aws-cis-controls-assessment 1.0.10__py3-none-any.whl → 1.1.1__py3-none-any.whl

{aws_cis_controls_assessment-1.0.10.dist-info → aws_cis_controls_assessment-1.1.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aws-cis-controls-assessment
-Version: 1.0.10
+Version: 1.1.1
 Summary: Production-ready AWS CIS Controls compliance assessment framework with 145 comprehensive rules
 Author-email: AWS CIS Assessment Team <security@example.com>
 Maintainer-email: AWS CIS Assessment Team <security@example.com>
@@ -57,20 +57,22 @@ Dynamic: license-file
 
 # AWS CIS Controls Compliance Assessment Framework
 
-A production-ready, enterprise-grade framework for evaluating AWS account configurations against CIS Controls Implementation Groups (IG1, IG2, IG3) using AWS Config rule specifications. **100% CIS Controls coverage achieved** with 133 implemented rules plus 5 bonus security enhancements.
+A production-ready, enterprise-grade framework for evaluating AWS account configurations against CIS Controls Implementation Groups (IG1, IG2, IG3) using AWS Config rule specifications. **100% CIS Controls coverage achieved** with 163 implemented rules (131 CIS Controls + 32 bonus security enhancements).
 
 > **Production Status**: This framework is production-ready and actively deployed in enterprise environments. It provides comprehensive point-in-time compliance assessments while we recommend [AWS Config](https://aws.amazon.com/config/) for ongoing continuous compliance monitoring and automated remediation.
 
 ## 🎯 Key Features
 
-- **✅ Complete Coverage**: 137/137 CIS Controls rules implemented (100% coverage)
+- **✅ Complete Coverage**: 163 total rules implemented (131 CIS Controls + 32 bonus)
 - **✅ Dual Scoring System**: Both weighted and AWS Config-style scoring methodologies
+- **✅ Enhanced HTML Reports**: Control names, working search, improved remediation display
 - **✅ Enterprise Ready**: Production-tested with enterprise-grade architecture
 - **✅ Performance Optimized**: Handles large-scale assessments efficiently
 - **✅ Multi-Format Reports**: JSON, HTML, and CSV with detailed remediation guidance
 - **✅ No AWS Config Required**: Direct AWS API calls based on Config rule specifications
-- **✅ Bonus Security Rules**: 5 additional security enhancements beyond CIS requirements
 - **✅ AWS Backup Controls**: 6 comprehensive backup infrastructure controls (3 IG1 + 3 IG2)
+- **✅ Audit Logging Controls**: 7 comprehensive audit log management controls (CIS Control 8)
+- **✅ Access & Configuration Controls**: 14 comprehensive identity, access, and secure configuration controls (CIS Controls 4, 5, 6)
 
 ## 🚀 Quick Start
 
@@ -89,7 +91,7 @@ pip install -e .
 ### Basic Usage
 
 ```bash
-# Run complete assessment (all 142 rules) - defaults to us-east-1
+# Run complete assessment (all 163 rules) - defaults to us-east-1
 aws-cis-assess assess --aws-profile my-aws-profile
 
 # Assess multiple regions
@@ -117,12 +119,12 @@ aws-cis-assess assess --output-format json
 - Data Protection and Encryption (8 rules)
 - Network Security Controls (20 rules)
 - Logging and Monitoring (13 rules)
-- Backup and Recovery (17 rules) - **NEW: 6 AWS Backup service controls added (3 IG1 + 3 IG2)**
+- Backup and Recovery (17 rules) - **6 AWS Backup service controls (3 IG1 + 3 IG2)**
 - Security Services Integration (5 rules)
 - Configuration Management (9 rules)
 - Vulnerability Management (5 rules)
 
-### IG2 - Enhanced Security (+40 Rules) ✅  
+### IG2 - Enhanced Security (+74 Rules) ✅  
 **100% Coverage Achieved**
 - Advanced Encryption at Rest (6 rules)
 - Certificate Management (2 rules)
@@ -133,7 +135,11 @@ aws-cis-assess assess --output-format json
 - Network Segmentation (5 rules)
 - Auto-scaling Security (1 rule)
 - Enhanced Access Controls (8 rules)
-- AWS Backup Advanced Controls (3 rules) - **NEW: Vault lock, reporting, restore testing**
+- AWS Backup Advanced Controls (3 rules) - **Vault lock, reporting, restore testing**
+- Audit Log Management (7 rules) - **Control 8 comprehensive logging coverage**
+- Secure Configuration (5 rules) - **Control 4: session duration, security groups, VPC DNS, RDS admin, EC2 least privilege**
+- Account Management (4 rules) - **Control 5: service account docs, admin policies, SSO, inline policies**
+- Access Control Management (5 rules) - **Control 6: Access Analyzer, permission boundaries, SCPs, Cognito MFA, VPN MFA**
 
 ### IG3 - Advanced Security (+1 Rule) ✅
 **100% Coverage Achieved**
@@ -141,19 +147,82 @@ aws-cis-assess assess --output-format json
 - Critical for preventing application-layer attacks
 - Required for high-security environments
 
-### Bonus Security Rules (+5 Rules) ✅
+### Bonus Security Rules (+32 Rules) ✅
 **Additional Value Beyond CIS Requirements**
 - Enhanced logging security (`cloudwatch-log-group-encrypted`)
 - Network security enhancement (`incoming-ssh-disabled`)
 - Data streaming encryption (`kinesis-stream-encrypted`)
 - Network access control (`restricted-incoming-traffic`)
 - Message queue encryption (`sqs-queue-encrypted-kms`)
+- Route 53 DNS query logging (`route53-query-logging-enabled`)
+- Plus 26 additional security enhancements
+- Application Load Balancer access logs (`alb-access-logs-enabled`)
+- CloudFront distribution access logs (`cloudfront-access-logs-enabled`)
+- WAF web ACL logging (`waf-logging-enabled`)
+
+### 🔍 CIS Control 8: Audit Log Management (13 Rules)
+**Comprehensive Audit Logging Coverage**
+
+Control 8 focuses on collecting, alerting, reviewing, and retaining audit logs of events that could help detect, understand, or recover from an attack. Our implementation provides comprehensive coverage across AWS services:
+
+**DNS Query Logging**
+- `route53-query-logging-enabled`: Validates Route 53 hosted zones have query logging enabled to track DNS queries for security investigations
+
+**Load Balancer & CDN Logging**
+- `alb-access-logs-enabled`: Ensures Application Load Balancers capture access logs for traffic analysis
+- `elb-logging-enabled`: Validates Classic Load Balancers have access logging enabled
+- `cloudfront-access-logs-enabled`: Ensures CloudFront distributions log content delivery requests
+
+**Log Retention & Management**
+- `cloudwatch-log-retention-check`: Validates log groups have appropriate retention periods (minimum 90 days)
+- `cw-loggroup-retention-period-check`: Additional log retention validation
+
+**CloudTrail Monitoring**
+- `cloudtrail-insights-enabled`: Enables anomaly detection for unusual API activity
+
+**Configuration Tracking**
+- `config-recording-all-resources`: Ensures AWS Config tracks all resource configuration changes
+
+**Application Security Logging**
+- `waf-logging-enabled`: Validates WAF web ACLs capture firewall events
+- `wafv2-logging-enabled`: Ensures WAFv2 web ACLs have logging enabled
+
+**Database & Service Logging**
+- `rds-logging-enabled`: Validates RDS instances have appropriate logging enabled
+- `elasticsearch-logs-to-cloudwatch`: Ensures Elasticsearch domains send logs to CloudWatch
+- `codebuild-project-logging-enabled`: Validates CodeBuild projects capture build logs
+- `redshift-cluster-configuration-check`: Ensures Redshift clusters have audit logging enabled
+
+### 🔐 CIS Controls 4, 5, 6: Access & Configuration Controls (14 Rules)
+**Comprehensive Identity, Access Management, and Secure Configuration Coverage**
+
+These controls focus on secure configuration of enterprise assets, account management, and access control management. Our implementation provides comprehensive coverage across AWS IAM, networking, and identity services:
+
+**Control 4 - Secure Configuration (5 rules)**
+- `iam-max-session-duration-check`: Validates IAM role session duration does not exceed 12 hours to limit credential exposure
+- `security-group-default-rules-check`: Ensures default security groups have no inbound or outbound rules to prevent unintended access
+- `vpc-dns-resolution-enabled`: Validates VPC DNS settings (enableDnsHostnames and enableDnsSupport) are properly configured
+- `rds-default-admin-check`: Ensures RDS instances don't use default admin usernames (postgres, admin, root, mysql, administrator)
+- `ec2-instance-profile-least-privilege`: Validates EC2 instance profile permissions follow least privilege principles
+
+**Control 5 - Account Management (4 rules)**
+- `iam-service-account-inventory-check`: Validates service accounts have required documentation tags (Purpose, Owner, LastReviewed)
+- `iam-admin-policy-attached-to-role-check`: Ensures administrative policies are attached to roles, not directly to users
+- `sso-enabled-check`: Validates AWS IAM Identity Center is configured and enabled for centralized identity management
+- `iam-user-no-inline-policies`: Ensures IAM users don't have inline policies (only managed policies or group memberships)
+
+**Control 6 - Access Control Management (5 rules)**
+- `iam-access-analyzer-enabled`: Validates IAM Access Analyzer is enabled in all active regions for external access detection
+- `iam-permission-boundaries-check`: Ensures permission boundaries are configured for roles with elevated privileges
+- `organizations-scp-enabled-check`: Validates AWS Organizations Service Control Policies are enabled and in use
+- `cognito-user-pool-mfa-enabled`: Ensures Cognito user pools have MFA enabled for enhanced authentication security
+- `vpn-connection-mfa-enabled`: Validates Client VPN endpoints require MFA authentication
 
 ## 🏗️ Production Architecture
 
 ### Core Components
 - **Assessment Engine**: Orchestrates compliance evaluations across all AWS regions
-- **Control Assessments**: 138 individual rule implementations with robust error handling
+- **Control Assessments**: 149 individual rule implementations with robust error handling
 - **Scoring Engine**: Calculates compliance scores and generates executive metrics
 - **Reporting System**: Multi-format output with detailed remediation guidance
 - **Resource Management**: Optimized for enterprise-scale deployments with memory management
@@ -249,48 +318,87 @@ MIT License - see [LICENSE](LICENSE) file for details.
 
 ---
 
-**Framework Version**: 1.0.10 (in development)  
-**CIS Controls Coverage**: 137/137 rules (100%) + 5 bonus rules  
+**Framework Version**: 1.1.0 (in development)  
+**CIS Controls Coverage**: 151/151 rules (100%) + 9 bonus rules  
 **Production Status**: ✅ Ready for immediate enterprise deployment  
 **Last Updated**: January 2026
 
-## 🆕 What's New in Version 1.0.10
-
-### AWS Backup Service Controls
-Six new controls added to assess AWS Backup infrastructure:
-
-**IG1 Controls (3)**:
-1. **backup-plan-min-frequency-and-min-retention-check** - Validates backup plans have appropriate frequency and retention policies
-   - Ensures backup plans have at least one rule defined
-   - Validates schedule expressions (cron or rate)
-   - Checks retention periods meet minimum requirements (default: 7 days)
-   - Validates lifecycle policies for cold storage transitions
-
-2. **backup-vault-access-policy-check** - Ensures backup vaults have secure access policies
-   - Detects publicly accessible backup vaults
-   - Identifies overly permissive access policies
-   - Warns about dangerous permissions (DeleteBackupVault, DeleteRecoveryPoint)
-   - Validates principle of least privilege
-
-3. **backup-selection-resource-coverage-check** - Validates backup plans cover critical resources
-   - Ensures backup plans have at least one selection
-   - Validates selections target specific resources or use tags
-   - Checks that selections are not empty
-
-**IG2 Controls (3)**:
-4. **backup-vault-lock-check** - Verifies vault lock for ransomware protection
-   - Ensures critical vaults have Vault Lock enabled
-   - Validates immutable backup configuration (WORM)
-   - Checks minimum and maximum retention periods
-
-5. **backup-report-plan-exists-check** - Validates backup compliance reporting
-   - Ensures at least one report plan exists
-   - Validates report delivery configuration
-   - Checks for active report generation
-
-6. **backup-restore-testing-plan-exists-check** - Ensures backups are recoverable
-   - Validates restore testing plans exist
-   - Checks testing schedules are configured
-   - Ensures backups are actually tested for recoverability
-
-These controls complement the existing 12 resource-specific backup controls by assessing the centralized AWS Backup service infrastructure itself. Total backup controls: 17 (12 resource-specific + 5 service-level). See [AWS Backup Controls Guide](docs/adding-aws-backup-controls.md) for detailed documentation.
+## 🆕 What's New in Version 1.1.0
+
+### Access & Configuration Controls (CIS Controls 4, 5, 6)
+Fourteen new controls added to assess identity, access management, and secure configuration:
+
+**Control 4 - Secure Configuration (5 rules)**:
+1. **iam-max-session-duration-check** - Validates IAM role session duration does not exceed 12 hours
+   - Ensures temporary credentials have limited exposure window
+   - Checks MaxSessionDuration property on all IAM roles
+   - Compliant if session duration ≤ 43200 seconds (12 hours)
+
+2. **security-group-default-rules-check** - Ensures default security groups have no rules
+   - Validates default security groups are restricted (no inbound/outbound rules)
+   - Prevents unintended access through default security groups
+   - Encourages use of custom security groups with explicit rules
+
+3. **vpc-dns-resolution-enabled** - Validates VPC DNS configuration
+   - Checks both enableDnsHostnames and enableDnsSupport are enabled
+   - Ensures proper DNS resolution within VPCs
+   - Required for many AWS services to function correctly
+
+4. **rds-default-admin-check** - Ensures RDS instances don't use default admin usernames
+   - Detects default usernames: postgres, admin, root, mysql, administrator, sa
+   - Case-insensitive detection
+   - Reduces risk of credential guessing attacks
+
+5. **ec2-instance-profile-least-privilege** - Validates EC2 instance profile permissions
+   - Checks for overly permissive policies (AdministratorAccess, PowerUserAccess)
+   - Detects wildcard permissions (Action: "*", Resource: "*")
+   - Ensures least privilege principle for EC2 workloads
+
+**Control 5 - Account Management (4 rules)**:
+6. **iam-service-account-inventory-check** - Validates service account documentation
+   - Ensures service accounts have required tags: Purpose, Owner, LastReviewed
+   - Identifies service accounts by naming convention or tags
+   - Supports compliance and access review processes
+
+7. **iam-admin-policy-attached-to-role-check** - Ensures admin policies on roles, not users
+   - Detects administrative policies attached directly to IAM users
+   - Encourages role-based access with temporary credentials
+   - Improves audit trail and access management
+
+8. **sso-enabled-check** - Validates AWS IAM Identity Center (SSO) is configured
+   - Checks for SSO instance existence
+   - Encourages centralized identity management
+   - Supports integration with corporate identity providers
+
+9. **iam-user-no-inline-policies** - Ensures IAM users don't have inline policies
+   - Detects inline policies attached to users
+   - Encourages use of managed policies for reusability
+   - Simplifies policy management and auditing
+
+**Control 6 - Access Control Management (5 rules)**:
+10. **iam-access-analyzer-enabled** - Validates Access Analyzer in all regions
+    - Ensures IAM Access Analyzer is enabled regionally
+    - Detects resources shared with external entities
+    - Provides continuous monitoring for unintended access
+
+11. **iam-permission-boundaries-check** - Validates permission boundaries for elevated roles
+    - Identifies roles with elevated privileges
+    - Checks for permission boundary configuration
+    - Prevents privilege escalation in delegated administration
+
+12. **organizations-scp-enabled-check** - Validates Service Control Policies are in use
+    - Checks account is part of AWS Organizations
+    - Verifies SCPs are enabled (FeatureSet includes ALL)
+    - Ensures custom SCPs exist beyond default FullAWSAccess
+
+13. **cognito-user-pool-mfa-enabled** - Ensures Cognito user pools have MFA
+    - Validates MfaConfiguration is 'ON' or 'OPTIONAL'
+    - Supports both SMS and TOTP authentication methods
+    - Enhances authentication security for applications
+
+14. **vpn-connection-mfa-enabled** - Validates Client VPN endpoints require MFA
+    - Checks VPN authentication options for MFA requirement
+    - Supports Active Directory, SAML, and certificate-based MFA
+    - Ensures secure remote access to AWS resources
+
+These controls complement the existing audit logging and backup controls by providing comprehensive coverage of identity, access management, and secure configuration practices. Total rules: 163 (149 previous + 14 new). See [Config Rule Mappings](docs/config-rule-mappings.md) for detailed documentation.

{aws_cis_controls_assessment-1.0.10.dist-info → aws_cis_controls_assessment-1.1.1.dist-info}/RECORD

@@ -1,12 +1,12 @@
-aws_cis_assessment/__init__.py,sha256=Kf2-Oe7QXfomiClATeX3xR_SoB0Gl7eVtWLb5gayD1E,481
+aws_cis_assessment/__init__.py,sha256=ICafcznKTUU2j4VAbZ6-yjWXSQZGQRYzpzY7NIZ_23U,480
 aws_cis_assessment/cli/__init__.py,sha256=DYaGVAIoy5ucs9ubKQxX6Z3ZD46AGz9AaIaDQXzrzeY,100
 aws_cis_assessment/cli/examples.py,sha256=F9K2Fe297kUfwoq6Ine9Aj_IXNU-KwO9hd7SAPWeZHI,12884
 aws_cis_assessment/cli/main.py,sha256=i5QoqHXsPG_Kw0W7jM3Zj2YaAaCJnxxnfz82QBBHq-U,49441
 aws_cis_assessment/cli/utils.py,sha256=ufdsifIPIE9HKVZAvFXfeJgEk_aAmz01tDrEukVyL0g,9783
 aws_cis_assessment/config/__init__.py,sha256=aSQyaKGEQ7WgldC8IocY-YK7nduzfgjI6EuDE4Xti6s,77
 aws_cis_assessment/config/config_loader.py,sha256=Wk6gfblj8RWU5QctHjPu5tTJMIb8lbEW3Ic9z-se4uQ,13165
-aws_cis_assessment/config/rules/cis_controls_ig1.yaml,sha256=K6GDBnhqeHqATcgYYmJ816sOplpPfp8e7S3o7fAmzPM,32388
-aws_cis_assessment/config/rules/cis_controls_ig2.yaml,sha256=qt4zrmfeV-Lu8k06HxwCtSYqr5yZszFGN6LEYwa09w4,22102
+aws_cis_assessment/config/rules/cis_controls_ig1.yaml,sha256=keJ9QeRRKOzc8OVcSPthbFG6HP2VyZLZVFByjjUKQuQ,32388
+aws_cis_assessment/config/rules/cis_controls_ig2.yaml,sha256=kX4h-TFmaohNPhhFBrzHBZkitgG_kaRb2-XW_AJwnR0,48820
 aws_cis_assessment/config/rules/cis_controls_ig3.yaml,sha256=YSghyCmwKF5UNZXdQQQNsaidQ95VDUgnwvh4jsV6kQU,4347
 aws_cis_assessment/controls/__init__.py,sha256=oVTM94UAt0Vu7Hy-V84p6LAxZHORs-RRAj9j86r_730,72
 aws_cis_assessment/controls/base_control.py,sha256=DpjRrYdz3FzpuU_WtbvtqUBRgEoMW7Qgah-iD5Y_HJI,17227
@@ -32,10 +32,12 @@ aws_cis_assessment/controls/ig1/control_network_security.py,sha256=DyaXzpMuZ5Ba9
 aws_cis_assessment/controls/ig1/control_s3_enhancements.py,sha256=uP0Ko6cjTvmpg47vNtdaFgdjVPMS6Yjww-WZQIzvk8o,7759
 aws_cis_assessment/controls/ig1/control_s3_security.py,sha256=8vt2rnNPdgQrvO5Ds3yV74mQ7qkF0f_LpKqQLjg0AQc,18308
 aws_cis_assessment/controls/ig1/control_vpc_security.py,sha256=RCtBUozvdIPrXKFU0ssxjBF6A9l_HMcAbRv0K87Bbhc,10639
-aws_cis_assessment/controls/ig2/__init__.py,sha256=GbrrOjhA-IXxxIMbL-H7zBZoUpO_ylSgAOiVMCe0_Hw,6359
+aws_cis_assessment/controls/ig2/__init__.py,sha256=xJyhtNpaLfQ2nljPnREY3pltMcrDJJ2WsIxO8sJop74,8613
 aws_cis_assessment/controls/ig2/control_3_10.py,sha256=xv2F85SB1Jd5g7HWZzrqGntTH3az8BbCcZLlDV2Di7g,33762
 aws_cis_assessment/controls/ig2/control_3_11.py,sha256=Xrn1PRWQp3kK3won-AieUMIweEPQAF3Sb4OcFsUTj2A,65245
+aws_cis_assessment/controls/ig2/control_4_5_6_access_configuration.py,sha256=BukLazjKsSzy49KjV2ajLMALUk0ygz5T7tyk3QtAe08,120785
 aws_cis_assessment/controls/ig2/control_5_2.py,sha256=5-3eHaltXP_UiMTlk3pLv4VafzBf41Vjh_8DpWfhqrw,19060
+aws_cis_assessment/controls/ig2/control_8_audit_logging.py,sha256=OWPl1Xf3lGct6smclHl931CRzgVFXpGkWdqjbT8oHZg,44934
 aws_cis_assessment/controls/ig2/control_advanced_encryption.py,sha256=S3wU0f46FIc8e50fd4zvyrLe8J5j9Ryb94he32XWVdQ,14201
 aws_cis_assessment/controls/ig2/control_aws_backup_ig2.py,sha256=FApHDPLQFDvfyvCClbdQC-9ap6I6wpW1d6D85bvHmMQ,907
 aws_cis_assessment/controls/ig2/control_codebuild_security.py,sha256=k2f8Xh6l09o1rb3B_J412qDsHI_Y8to3Ap8FbTGQ05g,11517
@@ -52,7 +54,7 @@ aws_cis_assessment/controls/ig3/control_3_14.py,sha256=fY2MZATcicuP1Zich5L7J6-MM
 aws_cis_assessment/controls/ig3/control_7_1.py,sha256=GZQt0skGJVlUbGoH4MD5AoJJONf0nT9k7WQT-8F3le4,18499
 aws_cis_assessment/core/__init__.py,sha256=aXt5Z3mqaaDvFyZPyMaJYFy66A_phfFIhhH_eyaic8Q,52
 aws_cis_assessment/core/accuracy_validator.py,sha256=jnN2O32PpdDfWAp6erV4v4zKugC9ziJkDYnVF93FVuY,18386
-aws_cis_assessment/core/assessment_engine.py,sha256=oKJa7562YFHqijCjk-IJ0XXEBNlNDuBoagtouKE0e84,63682
+aws_cis_assessment/core/assessment_engine.py,sha256=I__VAJ93m3KWrIpexgF4_FpuSvH2fNM_tq8eaUNTJv4,66807
 aws_cis_assessment/core/audit_trail.py,sha256=qapCkI2zjbAPHlHQcgYonfDYyjU2MoX5Sc2IXtYj3eE,18395
 aws_cis_assessment/core/aws_client_factory.py,sha256=1qTLfQ3fgPBH3mWRpX1_i3bbHlQQYsmSE8vsKxKTz8w,13143
 aws_cis_assessment/core/error_handler.py,sha256=5JgH3Y2yG1-ZSuEJR7o0ZMzqlwGWFRW2N4SjcL2gnBw,24219
@@ -61,15 +63,15 @@ aws_cis_assessment/core/scoring_engine.py,sha256=ylx2urk_DxGzU_LZB0ip-qtUzOh4yu0
 aws_cis_assessment/reporters/__init__.py,sha256=GXdlY08kKy1Y3mMBv8Y0JuUB69u--e5DIu2jNJpc6QI,357
 aws_cis_assessment/reporters/base_reporter.py,sha256=joy_O4IL4Hs_qwAuPtl81GIPxLAbUAMFKiF8r5si2aw,18082
 aws_cis_assessment/reporters/csv_reporter.py,sha256=r83xzfP1t5AO9MfKawgN4eTeOU6eGZwJQgvNDLEd7NI,31419
-aws_cis_assessment/reporters/html_reporter.py,sha256=i5HBLAjZB1TKAUrc6X7-Qbzr7QTQOwLplDu-ZnDzTUs,113444
+aws_cis_assessment/reporters/html_reporter.py,sha256=H5LkcaXbzArNNO-CLJT5oXMSNccxU58L-ba_Q769Yhs,118310
 aws_cis_assessment/reporters/json_reporter.py,sha256=MObCzTc9nlGTEXeWc7P8tTMeKCpEaJNfcSYc79cHXhc,22250
-aws_cis_controls_assessment-1.0.10.dist-info/licenses/LICENSE,sha256=T_p0qKH4RoI3ejr3tktf3rx2Zart_9KeUmJd5iiqXW8,1079
+aws_cis_controls_assessment-1.1.1.dist-info/licenses/LICENSE,sha256=T_p0qKH4RoI3ejr3tktf3rx2Zart_9KeUmJd5iiqXW8,1079
 deprecation-package/aws_cis_assessment_deprecated/__init__.py,sha256=WOaufqanKNhvWQ3frj8e627tS_kZnyk2R2hwqPFqydw,1892
 docs/README.md,sha256=MXnfbPRmxir-7ihG2lNmLI9TJG0Pp0QWqoDZtXiH_Mk,4912
 docs/adding-aws-backup-controls.md,sha256=l_H0H8W71n-6NbeplNujC_li2NiaQcYPr0hQMhEPbrc,21081
 docs/assessment-logic.md,sha256=necuK7Ufk7zusuoGq5FKjOv0Z6Ih6s4m-yfLaJCfRto,38908
-docs/cli-reference.md,sha256=a6u_153XcDq43bw_a5CF53I9yklDxgAJ1vTG5f-5HZs,17854
-docs/config-rule-mappings.md,sha256=IT4O5wsD0WyuTi6YLqgVZi30ZTvIyUfINf9LEzLBLr8,21755
+docs/cli-reference.md,sha256=wrifE4XDYt-sN8s4KD86IWgX5FjtXIzM3mTe1me7QsM,17881
+docs/config-rule-mappings.md,sha256=rdsRavSQHFicsjizgs07WKAhOXddspKsb3zdUgKDmp0,41407
 docs/developer-guide.md,sha256=SqT2VEwDyIcLRcIn9BmM5J-V0qN9ctPa2JZ6wxvnqvo,43935
 docs/dual-scoring-implementation.md,sha256=n8xwurAAx4iOyCeITE9Anvz6W6YupejVYWt6ARtmmTY,8567
 docs/html-report-improvements.md,sha256=a0OzKvQC_KpcielntTHXMPObwulfWIDgBKnF66iaxp4,11432
@@ -78,8 +80,8 @@ docs/scoring-comparison-aws-config.md,sha256=8BBe1tQsaAT0BAE3OdGIRFjuT1VJcOlM1qB
 docs/scoring-methodology.md,sha256=C86FisBxKt6pyr-Kp6rAVPz45yPZpgsGibjgq8obIsg,9404
 docs/troubleshooting.md,sha256=mGmWgrc3A1dn-Uk_XxWFh04OQxjmqkeax8vQX7takg0,18220
 docs/user-guide.md,sha256=lBDgU40tIPstOdNx4YqVkPTIDntn4o2y2tr2CPQt7b8,11942
-aws_cis_controls_assessment-1.0.10.dist-info/METADATA,sha256=JCDYrRLJz3PXZflczN6RPUwkPn7RPiO-hdW6WSfYBAg,14191
-aws_cis_controls_assessment-1.0.10.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-aws_cis_controls_assessment-1.0.10.dist-info/entry_points.txt,sha256=-AxPn5Y7yau0pQh33F5_uyWfvcnm2Kg1_nMQuLrZ7SY,68
-aws_cis_controls_assessment-1.0.10.dist-info/top_level.txt,sha256=4OHmV6RAEWkz-Se50kfmuGCd-mUSotDZz3iLGF9CmkI,44
-aws_cis_controls_assessment-1.0.10.dist-info/RECORD,,
+aws_cis_controls_assessment-1.1.1.dist-info/METADATA,sha256=gXpUI7yboznt4qn6KmVKtKSZVVO9In29KhHqrokOqZo,21383
+aws_cis_controls_assessment-1.1.1.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+aws_cis_controls_assessment-1.1.1.dist-info/entry_points.txt,sha256=-AxPn5Y7yau0pQh33F5_uyWfvcnm2Kg1_nMQuLrZ7SY,68
+aws_cis_controls_assessment-1.1.1.dist-info/top_level.txt,sha256=4OHmV6RAEWkz-Se50kfmuGCd-mUSotDZz3iLGF9CmkI,44
+aws_cis_controls_assessment-1.1.1.dist-info/RECORD,,

docs/cli-reference.md

@@ -1,6 +1,6 @@
 # CLI Reference
 
-Complete command-line interface reference for the AWS CIS Controls Compliance Assessment Framework - a production-ready enterprise solution with 138 implemented rules (133 CIS Controls + 5 bonus security enhancements).
+Complete command-line interface reference for the AWS CIS Controls Compliance Assessment Framework - a production-ready enterprise solution with 149 implemented rules (133 CIS Controls + 9 bonus security enhancements + 7 audit logging controls).
 
 ## Table of Contents