aws_compliance

AWS Compliance

You can do real-time monitoring of API calls by directing CloudTrail logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Security Hub recommends that you create a metric filter and alarm console logins that aren't protected by MFA.

log_metric_filter_console_login_mfa

nist_800_171_rev_2_3_12_1

3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application

nist_800_171_rev_2_3_12_3

3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls

nist_800_171_rev_2_3_12_4

3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems

article_25

Article 25 Data protection by design and by default

all_controls_cloudwatch

CloudWatch

nist_csf_de_cm_2

DE.CM-2

nist_csf_id_ra_1

ID.RA-1

nist_csf_id_ra_5

ID.RA-5

nist_csf_id_sc_4

ID.SC-4

Ensure a log metric filter and alarm exist for AWS Management Console sign-in without MFA

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: Ensure a log metric filter and alarm exist for AWS Management Console sign-in without MFA

Description

Usage

SQL

Tags