@mitre/hdf-converters 2.5.0 → 2.6.2

package/lib/data/owasp-nist-mapping.csv

@@ -1,11 +0,0 @@
-OWASP-ID,OWASP Name,NIST-ID,Rev,NIST Name
-A1,Injection,SI-10,4,Information Input Validation
-A2,Broken Authentication,SC-23,4,Session Authenticity
-A3,Sensitive Data Exposure,SI-11,4,Error Handling
-A4,XML External Entities (XXE),SI-10,4,Information Input Validation
-A5,Broken Access Control,AC-3,4,Access Enforcement
-A6,Security Misconfiguration,CM-6,4,Configuration Settings
-A7,Cross-Site Scripting (XSS),SI-10,4,Information Input Validation
-A8,Insecure Deserialization,SC-23,4,Session Authenticity
-A9,Using Components with Known Vulnerabilities,SI-2,4,Flaw Remediation
-A10,Insufficient Logging&Monitoring,AU-12,4,Audit Generation

package/lib/data/scoutsuite-nist-mapping.csv

@@ -1,140 +0,0 @@
-rule,nistid
-acm-certificate-with-close-expiration-date,SC-12
-acm-certificate-with-transparency-logging-disabled,SC-12
-cloudformation-stack-with-role,AC-6
-cloudtrail-duplicated-global-services-logging,AU-6
-cloudtrail-no-cloudwatch-integration,AU-12|SI-4(2)
-cloudtrail-no-data-logging,AU-12
-cloudtrail-no-encryption-with-kms,AU-6
-cloudtrail-no-global-services-logging,AU-12
-cloudtrail-no-log-file-validation,AU-6
-cloudtrail-no-logging,AU-12
-cloudtrail-not-configured,AU-12
-cloudwatch-alarm-without-actions,AU-12
-config-recorder-not-configured,CM-8|CM-8(2)|CM-8(6)
-ec2-ami-public,AC-3
-ec2-default-security-group-in-use,AC-3(3)
-ec2-default-security-group-with-rules,AC-3(3)
-ec2-ebs-snapshot-not-encrypted,SC-28
-ec2-ebs-snapshot-public,AC-3
-ec2-ebs-volume-not-encrypted,SC-28
-ec2-instance-in-security-group,CM-7(1)
-ec2-instance-type,CM-2
-ec2-instance-types,CM-2
-ec2-instance-with-public-ip,AC-3
-ec2-instance-with-user-data-secrets,AC-3
-ec2-security-group-opens-all-ports,CM-7(1)
-ec2-security-group-opens-all-ports-to-all,CM-7(1)
-ec2-security-group-opens-all-ports-to-self,CM-7(1)
-ec2-security-group-opens-icmp-to-all,CM-7(1)
-ec2-security-group-opens-known-port-to-all,CM-7(1)
-ec2-security-group-opens-plaintext-port,CM-7(1)
-ec2-security-group-opens-port-range,CM-7(1)
-ec2-security-group-opens-port-to-all,CM-7(1)
-ec2-security-group-whitelists-aws,CM-7(1)
-ec2-security-group-whitelists-aws-ip-from-banned-region,CM-7(1)
-ec2-security-group-whitelists-non-elastic-ips,CM-7(1)
-ec2-security-group-whitelists-unknown-aws,CM-7(1)
-ec2-security-group-whitelists-unknown-cidrs,CM-7(1)
-ec2-unused-security-group,CM-7(1)
-elb-listener-allowing-cleartext,SC-8
-elb-no-access-logs,AU-12
-elb-older-ssl-policy,SC-8
-elbv2-http-request-smuggling,SC-8
-elbv2-listener-allowing-cleartext,SC-8
-elbv2-no-access-logs,AU-12
-elbv2-no-deletion-protection,SI-7
-elbv2-older-ssl-policy,SC-8
-iam-assume-role-lacks-external-id-and-mfa,AC-17
-iam-assume-role-no-mfa,AC-6
-iam-assume-role-policy-allows-all,AC-6
-iam-ec2-role-without-instances,AC-6
-iam-group-with-inline-policies,AC-6
-iam-group-with-no-users,AC-6
-iam-human-user-with-policies,AC-6
-iam-inline-policy-allows-non-sts-action,AC-6
-iam-inline-policy-allows-NotActions,AC-6
-iam-inline-policy-for-role,AC-6
-iam-managed-policy-allows-full-privileges,AC-6
-iam-managed-policy-allows-non-sts-action,AC-6
-iam-managed-policy-allows-NotActions,AC-6
-iam-managed-policy-for-role,AC-6
-iam-managed-policy-no-attachments,AC-6
-iam-no-support-role,IR-7
-iam-password-policy-expiration-threshold,AC-2
-iam-password-policy-minimum-length,AC-2
-iam-password-policy-no-expiration,AC-2
-iam-password-policy-no-lowercase-required,AC-2
-iam-password-policy-no-number-required,AC-2
-iam-password-policy-no-symbol-required,AC-2
-iam-password-policy-no-uppercase-required,AC-2
-iam-password-policy-reuse-enabled,IA-5(1)
-iam-role-with-inline-policies,AC-6
-iam-root-account-no-hardware-mfa,IA-2(1)
-iam-root-account-no-mfa,IA-2(1)
-iam-root-account-used-recently,AC-6(9)
-iam-root-account-with-active-certs,AC-6(9)
-iam-root-account-with-active-keys,AC-6(9)
-iam-service-user-with-password,AC-2
-iam-unused-credentials-not-disabled,AC-2
-iam-user-no-key-rotation,AC-2
-iam-user-not-in-category-group,AC-2
-iam-user-not-in-common-group,AC-2
-iam-user-unused-access-key-initial-setup,AC-2
-iam-user-with-multiple-access-keys,IA-2
-iam-user-without-mfa,IA-2(1)
-iam-user-with-password-and-key,IA-2
-iam-user-with-policies,AC-2
-kms-cmk-rotation-disabled,SC-12
-logs-no-alarm-aws-configuration-changes,CM-8|CM-8(2)|CM-8(6)
-logs-no-alarm-cloudtrail-configuration-changes,AU-6
-logs-no-alarm-cmk-deletion,AC-2
-logs-no-alarm-console-authentication-failures,AC-2
-logs-no-alarm-iam-policy-changes,AC-2
-logs-no-alarm-nacl-changes,CM-6(2)
-logs-no-alarm-network-gateways-changes,AU-12|CM-6(2)
-logs-no-alarm-root-usage,AU-2
-logs-no-alarm-route-table-changes,AU-12|CM-6(2)
-logs-no-alarm-s3-policy-changes,AC-6|AU-12
-logs-no-alarm-security-group-changes,AC-2(4)
-logs-no-alarm-signin-without-mfa,AC-2
-logs-no-alarm-unauthorized-api-calls,AU-6|SI-4(2)
-logs-no-alarm-vpc-changes,CM-6(1)
-rds-instance-backup-disabled,CP-9
-rds-instance-ca-certificate-deprecated,SC-12
-rds-instance-no-minor-upgrade,SI-2
-rds-instance-short-backup-retention-period,CP-9
-rds-instance-single-az,CP-7
-rds-instance-storage-not-encrypted,SC-28
-rds-postgres-instance-with-invalid-certificate,SC-12
-rds-security-group-allows-all,CM-7(1)
-rds-snapshot-public,SC-28
-redshift-cluster-database-not-encrypted,SC-28
-redshift-cluster-no-version-upgrade,SI-2
-redshift-cluster-publicly-accessible,AC-3
-redshift-parameter-group-logging-disabled,AU-12
-redshift-parameter-group-ssl-not-required,SC-8
-redshift-security-group-whitelists-all,CM-7(1)
-route53-domain-no-autorenew,SC-2
-route53-domain-no-transferlock,SC-2
-route53-domain-transferlock-not-authorized,SC-2
-s3-bucket-allowing-cleartext,SC-28
-s3-bucket-no-default-encryption,SC-28
-s3-bucket-no-logging,AU-2|AU-12
-s3-bucket-no-mfa-delete,SI-7
-s3-bucket-no-versioning,SI-7
-s3-bucket-world-acl,AC-3(3)
-s3-bucket-world-policy-arg,AC-3(3)
-s3-bucket-world-policy-star,AC-3(3)
-ses-identity-dkim-not-enabled,SC-23
-ses-identity-dkim-not-verified,SC-23
-ses-identity-world-policy,AC-6
-sns-topic-world-policy,AC-6
-sqs-queue-world-policy,AC-6
-vpc-custom-network-acls-allow-all,SC-7
-vpc-default-network-acls-allow-all,SC-7
-vpc-network-acl-not-used,SC-7
-vpc-routing-tables-with-peering,AC-3(3)
-vpc-subnet-with-bad-acls,SC-7
-vpc-subnet-with-default-acls,SC-7
-vpc-subnet-without-flow-log,AU-12