Write a Framework
This document provides a walkthrough of the aws_cis_compute_service_v100
Compliance Framework.
The framework outlines best practices in alignment with the Center for Internet Security (CIS) AWS Compute Services Benchmark v1.0.0, offering recommendations to enhance the security posture of AWS Compute resources and ensure they meet industry-standard compliance requirements.
Framework Definition
ID & Title: Uniquely identifies the framework and provides a clear title.
Description: Offers an overview of the framework's purpose and its relation to other CIS benchmarks.
Control Groups - Control Groups organize related controls into hierarchical sections
Metadata:
Defaults: Sets default behaviors for control assignment and event tracking.
Tags: Categorizes the framework for easier identification and filtering based on criteria like service, platform, and priority.
Control Groups
Control Groups organize related controls into hierarchical sections, mirroring AWS Compute services.
Example: Elastic Cloud Compute (EC2)
Control Group ID & Title: Identifies the group and specifies the AWS service (e.g., EC2).
Description: Provides context and scope for the controls within the group.
Section-Code: Numerical identifier for organization.
Nested Control Groups: Further categorizes controls (e.g., AMI, EBS) with their own IDs, titles, descriptions, and specific controls.
Each group includes relevant controls tailored to the specific service, ensuring comprehensive coverage.
Controls
Controls are defined as unique identifiers within their respective control groups. For example:
Each control corresponds to a specific security recommendation or requirement as per the CIS benchmark.
Tags and Metadata
Tags within each control group and the framework as a whole enable easy filtering and management based on various attributes like service type, compliance category, and priority level.
Summary
This YAML framework structure efficiently organizes CIS benchmark controls for AWS Compute services, facilitating scalable and manageable compliance enforcement. By leveraging hierarchical control groups and detailed metadata, SecOps teams can ensure robust security configurations across all AWS Compute resources.
References
Last updated