-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GDPR group of checks #189
Labels
Comments
toniblyx
added
feature-request
New feature request for Prowler.
help wanted
need information
new check idea
labels
Mar 12, 2018
Included in v2.0 |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Based on this public document:
https://d1.awsstatic.com/whitepapers/compliance/GDPR_Compliance_on_AWS.pdf I have identified the checks below (some of them are more than a single check), and most of them are already implemented. Still thinking on the list, any help/feedback is more than welcomed here:
Data Access Controls
-Fine granular access to AWS object in S3-Buckets:
extra718
andextra725
-Fine granular access to SQS:
extra727
-Fine granular access to SNS:
extra731
-Multi-Factor-Authentication (MFA):
check12
,check113
,check114
,extra71
-API-Request Authentication: this is about AWS API, entire IAM
group1
may apply-Geo-Restrictions (CloudFront):
extra732
-Temporary access tokens through STS:
extra733
, probably a query to see if identity federation is configured?Monitoring and Logging
-Asset-Management and Configuration with AWS Config:
check25
,check39
,-Compliance Auditing and security analytics with AWS CloudTrail:
check21
,check22
,check23
,check24
,check26
,check27
,check35
-Identifications of configuration challenges through TrustedAdvisor
extra726
show TA errors and warnings.-Server access logs: this should be instances log? we can add service logs like
extra714
,extra715
,extra717
,extra719
,extra720
,extra721
,extra722
-VPC-FlowLogs:
check43
-AWS Config Rules:
check25
already-Filter and monitoring of HTTP access to applications with WAF functions in CloudFront:
extra714
alreadyProtecting your Data on AWS
-Encryption of your data at rest with AES256 EBS
extra729
-Encryption of your data at rest with AES256 S3
extra734
-Encryption of your data at rest with AES256 RDS
extra735
-Centralized (by Region) managed Key-Management
extra736
-IPsec tunnels into AWS with the VPN-Gateways. This is a security best practice, not an actual check.
-Dedicated HSM modules in the cloud with CloudHSM. This one may depend on each case, not an actual check
The text was updated successfully, but these errors were encountered: