awslogs.prod.kelex.molecule.toppatterns, Role::CloudSecAuditRole, Role::CloudSeerTrustedServiceRole, Role::CodeGuruProfilerForwardToAmazonProfiler, Role::CodeStarWorker-dojo-CloudFormation, Role::CodeStarWorker-dojo-ToolChain, Role::CodeStarWorker-dojo-WebApp, Role::Cognito_dojoIdPAuth_Role, Role::Cognito_dojoIdPUnauth_Role, Role::DocumentUnderstandingSolutionCICD-CodeBuildRole-26NRX1QIOV08, Role::EC2AdminRole, Role::IMDSv2-automigrator, Role::OrthancRole, Role::PACICloudFormationStackSetAdministrationRole, Role::SaltyTrustedService, Role::ServiceScreenerAssumeRole, Role::ShadowTrooperRole, Role::TurtleRoleManagement	AWS Docs
10.51	23	Need Attention	[passwordPolicy] - Set a custom password policy. [GLOBAL]Account::Config [passwordPolicyWeak]	IAM Password Policy
10.51	24	Need Attention	[FullAdminAccess] - Limit permissions. [GLOBAL]Role::AWSReservedSSO_AWSAdministratorAccess_fae89f7963febc98, Role::DojoEC2AdminRole, Role::EC2AdminRole, Role::itadmin, Role::OrganizationAccountAccessRole, Role::PACICloudFormationStackSetExecutionRole, Role::ServiceScreenerAutomationRole, Role::stacksets-exec-7ca18804340a75b25a831ca17fba8659 [ManagedPolicyFullAccessOneServ] - Limit permissions. [GLOBAL]Role::CodeStarWorker-dojo-ToolChain, Role::OrthancRole	AWS Docs Organization GuardRail Blog AWS Docs
10.51	25	Compliant	[rootHasAccessKey]
10.51	26	Need Attention	[userNotUsingGroup] - Place IAM user within User Group [GLOBAL]User::kuettai	IAM Group
10.51	27	Need Attention	[rootMfaActive] - Enable MFA on root user [GLOBAL]User::root_id [mfaActive]	AWS MFA IAM Best Practices
10.51	28	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	29	Compliant	[consoleLastAccess90]
10.51	30	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	31	Compliant	[KeyInPendingDeletion]
10.51	32	Compliant	[lambdaPublicAccess]
10.51	33	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	34	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	35	Compliant	[EncyptionAtRest]
10.51	36	Compliant	[TLSEnforced]
10.51	37	Compliant	[DomainWithinVPC]
10.51	38	Compliant	[NodeToNodeEncryption]
10.51	39	Compliant	[PubliclyAccessible]
10.51	40	Compliant	[SnapshotRDSIsPublic]
10.51	41	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	42	Compliant	[StorageEncrypted]
10.51	43	Compliant	[EncryptedAtRest] [AuditLogging]
10.51	44	Compliant	[EncryptedWithKMS]
10.51	45	Compliant	[PubliclyAccessible]
10.51	46	Compliant	[EnhancedVpcRouting]
10.51	47	Compliant	[EncryptedInTransit]
10.51	48	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	49	Need Attention	[rootMfaActive] - Enable MFA on root user [GLOBAL]User::root_id	AWS MFA IAM Best Practices
10.51	50	Compliant	[S3AccountPublicAccessBlock]
10.51	51	Compliant	[PublicReadAccessBlock]
10.51	52	Compliant	[PublicWriteAccessBlock]
10.51	53	Compliant	[ServerSideEncrypted]
10.51	54	Need Attention	[TlsEnforced] - Enforce Encryption of Data in Transit [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01	AWS Docs
10.51	55	Compliant	[SSEWithKMS]
10.51	56	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	57	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	58	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	59	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	60	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.51	61	Compliant	[EC2SubnetAutoPublicIP]
10.52	1	Compliant	[hasAccessKeyNoRotate90days]
10.52	2	Compliant	[hasOrganization]
10.52	3	Compliant	[EC2IamProfile]
10.52	4	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.52	5	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.52	6	Need Attention	[InlinePolicy] - Use managed policies [GLOBAL]User::kuettai, Role::AccessAnalyzerTrustedService, Role::AVMContainersUserRole, Role::awslogs.prod.kelex.molecule.toppatterns, Role::CloudSecAuditRole, Role::CloudSeerTrustedServiceRole, Role::CodeGuruProfilerForwardToAmazonProfiler, Role::CodeStarWorker-dojo-CloudFormation, Role::CodeStarWorker-dojo-ToolChain, Role::CodeStarWorker-dojo-WebApp, Role::Cognito_dojoIdPAuth_Role, Role::Cognito_dojoIdPUnauth_Role, Role::DocumentUnderstandingSolutionCICD-CodeBuildRole-26NRX1QIOV08, Role::EC2AdminRole, Role::IMDSv2-automigrator, Role::OrthancRole, Role::PACICloudFormationStackSetAdministrationRole, Role::SaltyTrustedService, Role::ServiceScreenerAssumeRole, Role::ShadowTrooperRole, Role::TurtleRoleManagement	AWS Docs
10.52	7	Need Attention	[passwordPolicy] - Set a custom password policy. [GLOBAL]Account::Config [passwordPolicyWeak]	IAM Password Policy
10.52	8	Need Attention	[FullAdminAccess] - Limit permissions. [GLOBAL]Role::AWSReservedSSO_AWSAdministratorAccess_fae89f7963febc98, Role::DojoEC2AdminRole, Role::EC2AdminRole, Role::itadmin, Role::OrganizationAccountAccessRole, Role::PACICloudFormationStackSetExecutionRole, Role::ServiceScreenerAutomationRole, Role::stacksets-exec-7ca18804340a75b25a831ca17fba8659 [ManagedPolicyFullAccessOneServ] - Limit permissions. [GLOBAL]Role::CodeStarWorker-dojo-ToolChain, Role::OrthancRole	AWS Docs Organization GuardRail Blog AWS Docs
10.52	9	Compliant	[rootHasAccessKey]
10.52	10	Need Attention	[userNotUsingGroup] - Place IAM user within User Group [GLOBAL]User::kuettai	IAM Group
10.52	11	Compliant	[mfaActive]
10.52	12	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.52	13	Compliant	[consoleLastAccess90]
10.52	14	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.52	15	Need Attention	[rootMfaActive] - Enable MFA on root user [GLOBAL]User::root_id	AWS MFA IAM Best Practices
10.53(b)(h)(i)	1	Compliant	[rootHasAccessKey]
10.53(b)	1	Compliant	[EC2IamProfile]
10.53(b)	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.53(b)	3	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.53(b)	4	Need Attention	[InlinePolicy] - Use managed policies [GLOBAL]User::kuettai, Role::AccessAnalyzerTrustedService, Role::AVMContainersUserRole, Role::awslogs.prod.kelex.molecule.toppatterns, Role::CloudSecAuditRole, Role::CloudSeerTrustedServiceRole, Role::CodeGuruProfilerForwardToAmazonProfiler, Role::CodeStarWorker-dojo-CloudFormation, Role::CodeStarWorker-dojo-ToolChain, Role::CodeStarWorker-dojo-WebApp, Role::Cognito_dojoIdPAuth_Role, Role::Cognito_dojoIdPUnauth_Role, Role::DocumentUnderstandingSolutionCICD-CodeBuildRole-26NRX1QIOV08, Role::EC2AdminRole, Role::IMDSv2-automigrator, Role::OrthancRole, Role::PACICloudFormationStackSetAdministrationRole, Role::SaltyTrustedService, Role::ServiceScreenerAssumeRole, Role::ShadowTrooperRole, Role::TurtleRoleManagement	AWS Docs
10.53(b)	5	Need Attention	[FullAdminAccess] - Limit permissions. [GLOBAL]Role::AWSReservedSSO_AWSAdministratorAccess_fae89f7963febc98, Role::DojoEC2AdminRole, Role::EC2AdminRole, Role::itadmin, Role::OrganizationAccountAccessRole, Role::PACICloudFormationStackSetExecutionRole, Role::ServiceScreenerAutomationRole, Role::stacksets-exec-7ca18804340a75b25a831ca17fba8659 [ManagedPolicyFullAccessOneServ] - Limit permissions. [GLOBAL]Role::CodeStarWorker-dojo-ToolChain, Role::OrthancRole	AWS Docs Organization GuardRail Blog AWS Docs
10.53(b)	6	Need Attention	[userNotUsingGroup] - Place IAM user within User Group [GLOBAL]User::kuettai	IAM Group
10.53(b)	7	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.53(c)(f)	1	Need Attention	[passwordPolicy] - Set a custom password policy. [GLOBAL]Account::Config [passwordPolicyWeak]	IAM Password Policy
10.53(f)(h)	1	Compliant	[mfaActive]
10.53(f)(h)	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.53(f)(h)	3	Need Attention	[rootMfaActive] - Enable MFA on root user [GLOBAL]User::root_id	AWS MFA IAM Best Practices
10.54	1	Compliant	[mfaActive]
10.54	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.54	3	Need Attention	[rootMfaActive] - Enable MFA on root user [GLOBAL]User::root_id	AWS MFA IAM Best Practices
10.55	1	Need Attention	[passwordPolicy] - Set a custom password policy. [GLOBAL]Account::Config [passwordPolicyWeak]	IAM Password Policy
10.56	1	Compliant	[mfaActive]
10.56	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.56	3	Need Attention	[rootMfaActive] - Enable MFA on root user [GLOBAL]User::root_id	AWS MFA IAM Best Practices
10.59	1	Compliant	[hasAccessKeyNoRotate90days]
10.59	2	Compliant	[hasOrganization]
10.59	3	Compliant	[ExecutionLogging]
10.59	4	Need Attention	[EnableTrailS3BucketLogging] - Enable S3 Bucket Logging [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Configure S3 Logging Resilience in CloudTrail
10.59	5	Need Attention	[NeedToEnableCloudTrail] [EnableCloudTrailLogging] [HasOneMultiRegionTrail] [LogFileValidationEnabled] [RequiresKmsKey] - Enable SSE [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Encrypt CloudTrail using AWS KMS CloudTrail Security Best Practices
10.59	6	Need Attention	[CloudWatchLogsLogGroupArn] - CloudWatch for CloudTrail [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Using CloudWatch Logs with CloudTrail
10.59	7	Need Attention	[SetRetentionDays] - Set retention days [ap-southeast-1]Log::/aws/codebuild/dojo, Log::/aws/lambda/isengard-create-inventory-association, Log::/aws/lambda/isengard-create-vpc-endpoints-for-ssm, Log::/aws/lambda/isengard-set-default-instance-role, Log::/aws/lambda/isengard-set-default-patch-baseline, Log::/aws/lambda/webScrapNew, Log::/aws/lambda/webScrapper [us-east-1]Log::/aws/lambda/isengard-create-inventory-association, Log::/aws/lambda/isengard-create-vpc-endpoints-for-ssm, Log::/aws/lambda/isengard-set-default-instance-role, Log::/aws/lambda/isengard-set-default-patch-baseline	CIS Cloudwatch Controls
10.59	8	Compliant	[EC2IamProfile]
10.59	9	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.59	10	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.59	11	Need Attention	[passwordPolicy] - Set a custom password policy. [GLOBAL]Account::Config [passwordPolicyWeak]	IAM Password Policy
10.59	12	Need Attention	[FullAdminAccess] - Limit permissions. [GLOBAL]Role::AWSReservedSSO_AWSAdministratorAccess_fae89f7963febc98, Role::DojoEC2AdminRole, Role::EC2AdminRole, Role::itadmin, Role::OrganizationAccountAccessRole, Role::PACICloudFormationStackSetExecutionRole, Role::ServiceScreenerAutomationRole, Role::stacksets-exec-7ca18804340a75b25a831ca17fba8659 [ManagedPolicyFullAccessOneServ] - Limit permissions. [GLOBAL]Role::CodeStarWorker-dojo-ToolChain, Role::OrthancRole	AWS Docs Organization GuardRail Blog AWS Docs
10.59	13	Compliant	[rootHasAccessKey]
10.59	14	Need Attention	[userNotUsingGroup] - Place IAM user within User Group [GLOBAL]User::kuettai	IAM Group
10.59	15	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.59	16	Compliant	[ApplicationLogs]
10.59	17	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.59	18	Compliant	[EncryptedAtRest] [AuditLogging]
10.59	19	Need Attention	[BucketLogging] - Enable Server Access Logging [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01	AWS Docs
10.59	20	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.6	1	Need Attention	[CloudWatchLogsLogGroupArn] - CloudWatch for CloudTrail [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Using CloudWatch Logs with CloudTrail
10.6	2	Compliant	[enableGuardDuty]
10.6	3	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.61	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.61	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.61	3	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.61	4	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.61	5	Compliant	[AutomaticUpgrades]
10.64(a)	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(a)	2	Compliant	[CachingEnabled] [EncryptionAtRest]
10.64(a)	3	Compliant	[EncryptionInTransit]
10.64(a)	4	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(a)	5	Need Attention	[NeedToEnableCloudTrail] [EnableCloudTrailLogging] [HasOneMultiRegionTrail] [LogFileValidationEnabled] [RequiresKmsKey] - Enable SSE [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Encrypt CloudTrail using AWS KMS CloudTrail Security Best Practices
10.64(a)	6	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(a)	7	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(a)	8	Compliant	[EBSEncrypted]
10.64(a)	9	Compliant	[EncryptedAtRest]
10.64(a)	10	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(a)	11	Compliant	[EBSEncrypted]
10.64(a)	12	Compliant	[EncyptionAtRest]
10.64(a)	13	Compliant	[TLSEnforced]
10.64(a)	14	Compliant	[NodeToNodeEncryption]
10.64(a)	15	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(a)	16	Compliant	[StorageEncrypted]
10.64(a)	17	Compliant	[EncryptedAtRest] [AuditLogging]
10.64(a)	18	Compliant	[EncryptedWithKMS]
10.64(a)	19	Compliant	[EncryptedInTransit]
10.64(a)	20	Compliant	[ServerSideEncrypted]
10.64(a)	21	Need Attention	[TlsEnforced] - Enforce Encryption of Data in Transit [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01	AWS Docs
10.64(a)	22	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(a)	23	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(a)	24	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(a)	25	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(b)	1	Compliant	[autoScalingStatus]
10.64(b)	2	Compliant	[EC2Active]
10.64(b)	3	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(b)	4	Compliant	[ELBCrossZone]
10.64(b)	5	Compliant	[DeleteProtection]
10.64(b)	6	Compliant	[MultiAZ]
10.64(b)	7	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(d)	1	Compliant	[ExecutionLogging]
10.64(d)	2	Compliant	[ASGELBHealthCheckEnabled]
10.64(d)	3	Need Attention	[EnableTrailS3BucketLogging] - Enable S3 Bucket Logging [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Configure S3 Logging Resilience in CloudTrail
10.64(d)	4	Need Attention	[NeedToEnableCloudTrail] [EnableCloudTrailLogging] [HasOneMultiRegionTrail] [LogFileValidationEnabled] [RequiresKmsKey] - Enable SSE [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Encrypt CloudTrail using AWS KMS CloudTrail Security Best Practices
10.64(d)	5	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(d)	6	Need Attention	[CloudWatchLogsLogGroupArn] - CloudWatch for CloudTrail [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Using CloudWatch Logs with CloudTrail
10.64(d)	7	Compliant	[rcuServiceLimit] [wcuServiceLimit]
10.64(d)	8	Compliant	[EC2DetailedMonitor]
10.64(d)	9	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(d)	10	Compliant	[enableGuardDuty]
10.64(d)	11	Compliant	[ApplicationLogs]
10.64(d)	12	Compliant	[EnhancedMonitor]
10.64(d)	13	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(d)	14	Compliant	[EncryptedAtRest] [AuditLogging]
10.64(d)	15	Need Attention	[BucketLogging] - Enable Server Access Logging [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01	AWS Docs
10.64(d)	16	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(d)	17	Need Attention	[VPCFlowLogEnabled] - Enable VPC Flow Log [ap-southeast-1]VPC::vpc-0229dd64 [us-east-1]VPC::vpc-8d976df0	Amazon Elastic Compute Cloud controls
10.64(d)	18	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(e)	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(e)	2	Compliant	[Backup]
10.64(e)	3	Compliant	[disabledPointInTimeRecovery]
10.64(e)	4	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(e)	5	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(e)	6	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(e)	7	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(e)	8	Compliant	[AutomatedBackup]
10.64(e)	9	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(e)	10	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
10.64(e)	11	Compliant	[AutomaticSnapshots]
10.64(e)	12	Need Attention	[BucketVersioning] - Enable Versioning [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01	AWS Docs Manage Versioning Example
10.64(e)	13	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
11.7	1	Compliant	[enableGuardDuty]
11.7	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
11.8	1	Compliant	[enableGuardDuty]
11.8	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
11.18(c)(f)	1	Compliant	[enableGuardDuty]
11.18(c)(f)	2	Need Attention	[FailMeetingCompliances] - Unresolved items after X days [us-east-1]Detector::c2ba5f8bde481aa20a05199471e24808	Unresolved Items Info Mapping
11.18(c)(f)	3	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 5.1	1	Compliant	[enableGuardDuty]
Appendix 5.1	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 5.5(b)	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 5.5(b)	2	Compliant	[EncryptionInTransit]
Appendix 5.5(b)	3	Compliant	[TLSEnforced]
Appendix 5.5(b)	4	Compliant	[NodeToNodeEncryption]
Appendix 5.5(b)	5	Compliant	[EncryptedInTransit]
Appendix 5.5(b)	6	Need Attention	[TlsEnforced] - Enforce Encryption of Data in Transit [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01	AWS Docs
Appendix 5.5(c)	1	Compliant	[enableGuardDuty]
Appendix 5.5(c)	2	Compliant	[SGDefaultInUsed]
Appendix 5.5(c)	3	Need Attention	[SGSensitivePortOpenToAll] [SGAllTCPOpen] [SGAllUDPOpen] [SGAllPortOpen] - All ports open. [ap-southeast-1]SG::sg-34753642 [us-east-1]SG::sg-9b3e45a4 [SGAllPortOpenToAll]	Best practices for Amazon EC2
Appendix 5.6	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 5.6	2	Compliant	[EncryptionInTransit]
Appendix 5.6	3	Compliant	[TLSEnforced]
Appendix 5.6	4	Compliant	[EncryptedInTransit]
Appendix 5.6	5	Compliant	[SGDefaultInUsed]
Appendix 5.6	6	Need Attention	[SGSensitivePortOpenToAll] [SGAllTCPOpen] [SGAllUDPOpen] [SGAllPortOpen] - All ports open. [ap-southeast-1]SG::sg-34753642 [us-east-1]SG::sg-9b3e45a4 [SGAllPortOpenToAll]	Best practices for Amazon EC2
Appendix 10 Part B - 1 (a)	1	Compliant	[hasOrganization]
Appendix 10 Part B - 1 (b)	1	Compliant	[ELBEnableWAF]
Appendix 10 Part B - 1 (b)	2	Compliant	[EC2SubnetAutoPublicIP]
Appendix 10 Part B - 1 (b)	3	Compliant	[SGDefaultInUsed]
Appendix 10 Part B - 1 (b)	4	Need Attention	[SGSensitivePortOpenToAll] [SGAllTCPOpen] [SGAllUDPOpen] [SGAllPortOpen] - All ports open. [ap-southeast-1]SG::sg-34753642 [us-east-1]SG::sg-9b3e45a4 [SGAllPortOpenToAll]	Best practices for Amazon EC2
Appendix 10 Part B - 1 (c)	1	Compliant	[enableGuardDuty]
Appendix 10 Part B - 1 (c)	2	Need Attention	[VPCFlowLogEnabled] - Enable VPC Flow Log [ap-southeast-1]VPC::vpc-0229dd64 [us-east-1]VPC::vpc-8d976df0	Amazon Elastic Compute Cloud controls
Appendix 10 Part B - 1 (d)	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 1 (d)	2	Need Attention	[TlsEnforced] - Enforce Encryption of Data in Transit [ap-southeast-1]Bucket::aws-codestar-ap-southeast-1-961319563195, Bucket::aws-codestar-ap-southeast-1-961319563195-dojo-pipe, Bucket::codepipeline-ap-southeast-1-183991447891, Bucket::config-bucket-961319563195, Bucket::documentunderstandingsolutioncic-artifacts3bucket-dtr9a8q6yj2h, Bucket::documentunderstandingsolutioncicd-devoutputbucket-1m11zxjc9fhd6, Bucket::dojo-logs, Bucket::kuettai-solutions-bucket-ap-southeast-1 [us-east-1]Bucket::cloudtrail-awslogs-961319563195-pyvnhwtz-isengard-do-not-delete, Bucket::kuettai-dojo01	AWS Docs
Appendix 10 Part B - 1 (f) i)	1	Compliant	[AuthorizationType]
Appendix 10 Part B - 1 (f) ii)	1	Compliant	[WAFWACL]
Appendix 10 Part B - 1 (f) ii)	2	Compliant	[ExecutionLogging]
Appendix 10 Part B - 2 (b) ii)	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 3 (b) vi)	1	Need Attention	[NeedToEnableCloudTrail] [EnableCloudTrailLogging] [HasOneMultiRegionTrail] [LogFileValidationEnabled] [RequiresKmsKey] - Enable SSE [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Encrypt CloudTrail using AWS KMS CloudTrail Security Best Practices
Appendix 10 Part B - 5 (a) i)	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 5 (a) i)	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 5 (a) i)	3	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 5 (a) i)	4	Compliant	[AutomatedBackup]
Appendix 10 Part B - 5 (a) i)	5	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 5 (a) i)	6	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 5 (b)	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 5 (c) i)	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 5 (d) i)	1	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 5 (d) i)	2	Compliant	[ELBCrossZone]
Appendix 10 Part B - 5 (d) i)	3	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 5 (d) i)	4	Compliant	[ELBCrossZone]
Appendix 10 Part B - 5 (d) i)	5	Compliant	[MultiAZ]
Appendix 10 Part B - 5 (d) i)	6	Compliant	[MultiAZ]
Appendix 10 Part B - 8 (a)	1	Compliant	[CachingEnabled] [EncryptionAtRest]
Appendix 10 Part B - 8 (a)	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 8 (a)	3	Need Attention	[NeedToEnableCloudTrail] [EnableCloudTrailLogging] [HasOneMultiRegionTrail] [LogFileValidationEnabled] [RequiresKmsKey] - Enable SSE [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Encrypt CloudTrail using AWS KMS CloudTrail Security Best Practices
Appendix 10 Part B - 8 (a)	4	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 8 (a)	5	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 8 (a)	6	Compliant	[EBSEncrypted]
Appendix 10 Part B - 8 (a)	7	Compliant	[EncryptedAtRest]
Appendix 10 Part B - 8 (a)	8	Compliant	[eksSecretsEncryption]
Appendix 10 Part B - 8 (a)	9	Compliant	[EBSEncrypted]
Appendix 10 Part B - 8 (a)	10	Compliant	[EncyptionAtRest]
Appendix 10 Part B - 8 (a)	11	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 8 (a)	12	Compliant	[EncryptedWithKMS]
Appendix 10 Part B - 8 (a)	13	Compliant	[SSEWithKMS]
Appendix 10 Part B - 8 (a)	14	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 8 (a)	15	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 8 (d)	1	Compliant	[KeyRotationEnabled]
Appendix 10 Part B - 8 (d)	2	Compliant	[KeyInPendingDeletion]
Appendix 10 Part B - 9 (a) ii)	1	Need Attention	[passwordPolicy] - Set a custom password policy. [GLOBAL]Account::Config [passwordPolicyWeak]	IAM Password Policy
Appendix 10 Part B - 9 (a) ii)	2	Compliant	[mfaActive]
Appendix 10 Part B - 9 (a) ii)	3	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 9 (a) ii)	4	Need Attention	[rootMfaActive] - Enable MFA on root user [GLOBAL]User::root_id	AWS MFA IAM Best Practices
Appendix 10 Part B - 9 (a) iii)	1	Need Attention	[FullAdminAccess] - Limit permissions. [GLOBAL]Role::AWSReservedSSO_AWSAdministratorAccess_fae89f7963febc98, Role::DojoEC2AdminRole, Role::EC2AdminRole, Role::itadmin, Role::OrganizationAccountAccessRole, Role::PACICloudFormationStackSetExecutionRole, Role::ServiceScreenerAutomationRole, Role::stacksets-exec-7ca18804340a75b25a831ca17fba8659 [ManagedPolicyFullAccessOneServ] - Limit permissions. [GLOBAL]Role::CodeStarWorker-dojo-ToolChain, Role::OrthancRole	AWS Docs Organization GuardRail Blog AWS Docs
Appendix 10 Part B - 9 (a) iii)	2	Not available	Please refer to the BNM RMiT section for further details. Kindly provide evidence or artifacts demonstrating compliance with the respective RMiT control.
Appendix 10 Part B - 9 (a) iv)	1	Need Attention	[NeedToEnableCloudTrail] [EnableCloudTrailLogging] [HasOneMultiRegionTrail] [LogFileValidationEnabled] [RequiresKmsKey] - Enable SSE [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Encrypt CloudTrail using AWS KMS CloudTrail Security Best Practices
Appendix 10 Part B - 9 (a) iv)	2	Need Attention	[CloudWatchLogsLogGroupArn] - CloudWatch for CloudTrail [ap-southeast-1]Cloudtrail::IsengardTrail-DO-NOT-DELETE	Using CloudWatch Logs with CloudTrail
Appendix 10 Part B - 12 (a)	1	Compliant	[enableGuardDuty]
Appendix 10 Part B - 12 (a)	2	Need Attention	[MacieToEnable] - Enable Macie [ap-southeast-1]Macie [us-east-1]Macie	Getting started with Amazon Macie
Appendix 10 Part B - 14 (c) i)	1	Compliant	[enableGuardDuty]
Appendix 10 Part B - 14 (c) i)	2	Need Attention	[FailMeetingCompliances] - Unresolved items after X days [us-east-1]Detector::c2ba5f8bde481aa20a05199471e24808	Unresolved Items Info Mapping

RMIT

Bank Negara Malaysia (BNM) Risk Management in Technology (RMiT)

Summary: [Not available:112] | [Compliant:147] | [Need Attention:59]

Breakdown

Framework. Bank Negara Malaysia (BNM) Risk Management in Technology (RMiT)