Happy 4th of July! For the compliance updates for this month we have made the following enhancements to our compliance module:

1. Added new rules to existing bundles

2. Updated existing S3 rules that affects multiple bundles

New Rules:

1. D9.AWS.AS.02 –  S3 Buckets outside of Europe

2. D9.AZU.AS.01 – Instances outside of Europe

3. D9.AWS.CRY.18  – DynamoDB – Server Side Encryption

4. D9.AWS.OPE.01  – Lambda Functions must have an associated tag

5. D9.AZU.NET.29 –  Public AMI

6. D9.AWS.NET.AG4.ApplicationLoadBalancer.9090.TCP  – ApplicationLoadBalancer with administrative service – CiscoSecure,websm (TCP:9090) is too exposed to the public internet

7. D9.AWS.NET.AG4.ELB.9090.TCP  – ELB with administrative service: CiscoSecure,websm (TCP:9090) is too exposed to the public internet

8. D9.AWS.NET.AG4.Instance.9090.TCP –  Instance with administrative service: CiscoSecure,websm (TCP:9090) is too exposed to the public internet

9. D9.AWS.NET.AG4.NetworkLoadBalancer.9090.TCP – NetworkLoadBalancer with administrative service: CiscoSecure,websm (TCP:9090) is too exposed to the public internet

10. D9.AWS.NET.AG5.ApplicationLoadBalancer.9090.TCP – ApplicationLoadBalancer with administrative service: CiscoSecure,websm (TCP:9090) is exposed to a wide network scope

11. D9.AWS.NET.AG5.ELB.9090.TCP – ELB with administrative service: CiscoSecure,websm (TCP:9090) is exposed to a wide network scope

12. D9.AWS.NET.AG5.Instance.9090.TCP – Instance with administrative service: CiscoSecure,websm (TCP:9090) is exposed to a wide network scope

13. D9.AWS.NET.AG5.NetworkLoadBalancer.9090.TCP – NetworkLoadBalancer with administrative service: CiscoSecure,websm (TCP:9090) is exposed to a wide network scope

Rules Updated:

1. D9.AWS.CRY.04- S3 Bucket should have encryption in transit for read actions

2. D9.AWS.CRY.14 – S3 Bucket should have encryption in transit for write actions

 

For more details, you can check out the Dome9 Helpcenter