ControlTitle,ControlName,ControlSet,ControlSources,ControlDescription,TestingInformation,ControlStatus,ControlImportantText,EvidenceExtractionDetail,RemediationText,EvidenceCollectionType,Events,TemplateName,TemplateTitle,TemplateDescription,TemplateNecessity,TemplateOverview,TemplateStatus,TemplateLogo,ComplianceStandard,VendorName,VendorContactDetails Data Security 2.4.1 - Data Encryption - Data Encryption at Rest and in Transit,Everest Automated - DS 2.4.1,Data Security,AWS Config,Are all data encrypted at rest and in transit?,,ACTIVE,,"Specify if all data is encrypted at rest and in transit. If yes, describe encryption configuration. AWS Config Rule(s): API_GW_CACHE_ENABLED_AND_ENCRYPTED CLOUD_TRAIL_ENCRYPTION_ENABLED CLOUDWATCH_LOG_GROUP_ENCRYPTED EFS_ENCRYPTED_CHECK ELASTICSEARCH_ENCRYPTED_AT_REST ENCRYPTED_VOLUMES RDS_STORAGE_ENCRYPTED REDSHIFT_CLUSTER_CONFIGURATION_CHECK S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED SNS_ENCRYPTED_KMS EC2_EBS_ENCRYPTION_BY_DEFAULT DYNAMODB_TABLE_ENCRYPTED_KMS DYNAMODB_TABLE_ENCRYPTION_ENABLED RDS_SNAPSHOT_ENCRYPTED S3_DEFAULT_ENCRYPTION_KMS DAX_ENCRYPTION_ENABLED EKS_SECRETS_ENCRYPTED RDS_LOGGING_ENABLED REDSHIFT_BACKUP_ENABLED RDS_IN_BACKUP_PLAN WAF_CLASSIC_LOGGING_ENABLED WAFV2_LOGGING_ENABLED Show all services are encrypted in transit. ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK ELB_ACM_CERTIFICATE_REQUIRED ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK REDSHIFT_REQUIRE_TLS_SSL S3_BUCKET_SSL_REQUESTS_ONLY CLOUDFRONT_VIEWER_POLICY_HTTPS ALB_HTTP_DROP_INVALID_HEADER_ENABLED ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK ELB_TLS_HTTPS_LISTENERS_ONLY ACM_CERTIFICATE_EXPIRATION_CHECK API_GW_CACHE_ENABLED_AND_ENCRYPTED Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""CLOUD_TRAIL_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUDWATCH_LOG_GROUP_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EFS_ENCRYPTED_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELASTICSEARCH_ENCRYPTED_AT_REST"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ENCRYPTED_VOLUMES"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_STORAGE_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_CLUSTER_CONFIGURATION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""SNS_ENCRYPTED_KMS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_EBS_ENCRYPTION_BY_DEFAULT"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_TABLE_ENCRYPTED_KMS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_TABLE_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_SNAPSHOT_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_DEFAULT_ENCRYPTION_KMS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DAX_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EKS_SECRETS_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_BACKUP_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""WAF_CLASSIC_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""WAFV2_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_ACM_CERTIFICATE_REQUIRED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_REQUIRE_TLS_SSL"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUDFRONT_VIEWER_POLICY_HTTPS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ALB_HTTP_DROP_INVALID_HEADER_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_TLS_HTTPS_LISTENERS_ONLY"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ACM_CERTIFICATE_EXPIRATION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""API_GW_CACHE_ENABLED_AND_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Data Security 2.4.3 - Data Encryption - Unique Encryption Key,Everest Automated - DS 2.4.3,Data Security,AWS Config,Are clients provided with the ability to generate a unique encryption key?,,ACTIVE,,"Can clients provide/generate their own unique encryption keys? If yes, please provide more details/upload evidence. AWS Config : cmk-backing-key-rotation-enabled Customer master key (CMK) rotation should be enabled Ensure rotation for customer created CMKs is enabled AWS Config From Console: 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam. 2. In the left navigation pane, choose Encryption Keys . 3. Select a customer created master key (CMK) 4. Under the Key Policy section, move down to Key Rotation . 5. Ensure the Rotate this key every year checkbox is checked. From Command Line: 1. Run the following command to get a list of all keys and their associated KeyIds aws kms list-keys 2. For each key, note the KeyId and run the following command aws kms get-key-rotation-status --key-id 3. Ensure KeyRotationEnabled is set to true AWS Config Rule(s): CMK_BACKING_KEY_ROTATION_ENABLED Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""CMK_BACKING_KEY_ROTATION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }]}",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Data Security 2.5.1 - Data Storage & Classification - Data Backup,Everest Automated - DS 2.5.1,Data Security,AWS Config,Do you back up customer data?,,ACTIVE,,"Specify if you back up customer data. If yes, describe backup configuration. AWS Config Rule(s): DB_INSTANCE_BACKUP_ENABLED DYNAMODB_PITR_ENABLED EBS_OPTIMIZED_INSTANCE ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK S3_BUCKET_REPLICATION_ENABLED S3_BUCKET_VERSIONING_ENABLED DYNAMODB_IN_BACKUP_PLAN EBS_IN_BACKUP_PLAN EFS_IN_BACKUP_PLAN REDSHIFT_BACKUP_ENABLED RDS_IN_BACKUP_PLAN S3_BUCKET_REPLICATION_ENABLED Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""DB_INSTANCE_BACKUP_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_PITR_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EBS_OPTIMIZED_INSTANCE"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_REPLICATION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_VERSIONING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EBS_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EFS_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_BACKUP_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_AUTOSCALING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_MULTI_AZ_SUPPORT"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Data Security 2.5.2 - Data Storage & Classification - Data Access Control Policy,Everest Automated - DS 2.5.2,Data Security,"API Calls, AWS Config",Do you implement appropriate access controls for stored customer data? Provide your access control policies,,ACTIVE,,"Specify/Establish if appropriate access controls for stored customer data is implemented. IAM: 1: ListRoles, ListRolePolicies, GetRolePolicy 2: ListUsers, ListUserPolicies, GetUserPolicy 3: ListGroups, ListGroupPolicies, GetGroupPolicy CognitoListUser* and ListGroups from https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListUserAuthEvents.html List all bucket policies RDS not public List all Principals and their associated policies AWS Config Rule(s): DMS_REPLICATION_NOT_PUBLIC EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK EC2_INSTANCE_NO_PUBLIC_IP ELASTICSEARCH_IN_VPC_ONLY EMR_KERBEROS_ENABLED EMR_MASTER_NO_PUBLIC_IP IAM_GROUP_HAS_USERS_CHECK IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS IAM_USER_GROUP_MEMBERSHIP_CHECK IAM_USER_NO_POLICIES_CHECK RDS_INSTANCE_PUBLIC_ACCESS_CHECK RDS_SNAPSHOTS_PUBLIC_PROHIBITED REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS S3_BUCKET_POLICY_GRANTEE_CHECK S3_BUCKET_PUBLIC_READ_PROHIBITED S3_BUCKET_PUBLIC_WRITE_PROHIBITED SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""DMS_REPLICATION_NOT_PUBLIC"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_INSTANCE_NO_PUBLIC_IP"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELASTICSEARCH_IN_VPC_ONLY"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EMR_KERBEROS_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EMR_MASTER_NO_PUBLIC_IP"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""IAM_GROUP_HAS_USERS_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""IAM_USER_GROUP_MEMBERSHIP_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""IAM_USER_NO_POLICIES_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_INSTANCE_PUBLIC_ACCESS_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_SNAPSHOTS_PUBLIC_PROHIBITED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_POLICY_GRANTEE_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_PUBLIC_READ_PROHIBITED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_PUBLIC_WRITE_PROHIBITED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""iam_ListRoles"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""listRoles"", ""Service"": ""iam"" } }, { ""eventSelector"": ""iam_ListUsers"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""listUsers"", ""Service"": ""iam"" } }, { ""eventSelector"": ""iam_ListGroups"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""listGroups"", ""Service"": ""iam"" } }, { ""eventSelector"": ""iam_ListPolicies"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""listPolicies"", ""Service"": ""iam"" } } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Security & Configuration Policy 10.2.3 - Policies for Security Configurations - Changes to Configurations,Everest Automated - SP 10.2.3,Security & Configuration Policy,"Security Hub, API Calls",Are changes to configurations logged?,,ACTIVE,,"Specify if configuration changes are logged. Security Hub/Cloud watch : Ensure a log metric filter and alarm exist for AWS Config configuration changes. Ensure a log metric filter and alarm exist for CloudTrail configuration changes. Perform the following to ensure that there is at least one active multi-region CloudTrail with prescribed metric filters and alarms configured: 1. Identify the log group name configured for use with active multi-region CloudTrail: List all CloudTrail(s): aws cloudtrail describe-trails Identify Multi region Cloudtrails: Trails with ""IsMultiRegionTrail"" set to true From value associated with CloudWatchLogsLogGroupArn note cloudtrail_log_group_name Example: for CloudWatchLogsLogGroupArn that looks like arn:aws:logs: region : aws_account_number :log-group:NewGroup:*, cloudtrail_log_group_name would be NewGroup Ensure Identified Multi region CloudTrail is active aws cloudtrail get-trail-status --name Name of a Multi-region CloudTrail ensure IsLogging is set to TRUE Ensure identified Multi-region Cloudtrail captures all Management Events aws cloudtrail get-event-selectors --trail-name trailname shown in describe-trails Ensure there is at least one Event Selector for a Trail with IncludeManagementEvents set to true and ReadWriteType set to All 2. Get a list of all associated metric filters for this cloudtrail_log_group_name : aws logs describe-metric-filters --log-group-name "" cloudtrail_log_group_name "" 3. Ensure the output from the above command contains the following: ""filterPattern"": ""{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }"" 4. Note the cloudtrail_cfg_changes_metric value associated with the filterPattern found in step 3. 5. Get a list of CloudWatch alarms and filter on the cloudtrail_cfg_changes_metric captured in step 4. aws cloudwatch describe-alarms --query 'MetricAlarms[?MetricName== ` cloudtrail_cfg_changes_metric `]' 6. Note the AlarmActions value - this will provide the SNS topic ARN value. 7. Ensure there is at least one active subscriber to the SNS topic aws sns list-subscriptions-by-topic --topic-arn sns_topic_arn at least one subscription should have ""SubscriptionArn"" with valid aws ARN. Example of valid ""SubscriptionArn"": ""arn:aws:sns: region : aws_account_number : SnsTopicName : SubscriptionID "" Ensure a log metric filter and an alarm exists for AWS CloudTrail configuration changes. For further details on the auditing of this control please refer to the CIS Amazon Web Services Foundations Benchmark version 1.3.0 document available at https://www.cisecurity.org/benchmark/amazon_web_services/ Describe all CloudWatch Alarms","For remediation, learn more at: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-3.5 For remediation, learn more at: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-3.9",AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""3.5"", ""eventSourceName"": ""SecurityHub"" }, { ""eventSelector"": ""3.9"", ""eventSourceName"": ""SecurityHub"" }, { ""eventSelector"": ""cloudwatch_DescribeAlarms"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""describeAlarms"", ""Service"": ""cloudwatch"" } } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Access Management 3.1.1 - Secure Authentication - Password Use to Access the Production Environment,Everest Automated - AC 3.1.1,Access Management,AWS Config,Do you support password based authentication to access the production environment? ,,ACTIVE,,"Specify if password authentication is enabled to access the production environment. IAM: GetAccountPasswordPolicy AWS Cognito: DescribeUserPool for displaying user pool policy ",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""IAM_PASSWORD_POLICY"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Access Management 3.1.5 - Secure Authentication - Two Factor Authentication,Everest Automated - AC 3.1.5,Access Management,AWS Config,Is two factor authentication required to access the production/hosted environment?,,ACTIVE,,"Specify if two factor authentication (2FA) is required for access to production environment. If yes, what tool is used for 2FA? AWS Config Rules : MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Access Management 3.1.9 - Secure Authentication - Root User MFA,Everest Automated - AC 3.1.9,Access Management,AWS Config,Does root user require multi-factor authentication (MFA)?,,ACTIVE,,"Specify if logging in as root user requires multi factor authentication. If yes, what tool is used for MFA? Perform the following to determine if the root user account has MFA setup: From Command Line: 1. Run the following command: aws iam get-account-summary | grep ""AccountMFAEnabled"" 2. Ensure the AccountMFAEnabled property is set to 1 ",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""ROOT_ACCOUNT_MFA_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ROOT_ACCOUNT_HARDWARE_MFA_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Access Management 3.1.10 - Secure Authentication - Remote Access,Everest Automated - AC 3.1.10,Access Management,AWS Config,Is remote access permitted and is the access secure?,,ACTIVE,,"Specify if the application permits remote access. Learn more at : https://docs.aws.amazon.com/config/latest/developerguide/restricted-ssh.html",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""INCOMING_SSH_DISABLED"", ""eventSourceName"": ""CloudTrail-Config"" } ]}",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Access Management 3.2.1 - Credential Management - Password Policy,Everest Automated - AC 3.2.1,Access Management,AWS Config,Is there a strong password policy? Does the password policy require changing it at frequent intervals?,,ACTIVE,,"Specify/Establish if a strong password policy is present. Does it require password change at frequent intervals? AWS Config Rules : IAM_PASSWORD_POLICY Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/iam-password-policy.html",,AUTOMATED,"{ ""events"": [ {""eventSelector"": ""IAM_PASSWORD_POLICY"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Access Management 3.2.2 - Credential Management - Password Encryption,Everest Automated - AC 3.2.2,Access Management,"AWS Config, API Calls",Does the password policy require passwords to be encrypted in transit? Does it require the password to be hashed with salt?,,ACTIVE,,"Specify if passwords are encrypted in transit and when stored, is the password hashed with salt. IAM: 1: ListRoles, ListRolePolicies, GetRolePolicy 2: ListUsers, ListUserPolicies, GetUserPolicy 3: ListGroups, ListGroupPolicies, GetGroupPolicy Amazon Cognito: ListUser* and ListGroups from https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListUserAuthEvents.html Access Analyzer: Pull all Access Analyzer Findings from Security Hub to note all Service-Linked Roles AWS Config Rule(s): ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK ELB_ACM_CERTIFICATE_REQUIRED ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK REDSHIFT_REQUIRE_TLS_SSL S3_BUCKET_SSL_REQUESTS_ONLY CLOUDFRONT_VIEWER_POLICY_HTTPS ALB_HTTP_DROP_INVALID_HEADER_ENABLED ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK ELB_TLS_HTTPS_LISTENERS_ONLY CLOUD_TRAIL_ENCRYPTION_ENABLED CLOUDWATCH_LOG_GROUP_ENCRYPTED EFS_ENCRYPTED_CHECK ELASTICSEARCH_ENCRYPTED_AT_REST ENCRYPTED_VOLUMES RDS_STORAGE_ENCRYPTED REDSHIFT_CLUSTER_CONFIGURATION_CHECK S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED SNS_ENCRYPTED_KMS EC2_EBS_ENCRYPTION_BY_DEFAULT DYNAMODB_TABLE_ENCRYPTED_KMS DYNAMODB_TABLE_ENCRYPTION_ENABLED RDS_SNAPSHOT_ENCRYPTED S3_DEFAULT_ENCRYPTION_KMS DAX_ENCRYPTION_ENABLED EKS_SECRETS_ENCRYPTED Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html",,AUTOMATED,"{""events"": [ { ""eventSelector"": ""iam_ListRoles"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""listRoles"", ""Service"": ""iam"" } }, { ""eventSelector"": ""iam_ListUsers"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""listUsers"", ""Service"": ""iam"" } }, { ""eventSelector"": ""iam_ListGroups"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""listGroups"", ""Service"": ""iam"" } }, { ""eventSelector"": ""iam_ListPolicies"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""listPolicies"", ""Service"": ""iam"" } }, { ""eventSelector"": ""ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_ACM_CERTIFICATE_REQUIRED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_REQUIRE_TLS_SSL"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_SSL_REQUESTS_ONLY"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUDFRONT_VIEWER_POLICY_HTTPS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ALB_HTTP_DROP_INVALID_HEADER_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_TLS_HTTPS_LISTENERS_ONLY"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUD_TRAIL_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUDWATCH_LOG_GROUP_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EFS_ENCRYPTED_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELASTICSEARCH_ENCRYPTED_AT_REST"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ENCRYPTED_VOLUMES"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_STORAGE_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_CLUSTER_CONFIGURATION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""SNS_ENCRYPTED_KMS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_EBS_ENCRYPTION_BY_DEFAULT"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_TABLE_ENCRYPTED_KMS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_TABLE_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_SNAPSHOT_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_DEFAULT_ENCRYPTION_KMS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DAX_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EKS_SECRETS_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" } ]}",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Access Management 3.2.3 - Credential Management - Secret Management,Everest Automated - AC 3.2.3,Access Management,AWS Config,Is there a secrets management service in place?,,ACTIVE,,"Specify/Establish if there is a secrets management in place. AWS Config Rules : SECRETSMANAGER_ROTATION_ENABLED_CHECK SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK",,AUTOMATED,"{ ""events"": [ {""eventSelector"": ""SECRETSMANAGER_ROTATION_ENABLED_CHECK"", ""eventSourceName"": ""CloudTrail-Config""}, {""eventSelector"": ""SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK"", ""eventSourceName"": ""CloudTrail-Config""} ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Application Security 4.1.4 - Secure Software Development Lifecycle - Secure Connection,Everest Automated - Appsec 4.1.4,Application Security,AWS Config,Is SSL enabled for all web pages/communications that uses customer data?,,ACTIVE,,"Specify/Establish if a secure connection (like SSL) is used for all communications with customer data. AWS Config Rules : ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK ELB_TLS_HTTPS_LISTENERS_ONLY Learn more at https://docs.aws.amazon.com/config/latest/developerguide/alb-http-to-https-redirection-check.html https://docs.aws.amazon.com/config/latest/developerguide/elb-tls-https-listeners-only.html",,AUTOMATED,"{ ""events"": [ {""eventSelector"": ""ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK"", ""eventSourceName"": ""CloudTrail-Config""}, {""eventSelector"": ""ELB_TLS_HTTPS_LISTENERS_ONLY"", ""eventSourceName"": ""CloudTrail-Config""} ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Application Security 4.1.5 - Secure Software Development Lifecycle - Image Backup,Everest Automated - Appsec 4.1.5,Application Security,AWS Config,Are image snapshots backed up?,,ACTIVE,,"Specify if image snapshots are backed up. If yes, is there a process to ensure that image snapshots containing scoped data are authorized prior to being snapped? Is access control implemented for the image snapshots? AWS Config Rule(s): DB_INSTANCE_BACKUP_ENABLED DYNAMODB_PITR_ENABLED ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK S3_BUCKET_REPLICATION_ENABLED DYNAMODB_IN_BACKUP_PLAN EBS_IN_BACKUP_PLAN EFS_IN_BACKUP_PLAN RDS_IN_BACKUP_PLAN REDSHIFT_BACKUP_ENABLED RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK BACKUP_RECOVERY_POINT_ENCRYPTED IAM_GROUP_HAS_USERS_CHECK IAM_POLICY_BLACKLISTED_CHECK IAM_POLICY_IN_USE IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS IAM_ROLE_MANAGED_POLICY_CHECK IAM_USER_GROUP_MEMBERSHIP_CHECK IAM_USER_NO_POLICIES_CHECK IAM_USER_UNUSED_CREDENTIALS_CHECK IAM_NO_INLINE_POLICY_CHECK RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED API_GW_CACHE_ENABLED_AND_ENCRYPTED CLOUD_TRAIL_ENCRYPTION_ENABLED CLOUDWATCH_LOG_GROUP_ENCRYPTED EFS_ENCRYPTED_CHECK ELASTICSEARCH_ENCRYPTED_AT_REST ENCRYPTED_VOLUMES RDS_STORAGE_ENCRYPTED REDSHIFT_CLUSTER_CONFIGURATION_CHECK S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED SNS_ENCRYPTED_KMS EC2_EBS_ENCRYPTION_BY_DEFAULT DYNAMODB_TABLE_ENCRYPTED_KMS DYNAMODB_TABLE_ENCRYPTION_ENABLED RDS_SNAPSHOT_ENCRYPTED S3_DEFAULT_ENCRYPTION_KMS DAX_ENCRYPTION_ENABLED EKS_SECRETS_ENCRYPTED RDS_LOGGING_ENABLED WAF_CLASSIC_LOGGING_ENABLED WAFV2_LOGGING_ENABLED ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK ELB_ACM_CERTIFICATE_REQUIRED ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK REDSHIFT_REQUIRE_TLS_SSL CLOUDFRONT_VIEWER_POLICY_HTTPS ALB_HTTP_DROP_INVALID_HEADER_ENABLED ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK ELB_TLS_HTTPS_LISTENERS_ONLY ACM_CERTIFICATE_EXPIRATION_CHECK Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""DB_INSTANCE_BACKUP_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_PITR_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_REPLICATION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EBS_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EFS_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_BACKUP_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""BACKUP_RECOVERY_POINT_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""IAM_GROUP_HAS_USERS_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""IAM_POLICY_BLACKLISTED_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""IAM_POLICY_IN_USE"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""IAM_ROLE_MANAGED_POLICY_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""IAM_USER_GROUP_MEMBERSHIP_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""IAM_USER_NO_POLICIES_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""IAM_USER_UNUSED_CREDENTIALS_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""IAM_NO_INLINE_POLICY_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""API_GW_CACHE_ENABLED_AND_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUD_TRAIL_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUDWATCH_LOG_GROUP_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EFS_ENCRYPTED_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELASTICSEARCH_ENCRYPTED_AT_REST"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ENCRYPTED_VOLUMES"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_STORAGE_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_CLUSTER_CONFIGURATION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""SNS_ENCRYPTED_KMS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_EBS_ENCRYPTION_BY_DEFAULT"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_TABLE_ENCRYPTED_KMS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_TABLE_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_SNAPSHOT_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_DEFAULT_ENCRYPTION_KMS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DAX_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EKS_SECRETS_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""WAF_CLASSIC_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""WAFV2_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_ACM_CERTIFICATE_REQUIRED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_REQUIRE_TLS_SSL"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUDFRONT_VIEWER_POLICY_HTTPS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ALB_HTTP_DROP_INVALID_HEADER_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_TLS_HTTPS_LISTENERS_ONLY"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ACM_CERTIFICATE_EXPIRATION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" } ] } ",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Application Security 4.2.3 - Application Security Review - Security Patches,Everest Automated - Appsec 4.2.3,Application Security,AWS Config,Are all available high-risk security patches applied and verified at least monthly?,,ACTIVE,,"Specify if high risk security patches are applied regularly. If yes, how often is it applied? AWS Config Rule(s): EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK EC2_INSTANCE_MANAGED_BY_SSM EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html Review Inspector Reports Learn more at: https://docs.aws.amazon.com/cli/latest/reference/ssm/describe-instance-patch-states.html ",,AUTOMATED,"{""events"": [ { ""eventSelector"": ""EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_INSTANCE_MANAGED_BY_SSM"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" } ]}",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Application Security 4.3.1 - Application Logs - Alerts on Application Logs,Everest Automated - Appsec 4.3.1,Application Security,AWS Config,Are application logs collected and reviewed? Do you have tools/alerts in place to monitor events uncover potential incidents?,,ACTIVE,,"Collection of logs are automated using AWS Config Rules. AWS Config Rule(s): API_GW_EXECUTION_LOGGING_ENABLED CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED CLOUD_TRAIL_ENABLED CLOUDTRAIL_S3_DATAEVENTS_ENABLED ELB_LOGGING_ENABLED MULTI_REGION_CLOUD_TRAIL_ENABLED S3_BUCKET_LOGGING_ENABLED VPC_FLOW_LOGS_ENABLED RDS_LOGGING_ENABLED WAF_CLASSIC_LOGGING_ENABLED WAFV2_LOGGING_ENABLED REDSHIFT_CLUSTER_CONFIGURATION_CHECK CLOUD_TRAIL_ENCRYPTION_ENABLED Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html ",,AUTOMATED,"{ ""events"": [ {""eventSelector"": ""CLOUD_TRAIL_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config""}, { ""eventSelector"": ""API_GW_EXECUTION_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUD_TRAIL_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUDTRAIL_S3_DATAEVENTS_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""MULTI_REGION_CLOUD_TRAIL_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_CLUSTER_CONFIGURATION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Application Security 4.3.2 - Application Logs - Access to Logs,Everest Automated - Appsec 4.3.2,Application Security,AWS Config,"Are operating system and application logs protected against modification, deletion, and/or inappropriate access?",,ACTIVE,,"Establish that operating system and application logs are protected against modification, deleted and/or inappropriate access AWS Config Rules: CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED S3_BUCKET_VERSIONING_ENABLED ",,AUTOMATED,"{ ""events"": [ {""eventSelector"": ""CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config""}, { ""eventSelector"": ""S3_BUCKET_VERSIONING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Application Security 4.4.2 - Change Control Policy - Change Control Procedures,Everest Automated - Appsec 4.4.2,Application Security,AWS Config,Are change control procedures required for all changes to the production environment?,,ACTIVE,,"Specify if change control procedures are in place for all changes made in the production environment. AWS Config Rule(s): CLOUD_TRAIL_ENABLED Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""CLOUD_TRAIL_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" } ] } ",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Risk Management/Incident Response 5.1.2 - Risk Assessment - Risk Management Process,Everest Automated - IR 5.1.2,Risk Management/Incident Response,AWS Config,Is there a program/process to manage the treatment of risks identified during assessments?,,ACTIVE,,"Specify if there is a program/process to manage risks and their mitigations. AWS Config Rule(s): SECURITYHUB_ENABLED CLOUD_TRAIL_ENABLED Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html ",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""SECURITYHUB_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUD_TRAIL_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" } ] } ",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Risk Management/Incident Response 5.2.5 - Incident Management - Incident Recovery,Everest Automated - IR 5.2.5,Risk Management/Incident Response,AWS Config,Do you have disaster recovery plans?,,ACTIVE,,"Specify if you have plans for recovery after an incident occurs. If yes, can you share details about the recovery plans? AWS Config Rule(s): DYNAMODB_AUTOSCALING_ENABLED ELB_DELETION_PROTECTION_ENABLED RDS_MULTI_AZ_SUPPORT S3_BUCKET_VERSIONING_ENABLED VPC_VPN_2_TUNNELS_UP DB_INSTANCE_BACKUP_ENABLED DYNAMODB_PITR_ENABLED ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK S3_BUCKET_REPLICATION_ENABLED DYNAMODB_IN_BACKUP_PLAN EBS_IN_BACKUP_PLAN EFS_IN_BACKUP_PLAN ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED RDS_IN_BACKUP_PLAN REDSHIFT_BACKUP_ENABLED RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK BACKUP_RECOVERY_POINT_ENCRYPTED Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html ",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""DYNAMODB_AUTOSCALING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_DELETION_PROTECTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_MULTI_AZ_SUPPORT"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_VERSIONING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""VPC_VPN_2_TUNNELS_UP"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DB_INSTANCE_BACKUP_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_PITR_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_REPLICATION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EBS_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EFS_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_BACKUP_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""BACKUP_RECOVERY_POINT_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Risk Management/Incident Response 5.3.1 - Incident Detection - Comprehensive Logging,Everest Automated - IR 5.3.1,Risk Management/Incident Response,AWS Config,Is there comprehensive logging?,,ACTIVE,,"Specify if there is comprehensive logging enabled. Identify the types of events that the system is capable of logging. AWS Config Rule(s): API_GW_EXECUTION_LOGGING_ENABLED CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED CLOUDTRAIL_S3_DATAEVENTS_ENABLED CLOUD_TRAIL_ENABLED ELB_LOGGING_ENABLED MULTI_REGION_CLOUD_TRAIL_ENABLED S3_BUCKET_LOGGING_ENABLED VPC_FLOW_LOGS_ENABLED RDS_LOGGING_ENABLED WAFV2_LOGGING_ENABLED REDSHIFT_CLUSTER_CONFIGURATION_CHECK Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html ",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""API_GW_EXECUTION_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUDTRAIL_S3_DATAEVENTS_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUD_TRAIL_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""MULTI_REGION_CLOUD_TRAIL_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""VPC_FLOW_LOGS_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""WAFV2_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_CLUSTER_CONFIGURATION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Business Resiliency & Continuity 6.1.7 - Business Resiliency - Health of the System,Everest Automated - BC 6.1.7,Business Resiliency & Continuity,AWS Config,Do you have monitors/alerts to understand the health of the system?,,ACTIVE,,"Specify if monitors/alerts are in place to understand the health of the system. AWS Config Rules : AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED",,AUTOMATED,"{ ""events"": [ {""eventSelector"": ""AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED"", ""eventSourceName"": ""CloudTrail-Config""} ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Business Resiliency & Continuity 6.2.3 - Business Continuity - Systems to Assure Business Continuity,Everest Automated - BC 6.2.3,Business Resiliency & Continuity,AWS Config,Do you have a system in place to assure business continuity in case of a failure?,,ACTIVE,,"Specify if you have a system in place to assure business continuity in case of a failure. If yes, within how long will this system be activated? Could you provide more details? AWS Config Rule(s): DYNAMODB_AUTOSCALING_ENABLED ELB_DELETION_PROTECTION_ENABLED RDS_MULTI_AZ_SUPPORT S3_BUCKET_VERSIONING_ENABLED VPC_VPN_2_TUNNELS_UP DB_INSTANCE_BACKUP_ENABLED DYNAMODB_PITR_ENABLED ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK S3_BUCKET_REPLICATION_ENABLED DYNAMODB_IN_BACKUP_PLAN EBS_IN_BACKUP_PLAN EFS_IN_BACKUP_PLAN ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED RDS_IN_BACKUP_PLAN REDSHIFT_BACKUP_ENABLED RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK BACKUP_RECOVERY_POINT_ENCRYPTED Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html ",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""DB_INSTANCE_BACKUP_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_PITR_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EBS_OPTIMIZED_INSTANCE"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_REPLICATION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_VERSIONING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EBS_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EFS_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_BACKUP_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_IN_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_AUTOSCALING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_DELETION_PROTECTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_MULTI_AZ_SUPPORT"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""VPC_VPN_2_TUNNELS_UP"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""BACKUP_RECOVERY_POINT_ENCRYPTED"", ""eventSourceName"": ""CloudTrail-Config"" } ] } ",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ End User Device Security 7.1.1 - Asset/Software Inventory - Asset Inventory,Everest Automated - ES 7.1.1,End User Device Security,"AWS Config, API Calls",Is there an asset inventory list? Is it updated periodically?,,ACTIVE,,"Specify if an asset inventory is maintained. If yes, how often is it updated? AWS Config Rule(s): REQUIRED_TAGS EC2_INSTANCE_MANAGED_BY_SSM Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html List systems inventory",,AUTOMATED,"{ ""events"": [ {""eventSelector"": ""MULTI_REGION_CLOUD_TRAIL_ENABLED"", ""eventSourceName"": ""CloudTrail-Config""}, { ""eventSelector"": ""CLOUD_TRAIL_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""VPC_FLOW_LOGS_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""cloudtrail_DescribeTrails"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""describeTrails"", ""Service"": ""cloudtrail"" } }, { ""eventSelector"": ""REQUIRED_TAGS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_INSTANCE_MANAGED_BY_SSM"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ End User Device Security 7.1.2 - Asset/Software Inventory - Software and Applications Inventory,Everest Automated - ES 7.1.2,End User Device Security,AWS Config,Are all installed software platforms and applications on scoped systems inventoried?,,ACTIVE,,"Specify if inventory of all installed softwares and applications is maintained. If yes, how often is it updated? Need full inventory showing all instances, dbs, components System manager or AWS Config to support maintaining inventories AWS Config Rule(s): EC2_SECURITY_GROUP_ATTACHED_TO_ENI EIP_ATTACHED EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK EC2_INSTANCE_MANAGED_BY_SSM Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html ",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""EC2_SECURITY_GROUP_ATTACHED_TO_ENI"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EIP_ATTACHED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_INSTANCE_MANAGED_BY_SSM"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ End User Device Security 7.2.1 - Asset Security - Security Patches,Everest Automated - ES 7.2.1,End User Device Security,AWS Config,Are all available high-risk security patches applied and verified at least monthly on all server platforms?,,ACTIVE,,"Specify if all high risk security patches are applied at least monthly. If no, how often is it applied? Can you provide more details on how you manage patching? AWS Config Rule(s): EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK EC2_INSTANCE_MANAGED_BY_SSM EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html Review Inspector Reports Learn more at: https://docs.aws.amazon.com/cli/latest/reference/ssm/describe-instance-patch-states.html",,AUTOMATED,"{""events"": [ { ""eventSelector"": ""EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_INSTANCE_MANAGED_BY_SSM"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" } ]}",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ End User Device Security 7.3.1 - Device Logs - Sufficient Details in Logs,Everest Automated - ES 7.3.1,End User Device Security,AWS Config,Are sufficient details logged in operating system and device logs to support incident investigation?,,ACTIVE,,"Specify if sufficient details (like successful and failed login attempts and changes to sensitive configuration settings and files) are included in the logs to support incident investigation. If no, can you provide more details on how you handle incident investigation? AWS Config Rule(s): API_GW_EXECUTION_LOGGING_ENABLED CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED CLOUD_TRAIL_ENABLED CLOUDTRAIL_S3_DATAEVENTS_ENABLED ELB_LOGGING_ENABLED MULTI_REGION_CLOUD_TRAIL_ENABLED S3_BUCKET_LOGGING_ENABLED VPC_FLOW_LOGS_ENABLED RDS_LOGGING_ENABLED WAF_CLASSIC_LOGGING_ENABLED WAFV2_LOGGING_ENABLED REDSHIFT_CLUSTER_CONFIGURATION_CHECK Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html",,AUTOMATED,"{ ""events"": [ {""eventSelector"": ""CLOUD_TRAIL_ENCRYPTION_ENABLED"", ""eventSourceName"": ""CloudTrail-Config""}, { ""eventSelector"": ""API_GW_EXECUTION_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUD_TRAIL_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""CLOUDTRAIL_S3_DATAEVENTS_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ELB_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""MULTI_REGION_CLOUD_TRAIL_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""S3_BUCKET_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""VPC_FLOW_LOGS_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RDS_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""WAF_CLASSIC_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""WAFV2_LOGGING_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""REDSHIFT_CLUSTER_CONFIGURATION_CHECK"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Infrastructure Security 8.2.1 - Network Security - Production Environment Open to External Network Connections,Everest Automated - IS 8.2.1,Infrastructure Security,API Calls,Is the production environment/systems open to external network connections?,,ACTIVE,,"Specify if the production environment is open to external network connections. If yes, how do you control access? List all security groups, NACLs, routes, and VPCs",,AUTOMATED,"{""events"": [ { ""eventSelector"": ""ec2_DescribeVpcs"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""describeVpcs"", ""Service"": ""ec2"" } }, { ""eventSelector"": ""ec2_DescribeSecurityGroups"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""describeSecurityGroups"", ""Service"": ""ec2"" } }, { ""eventSelector"": ""ec2_DescribeNetworkAcls"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""describeNetworkAcls"", ""Service"": ""ec2"" } }, { ""eventSelector"": ""ec2_DescribeRouteTables"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""describeRouteTables"", ""Service"": ""ec2"" } } ]}",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Infrastructure Security 8.2.2 - Network Security - Use of Firewalls,Everest Automated - IS 8.2.2,Infrastructure Security,"API Calls, AWS Config",Are firewalls used to isolate critical and sensitive systems into network segments separate from network segments with less sensitive systems?,,ACTIVE,,"Specify if firewalls are used to isolate critical and sensitive segments from segments with less sensitive systems Describe all VPC IDs, security groups, NACLs, routes, and endpoints List all AWS WAF that contain IP source rules AWS Config Rule(s): INCOMING_SSH_DISABLED RESTRICTED_INCOMING_TRAFFIC VPC_DEFAULT_SECURITY_GROUP_CLOSED VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS ALB_WAF_ENABLED Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""ec2_CreateSecurityGroup"", ""eventSourceName"": ""CloudTrail"" }, { ""eventSelector"": ""ec2_CreateRoute"", ""eventSourceName"": ""CloudTrail"" }, { ""eventSelector"": ""ec2_CreateNetworkAcl"", ""eventSourceName"": ""CloudTrail"" }, { ""eventSelector"": ""INCOMING_SSH_DISABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""RESTRICTED_INCOMING_TRAFFIC"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""VPC_DEFAULT_SECURITY_GROUP_CLOSED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ALB_WAF_ENABLED"", ""eventSourceName"": ""CloudTrail-Config"" }, { ""eventSelector"": ""ec2_DescribeVpcs"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""describeVpcs"", ""Service"": ""ec2"" } }, { ""eventSelector"": ""ec2_DescribeSecurityGroups"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""describeSecurityGroups"", ""Service"": ""ec2"" } }, { ""eventSelector"": ""ec2_DescribeNetworkAcls"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""describeNetworkAcls"", ""Service"": ""ec2"" } }, { ""eventSelector"": ""ec2_DescribeRouteTables"", ""eventSourceName"": ""S2S"", ""eventInputConfig"": { ""Action"": ""describeRouteTables"", ""Service"": ""ec2"" } } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/ Infrastructure Security 8.2.4 - Network Security - Intrusion Detection/Prevention Systems,Everest Automated - IS 8.2.4,Infrastructure Security,AWS Config,Are intrusion detection/prevention systems employed in all sensitive network zones and wherever firewalls are enabled?,,ACTIVE,,"Specify if intrusion detection/prevention systems are enabled in all sensitive network zones. AWS Config Rule(s): GUARDDUTY_ENABLED_CENTRALIZED Learn more at: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html ",,AUTOMATED,"{ ""events"": [ { ""eventSelector"": ""GUARDDUTY_ENABLED_CENTRALIZED"", ""eventSourceName"": ""CloudTrail-Config"" } ] }",Third Party Software Risk Automated Assessment Template,Third Party Software Risk Automated Assessment,Third Party Software Risk Assessment is used for gathering information required to assess risks and threats in a third party softwares. This template is a subset of the Third Party Software Risk Assessment Template. This is used to gather evidence automatically from your AWS accounts that are used for hosting your SaaS solutions.,,,ACTIVE,buyer.svg,AWS Custom Risk Asssessment,AWS,https://aws.amazon.com/marketplace/