AWS
AWS Diagnosis Items
| Category | Resource | Option | Item | Description | Risk Level | ISO27001 | CSAP | ISMS-P | Stability Assessment |
|---|---|---|---|---|---|---|---|---|---|
| Backup | Backup Vault | Kms Key Name | Encryption | KMS Not Applied | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Cloudfront | Cloudfront Distribution | Logging > Logging Enabled | Logging Monitoring | Logging Disabled | MEDIUM | 9.1 Monitoring, measurement, analysis and evaluation | 7.2.2 Audit Records and Monitoring | 2.11 Incident Prevention and Response | 1.4.1 Security Audit |
| Cloudfront | Cloudfront Distribution | Linked Waf Web Acl Name | Network Security | Absence of Web Application Firewall | HIGH | 8.1 Operational planning and control | 11.1.1 Network Security Policy Establishment | 2.10 System and Service Security Management | 8.3.1 Infrastructure Security |
| Cloudfront | Cloudfront Distribution | Viewer Certificate > Default Certificate Enabled, Viewer Certificate > Minimum Protocol Version | Encryption | Use of Vulnerable TLS Versions | HIGH | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Cloudfront | Cloudfront Distribution | Cache Behavior > Viewer Protocol Policy | Encryption | Allow All Protocols | CRITICAL | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Cloudtrail | Cloudtrail | Multi Region Enabled | Logging Monitoring | Multi-Region Configuration Disabled | MEDIUM | 9.1 Monitoring, measurement, analysis and evaluation | 7.2.2 Audit Records and Monitoring | 2.11 Incident Prevention and Response | 1.4.1 Security Audit |
| Cloudwatch | Cloudwatch | Retention In Days | Logging Monitoring | Log Retention Period Less Than 1 Year | MEDIUM | 9.1 Monitoring, measurement, analysis and evaluation | 7.2.2 Audit Records and Monitoring | 2.11 Incident Prevention and Response | 1.4.1 Security Audit |
| Cloudwatch | Cloudwatch | Kms Key Name | Encryption | KMS Not Applied | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Dynamodb | Dynamodb | Point In Time Recovery Enabled | Data Protection | Point-in-Time Recovery Disabled | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Dynamodb | Dynamodb | Server Side Encryption > Encryption Enabled | Encryption | Encryption Disabled | HIGH | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Ec2 | Instance | Http Tokens | Access Control | Session Token Disabled | HIGH | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Ecr | Ecr Repository | Policy > Effect, Policy > Enabled Not Action, Policy > Actions | Access Control | Full Access Granted | HIGH | 8.1 Operational planning and control | 10.2.1. User Registration and Authorization | 2.5 Authentication and Authorization Management | 7.2.2 Access Rights Management |
| Ecr | Ecr Repository | Scan On Push | Data Protection | Image Scan Disabled | HIGH | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Ecr | Ecr Repository | Image Tag Mutability | Data Protection | Tag Modifiable | HIGH | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Ecr | Ecr Repository | Encryption Type | Encryption | KMS Not Applied >> Image data is strongly protected using AES256 encryption. | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Ecs | Ecs Cluster | Set Container Insights | Logging Monitoring | CloudWatch Container Insights disabled. | LOW | 9.1 Monitoring, measurement, analysis and evaluation | 7.2.2 Audit Records and Monitoring | 2.11 Incident Prevention and Response | 1.4.1 Security Audit |
| Ecs | Ecs Cluster | Logging | Logging Monitoring | Logging disabled | LOW | 9.1 Monitoring, measurement, analysis and evaluation | 7.2.2 Audit Records and Monitoring | 2.11 Incident Prevention and Response | 1.4.1 Security Audit |
| Ecs | Ecs Cluster | Logging, Cloud Watch Encryption Enabled | Encryption | Log Encryption Disabled | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Ecs | Ecs Cluster | Kms Key Name | Encryption | KMS Not Applied | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Efs | Efs | Access Point > Root Directory Path | Access Control | Exposure of entire file system | HIGH | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Efs | Efs | Enable Encrypted | Encryption | Encryption Disabled | HIGH | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Eks | Eks Cluster | Enabled Cluster Log Types | Logging Monitoring | Partial logging configuration disabled | MEDIUM | 9.1 Monitoring, measurement, analysis and evaluation | 7.2.2 Audit Records and Monitoring | 2.11 Incident Prevention and Response | 1.4.1 Security Audit |
| Eks | Eks Cluster | Endpoint Access Type, Public Access Cidrs | Access Control | Exposed entire CIDR range to the public network | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Eks | Eks Cluster | Endpoint Access Type | Access Control | EKS exposed to the public | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Eks | Eks Cluster | Enabled Encryption | Encryption | secret Encryption Disabled | HIGH | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Elasticache | Elasticache Cluster | Snapshot Retention Limit | Data Protection | Snapshot retention period setting is missing | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Elasticsearch | Elasticsearch | Tls Security Policy | Encryption | Use of Vulnerable TLS Versions | HIGH | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Elasticsearch | Elasticsearch | Encryption > Data At Rest Encryption Enabled | Encryption | Stored Data Encryption Disabled | HIGH | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Elasticsearch | Elasticsearch | Encryption > Node To Node Encryption Enabled | Encryption | Node-to-Node Traffic Encryption Disabled | HIGH | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Elasticsearch | Elasticsearch | Encryption > Kms Key Name | Encryption | KMS Not Applied | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Elasticsearch | Elasticsearch | Encryption > Enforce Https | Encryption | Unencrypted Protocols Allowed | CRITICAL | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Kms | Kms Key | Enable Key Rotation | Encryption | Key Rotation Disabled | MEDIUM | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Lambda Function | Lambda Function | Tracing Enabled | Logging Monitoring | Lambda X-Ray Tracing Disabled | LOW | 9.1 Monitoring, measurement, analysis and evaluation | 7.2.2 Audit Records and Monitoring | 2.11 Incident Prevention and Response | 1.4.1 Security Audit |
| Lambda Function | Lambda Function | Environment Variable | Data Protection | Secret Information Included in Environment Variables | CRITICAL | - | 9.1.1. Virtual Resource Management | 2.10 System and Service Security Management | 8.1.1 Virtualization Security |
| Lambda Function | Lambda Function | Included Subnet Names, Linked Security Group Names | Network Security | Security Group Not Configured | HIGH | 8.1 Operational planning and control | 11.1.1 Network Security Policy Establishment | 2.10 System and Service Security Management | 8.3.1 Infrastructure Security |
| Lb | Lb | Internal | Access Control | Load Balancer Exposed Externally | HIGH | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Lb | Lb | Drop Invalid Header | Network Security | Inadequate Header Blocking Configuration Disabled | HIGH | 8.1 Operational planning and control | 11.1.1 Network Security Policy Establishment | 2.10 System and Service Security Management | 8.3.1 Infrastructure Security |
| Lb | Lb | Listener > Ssl Policy | Encryption | Use of Vulnerable TLS Versions | HIGH | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Lb | Lb | Listener > Protocol | Encryption | Use of Unencrypted Protocols Allowed | CRITICAL | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Rds | Aurora | Monitoring > Performance Insights Enabled | Logging Monitoring | Performance Insights Disabled | LOW | 9.1 Monitoring, measurement, analysis and evaluation | 7.2.2 Audit Records and Monitoring | 2.11 Incident Prevention and Response | 1.4.1 Security Audit |
| Rds | Aurora | Multi Az Enabled | Data Protection | Multi-AZ Configuration Disabled | HIGH | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.1 Service Availability |
| Rds | Aurora | Backup > Backup Retention Period | Data Protection | Using Default Value for Data Retention Period | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Rds | Aurora | Monitoring > Performance Insights Enabled, Monitoring > Kms Key Name | Encryption | Performance Insights Encryption Disabled | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Rds | Aurora | Encryption > Storage Encrypted | Encryption | RDS Cluster Encryption Disabled | HIGH | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Rds | Mariadb, Mssql, Mysql, Oracle, Postgresql | Monitoring > Performance Insights Enabled | Logging Monitoring | Performance Insights Disabled | LOW | 9.1 Monitoring, measurement, analysis and evaluation | 7.2.2 Audit Records and Monitoring | 2.11 Incident Prevention and Response | 1.4.1 Security Audit |
| Rds | Mariadb, Mssql, Mysql, Oracle, Postgresql | Multi Az Enabled | Data Protection | Multi-AZ Configuration Disabled | HIGH | 8.1 Operational planning and control | 6.2.2. Redundancy and Backup | 2.9 System and Service Operation Management | 5.2.1 Service Availability |
| Rds | Mariadb, Mssql, Mysql, Oracle, Postgresql | Publicly Accessible | Access Control | Public Access to Database Allowed | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Rds | Mariadb, Mssql, Mysql, Oracle, Postgresql | Backup > Backup Retention Period | Data Protection | Using Default Value for Data Retention Period | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Rds | Mariadb, Mssql, Mysql, Oracle, Postgresql | Monitoring > Performance Insights Enabled, Monitoring > Kms Key Name | Encryption | Performance Insights Encryption Disabled | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Rds | Mariadb, Mssql, Mysql, Oracle, Postgresql | Encryption > Storage Encrypted | Encryption | RDS Database Encryption Disabled | HIGH | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| S3 | S3 Bucket | Enabled Logging | Logging Monitoring | Logging Disabled | MEDIUM | 9.1 Monitoring, measurement, analysis and evaluation | 7.2.2 Audit Records and Monitoring | 2.11 Incident Prevention and Response | 1.4.1 Security Audit |
| S3 | S3 Bucket | Public Access Block > Block Public Acls | Access Control | Public ACL Block Disabled | HIGH | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| S3 | S3 Bucket | Public Access Block > Block Public Policy | Access Control | Public Policy Block Disabled | HIGH | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| S3 | S3 Bucket | Public Access Block > Ignore Public Acls | Access Control | Public ACL Ignored Disabled | HIGH | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| S3 | S3 Bucket | Public Access Block > Restrict Public Buckets | Access Control | Public Bucket Policy Restrictions Disabled | HIGH | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| S3 | S3 Bucket | Versioning Status | Data Protection | Versioning Disabled | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| S3 | S3 Bucket | Sse Algorithm | Encryption | KMS Not Applied >> Image data is strongly protected using AES256 encryption. | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| S3 | S3 Bucket | Sse Algorithm, Kms Key Name | Encryption | KMS Not Applied | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Sns | Sns Topic | Kms Key Name | Encryption | KMS Not Applied | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Vpc | Endpoint Service | Acceptance Required | Access Control | Manual Approval for Connection Requests Disabled | LOW | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Vpc | Network Acl | Ingress > Cidr Block, Ingress > Action, Ingress > From Port, To Port | Access Control | FTP Access Allowed from the Internet | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Vpc | Network Acl | Ingress > Cidr Block, Ingress > Action, Ingress > From Port, To Port | Access Control | SSH Access Allowed from the Internet | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Vpc | Network Acl | Ingress > Cidr Block, Ingress > Action, Ingress > From Port, To Port | Access Control | HTTP Access Allowed from the Internet | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Vpc | Network Acl | Ingress > Cidr Block, Ingress > Action, Ingress > From Port, To Port | Access Control | RDP Access Allowed from the Internet | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Vpc | Network Acl | Ingress > Cidr Block | Access Control | CIDR Exposed Entirely | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Vpc | Network Acl | Ingress > Protocol | Access Control | All Ports Exposed | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Vpc | Network Firewall | Enabled Delete Protection | Network Security | Delete Protection Disabled | MEDIUM | 8.1 Operational planning and control | 12.1.4. Data Protection | 2.9 System and Service Operation Management | 10.1.4 Data Protection |
| Vpc | Network Firewall | Encryption Configuration > Enabled Custom Configuration | Encryption | KMS Not Applied | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Vpc | Network Firewall Policy | Encryption Configuration > Enabled Custom Configuration | Encryption | KMS Not Applied | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Vpc | Network Firewall Rule Group | Encryption Configuration > Enabled Custom Configuration | Encryption | KMS Not Applied | LOW | 8.1 Operational planning and control | 12.3.1. Encryption Policy Establishment | 2.7 Cryptography Application | 10.2.1 Encryption |
| Vpc | Security Group | Description | Logging Monitoring | Lack of descriptions in the security group makes management and identification difficult | LOW | 9.1 Monitoring, measurement, analysis and evaluation | 7.2.2 Audit Records and Monitoring | 2.11 Incident Prevention and Response | 1.4.1 Security Audit |
| Vpc | Security Group | Ingress > Description | Logging Monitoring | Lack of descriptions in the inbound rules makes it difficult to understand the purpose of specific rules | LOW | 9.1 Monitoring, measurement, analysis and evaluation | 7.2.2 Audit Records and Monitoring | 2.11 Incident Prevention and Response | 1.4.1 Security Audit |
| Vpc | Security Group | Egress > Description | Logging Monitoring | Lack of descriptions in the outbound rules makes it difficult to understand the purpose of specific rules | LOW | 9.1 Monitoring, measurement, analysis and evaluation | 7.2.2 Audit Records and Monitoring | 2.11 Incident Prevention and Response | 1.4.1 Security Audit |
| Vpc | Security Group | Ingress > Cidr Block | Access Control | CIDR Exposed Entirely | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Vpc | Security Group | Ingress > Cidr Block, Ingress > From Port, To Port | Access Control | FTP Access Allowed from the Internet | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Vpc | Security Group | Ingress > Cidr Block, Ingress > From Port, To Port | Access Control | SSH Access Allowed from the Internet | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Vpc | Security Group | Ingress > Cidr Block, Ingress > From Port, To Port | Access Control | HTTP Access Allowed from the Internet | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Vpc | Security Group | Ingress > Cidr Block, Ingress > From Port, To Port | Access Control | RDP Access Allowed from the Internet | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Vpc | Security Group | Egress > Cidr Block | Access Control | CIDR Exposed Entirely | CRITICAL | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |
| Vpc | Subnet | Pip Enable | Access Control | subnet public 노출 | HIGH | 8.1 Operational planning and control | 10.1.1. Access Control Policy Establishment | 2.6 Access Control | 7.1.1 Access Control Policy |