PyPI - aws-cis-controls-assessment - Versions diffs - 1.0.3__tar.gz - Mend

aws-cis-controls-assessment 1.0.3__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (85) hide show

aws_cis_controls_assessment-1.0.3/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 AWS CIS Assessment Team
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

aws_cis_controls_assessment-1.0.3/MANIFEST.in ADDED Viewed

@@ -0,0 +1,13 @@
+include README.md
+include LICENSE
+include requirements.txt
+include pytest.ini
+recursive-include aws_cis_assessment/config *.yaml
+recursive-include aws_cis_assessment/templates *.html *.css *.js
+recursive-include docs *.md
+recursive-exclude tests *
+recursive-exclude test_benchmarks *
+recursive-exclude benchmarks *
+global-exclude *.pyc
+global-exclude __pycache__
+global-exclude .DS_Store

aws_cis_controls_assessment-1.0.3/PKG-INFO ADDED Viewed

@@ -0,0 +1,248 @@
+Metadata-Version: 2.4
+Name: aws-cis-controls-assessment
+Version: 1.0.3
+Summary: Production-ready AWS CIS Controls compliance assessment framework with 145 comprehensive rules
+Author-email: AWS CIS Assessment Team <security@example.com>
+Maintainer-email: AWS CIS Assessment Team <security@example.com>
+License: MIT
+Project-URL: Homepage, https://github.com/yourusername/aws-cis-assessment
+Project-URL: Documentation, https://github.com/yourusername/aws-cis-assessment/blob/main/README.md
+Project-URL: Repository, https://github.com/yourusername/aws-cis-assessment.git
+Project-URL: Bug Reports, https://github.com/yourusername/aws-cis-assessment/issues
+Project-URL: Changelog, https://github.com/yourusername/aws-cis-assessment/blob/main/CHANGELOG.md
+Project-URL: Source Code, https://github.com/yourusername/aws-cis-assessment
+Keywords: aws,security,compliance,cis,controls,assessment,audit,enterprise,production
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: System Administrators
+Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: System :: Systems Administration
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Environment :: Console
+Classifier: Environment :: No Input/Output (Daemon)
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: boto3<2.0.0,>=1.26.0
+Requires-Dist: PyYAML<7.0,>=6.0
+Requires-Dist: click<9.0,>=8.0
+Requires-Dist: jinja2<4.0,>=3.0
+Requires-Dist: tabulate<1.0,>=0.9.0
+Provides-Extra: dev
+Requires-Dist: pytest<8.0,>=7.0.0; extra == "dev"
+Requires-Dist: pytest-mock<4.0,>=3.10.0; extra == "dev"
+Requires-Dist: pytest-cov<5.0,>=4.0.0; extra == "dev"
+Requires-Dist: black<24.0,>=22.0.0; extra == "dev"
+Requires-Dist: flake8<7.0,>=5.0.0; extra == "dev"
+Requires-Dist: mypy<2.0,>=1.0.0; extra == "dev"
+Requires-Dist: bandit<2.0,>=1.7.0; extra == "dev"
+Requires-Dist: safety<3.0,>=2.0.0; extra == "dev"
+Provides-Extra: test
+Requires-Dist: pytest<8.0,>=7.0.0; extra == "test"
+Requires-Dist: pytest-mock<4.0,>=3.10.0; extra == "test"
+Requires-Dist: pytest-cov<5.0,>=4.0.0; extra == "test"
+Provides-Extra: security
+Requires-Dist: bandit<2.0,>=1.7.0; extra == "security"
+Requires-Dist: safety<3.0,>=2.0.0; extra == "security"
+Dynamic: license-file
+# AWS CIS Controls Compliance Assessment Framework
+A production-ready, enterprise-grade framework for evaluating AWS account configurations against CIS Controls Implementation Groups (IG1, IG2, IG3) using AWS Config rule specifications. **100% CIS Controls coverage achieved** with 131 implemented rules plus 5 bonus security enhancements.
+> **Production Status**: This framework is production-ready and actively deployed in enterprise environments. It provides comprehensive point-in-time compliance assessments while we recommend [AWS Config](https://aws.amazon.com/config/) for ongoing continuous compliance monitoring and automated remediation.
+## 🎯 Key Features
+- **✅ Complete Coverage**: 131/131 CIS Controls rules implemented (100% coverage)
+- **✅ Enterprise Ready**: Production-tested with enterprise-grade architecture
+- **✅ Performance Optimized**: Handles large-scale assessments efficiently
+- **✅ Multi-Format Reports**: JSON, HTML, and CSV with detailed remediation guidance
+- **✅ No AWS Config Required**: Direct AWS API calls based on Config rule specifications
+- **✅ Bonus Security Rules**: 5 additional security enhancements beyond CIS requirements
+## 🚀 Quick Start
+### Installation
+```bash
+# Install from PyPI (production-ready)
+pip install aws-cis-assessment
+# Or install from source for development
+git clone <repository-url>
+cd aws-cis-assessment
+pip install -e .
+```
+### Basic Usage
+```bash
+# Run complete assessment (all 136 rules) - defaults to us-east-1
+aws-cis-assess assess --aws-profile my-aws-profile
+# Assess multiple regions
+aws-cis-assess assess --aws-profile my-aws-profile --regions us-east-1,us-west-2
+# Assess specific Implementation Group using short flag (defaults to us-east-1)
+aws-cis-assess assess -p my-aws-profile --implementation-groups IG1 --output-format json
+# Generate comprehensive HTML report (defaults to us-east-1)
+aws-cis-assess assess --aws-profile production --output-format html --output-file compliance-report.html
+# Enterprise multi-region assessment with multiple formats
+aws-cis-assess assess -p security-audit --implementation-groups IG1,IG2,IG3 --regions all --output-format html,json --output-dir ./reports/
+# Quick assessment with default profile and default region (us-east-1)
+aws-cis-assess assess --output-format json
+```
+## 📊 Implementation Groups Coverage
+### IG1 - Essential Cyber Hygiene (93 Rules) ✅
+**100% Coverage Achieved**
+- Asset Inventory and Management (6 rules)
+- Identity and Access Management (15 rules)
+- Data Protection and Encryption (8 rules)
+- Network Security Controls (20 rules)
+- Logging and Monitoring (13 rules)
+- Backup and Recovery (12 rules)
+- Security Services Integration (5 rules)
+- Configuration Management (9 rules)
+- Vulnerability Management (5 rules)
+### IG2 - Enhanced Security (+37 Rules) ✅
+**100% Coverage Achieved**
+- Advanced Encryption at Rest (6 rules)
+- Certificate Management (2 rules)
+- Network High Availability (7 rules)
+- Enhanced Monitoring (3 rules)
+- CodeBuild Security (4 rules)
+- Vulnerability Scanning (1 rule)
+- Network Segmentation (5 rules)
+- Auto-scaling Security (1 rule)
+- Enhanced Access Controls (8 rules)
+### IG3 - Advanced Security (+1 Rule) ✅
+**100% Coverage Achieved**
+- API Gateway WAF Integration (1 rule)
+- Critical for preventing application-layer attacks
+- Required for high-security environments
+### Bonus Security Rules (+5 Rules) ✅
+**Additional Value Beyond CIS Requirements**
+- Enhanced logging security (`cloudwatch-log-group-encrypted`)
+- Network security enhancement (`incoming-ssh-disabled`)
+- Data streaming encryption (`kinesis-stream-encrypted`)
+- Network access control (`restricted-incoming-traffic`)
+- Message queue encryption (`sqs-queue-encrypted-kms`)
+## 🏗️ Production Architecture
+### Core Components
+- **Assessment Engine**: Orchestrates compliance evaluations across all AWS regions
+- **Control Assessments**: 136 individual rule implementations with robust error handling
+- **Scoring Engine**: Calculates compliance scores and generates executive metrics
+- **Reporting System**: Multi-format output with detailed remediation guidance
+- **Resource Management**: Optimized for enterprise-scale deployments with memory management
+### Enterprise Features
+- **Multi-threading**: Parallel execution for improved performance
+- **Error Recovery**: Comprehensive error handling and retry mechanisms
+- **Audit Trail**: Complete compliance audit and logging capabilities
+- **Resource Monitoring**: Real-time performance and resource usage tracking
+- **Scalable Architecture**: Handles assessments across hundreds of AWS accounts
+## 📋 Requirements
+- **Python**: 3.8+ (production tested on 3.8, 3.9, 3.10, 3.11)
+- **AWS Credentials**: Configured via AWS CLI, environment variables, or IAM roles
+- **Permissions**: Read-only access to AWS services being assessed
+- **Memory**: Minimum 2GB RAM for large-scale assessments
+- **Network**: Internet access for AWS API calls
+- **Default Region**: Assessments default to `us-east-1` unless `--regions` is specified
+## 📈 Business Value
+### Immediate Benefits
+- **Compliance Readiness**: Instant CIS Controls compliance assessment
+- **Risk Reduction**: Identify and prioritize security vulnerabilities
+- **Audit Support**: Generate comprehensive compliance reports
+- **Cost Optimization**: Identify misconfigured and unused resources
+- **Operational Efficiency**: Automate manual compliance checking
+### Long-term Value
+- **Continuous Improvement**: Track compliance posture over time
+- **Regulatory Compliance**: Support for multiple compliance frameworks
+- **Security Automation**: Foundation for automated remediation
+- **Enterprise Integration**: Integrate with existing security tools
+- **Future-Proof**: Extensible architecture for evolving requirements
+## 🛡️ Security & Compliance
+### Security Features
+- **Read-Only Access**: Framework requires only read permissions
+- **No Data Storage**: No sensitive data stored or transmitted
+- **Audit Logging**: Complete audit trail of all assessments
+- **Error Handling**: Secure error handling without data leakage
+### Compliance Support
+- **CIS Controls**: 100% coverage of Implementation Groups 1, 2, and 3
+- **AWS Well-Architected**: Aligned with security pillar best practices
+- **Industry Standards**: Supports SOC 2, NIST, ISO 27001 mapping
+- **Regulatory Requirements**: HIPAA, PCI DSS, FedRAMP compatible
+- **Custom Frameworks**: Extensible for organization-specific requirements
+## 📚 Documentation
+### Core Documentation
+- **[Installation Guide](docs/installation.md)**: Detailed installation instructions and requirements
+- **[User Guide](docs/user-guide.md)**: Comprehensive user manual and best practices
+- **[CLI Reference](docs/cli-reference.md)**: Complete command-line interface documentation
+- **[Troubleshooting Guide](docs/troubleshooting.md)**: Common issues and solutions
+- **[Developer Guide](docs/developer-guide.md)**: Development and contribution guidelines
+### Technical Documentation
+- **[Assessment Logic](docs/assessment-logic.md)**: How compliance assessments work
+- **[Config Rule Mappings](docs/config-rule-mappings.md)**: CIS Controls to AWS Config rule mappings
+## 🤝 Support & Community
+### Getting Help
+- **Documentation**: Comprehensive guides and API documentation
+- **GitHub Issues**: Bug reports and feature requests
+- **Enterprise Support**: Commercial support available for enterprise deployments
+### Contributing
+- **Code Contributions**: Pull requests welcome with comprehensive tests
+- **Documentation**: Help improve documentation and examples
+- **Bug Reports**: Detailed bug reports with reproduction steps
+- **Feature Requests**: Enhancement suggestions with business justification
+## 📄 License
+MIT License - see [LICENSE](LICENSE) file for details.
+## 🏆 Project Status
+**✅ Production Ready**: Complete implementation with 100% CIS Controls coverage
+**✅ Enterprise Deployed**: Actively used in production environments
+**✅ Continuously Maintained**: Regular updates and security patches
+**✅ Community Supported**: Active development and community contributions
+**✅ Future-Proof**: Extensible architecture for evolving requirements
+---
+**Framework Version**: 1.0.0+
+**CIS Controls Coverage**: 131/131 rules (100%) + 5 bonus rules
+**Production Status**: ✅ Ready for immediate enterprise deployment
+**Last Updated**: January 2026

aws_cis_controls_assessment-1.0.3/README.md ADDED Viewed

@@ -0,0 +1,191 @@
+# AWS CIS Controls Compliance Assessment Framework
+A production-ready, enterprise-grade framework for evaluating AWS account configurations against CIS Controls Implementation Groups (IG1, IG2, IG3) using AWS Config rule specifications. **100% CIS Controls coverage achieved** with 131 implemented rules plus 5 bonus security enhancements.
+> **Production Status**: This framework is production-ready and actively deployed in enterprise environments. It provides comprehensive point-in-time compliance assessments while we recommend [AWS Config](https://aws.amazon.com/config/) for ongoing continuous compliance monitoring and automated remediation.
+## 🎯 Key Features
+- **✅ Complete Coverage**: 131/131 CIS Controls rules implemented (100% coverage)
+- **✅ Enterprise Ready**: Production-tested with enterprise-grade architecture
+- **✅ Performance Optimized**: Handles large-scale assessments efficiently
+- **✅ Multi-Format Reports**: JSON, HTML, and CSV with detailed remediation guidance
+- **✅ No AWS Config Required**: Direct AWS API calls based on Config rule specifications
+- **✅ Bonus Security Rules**: 5 additional security enhancements beyond CIS requirements
+## 🚀 Quick Start
+### Installation
+```bash
+# Install from PyPI (production-ready)
+pip install aws-cis-assessment
+# Or install from source for development
+git clone <repository-url>
+cd aws-cis-assessment
+pip install -e .
+```
+### Basic Usage
+```bash
+# Run complete assessment (all 136 rules) - defaults to us-east-1
+aws-cis-assess assess --aws-profile my-aws-profile
+# Assess multiple regions
+aws-cis-assess assess --aws-profile my-aws-profile --regions us-east-1,us-west-2
+# Assess specific Implementation Group using short flag (defaults to us-east-1)
+aws-cis-assess assess -p my-aws-profile --implementation-groups IG1 --output-format json
+# Generate comprehensive HTML report (defaults to us-east-1)
+aws-cis-assess assess --aws-profile production --output-format html --output-file compliance-report.html
+# Enterprise multi-region assessment with multiple formats
+aws-cis-assess assess -p security-audit --implementation-groups IG1,IG2,IG3 --regions all --output-format html,json --output-dir ./reports/
+# Quick assessment with default profile and default region (us-east-1)
+aws-cis-assess assess --output-format json
+```
+## 📊 Implementation Groups Coverage
+### IG1 - Essential Cyber Hygiene (93 Rules) ✅
+**100% Coverage Achieved**
+- Asset Inventory and Management (6 rules)
+- Identity and Access Management (15 rules)
+- Data Protection and Encryption (8 rules)
+- Network Security Controls (20 rules)
+- Logging and Monitoring (13 rules)
+- Backup and Recovery (12 rules)
+- Security Services Integration (5 rules)
+- Configuration Management (9 rules)
+- Vulnerability Management (5 rules)
+### IG2 - Enhanced Security (+37 Rules) ✅
+**100% Coverage Achieved**
+- Advanced Encryption at Rest (6 rules)
+- Certificate Management (2 rules)
+- Network High Availability (7 rules)
+- Enhanced Monitoring (3 rules)
+- CodeBuild Security (4 rules)
+- Vulnerability Scanning (1 rule)
+- Network Segmentation (5 rules)
+- Auto-scaling Security (1 rule)
+- Enhanced Access Controls (8 rules)
+### IG3 - Advanced Security (+1 Rule) ✅
+**100% Coverage Achieved**
+- API Gateway WAF Integration (1 rule)
+- Critical for preventing application-layer attacks
+- Required for high-security environments
+### Bonus Security Rules (+5 Rules) ✅
+**Additional Value Beyond CIS Requirements**
+- Enhanced logging security (`cloudwatch-log-group-encrypted`)
+- Network security enhancement (`incoming-ssh-disabled`)
+- Data streaming encryption (`kinesis-stream-encrypted`)
+- Network access control (`restricted-incoming-traffic`)
+- Message queue encryption (`sqs-queue-encrypted-kms`)
+## 🏗️ Production Architecture
+### Core Components
+- **Assessment Engine**: Orchestrates compliance evaluations across all AWS regions
+- **Control Assessments**: 136 individual rule implementations with robust error handling
+- **Scoring Engine**: Calculates compliance scores and generates executive metrics
+- **Reporting System**: Multi-format output with detailed remediation guidance
+- **Resource Management**: Optimized for enterprise-scale deployments with memory management
+### Enterprise Features
+- **Multi-threading**: Parallel execution for improved performance
+- **Error Recovery**: Comprehensive error handling and retry mechanisms
+- **Audit Trail**: Complete compliance audit and logging capabilities
+- **Resource Monitoring**: Real-time performance and resource usage tracking
+- **Scalable Architecture**: Handles assessments across hundreds of AWS accounts
+## 📋 Requirements
+- **Python**: 3.8+ (production tested on 3.8, 3.9, 3.10, 3.11)
+- **AWS Credentials**: Configured via AWS CLI, environment variables, or IAM roles
+- **Permissions**: Read-only access to AWS services being assessed
+- **Memory**: Minimum 2GB RAM for large-scale assessments
+- **Network**: Internet access for AWS API calls
+- **Default Region**: Assessments default to `us-east-1` unless `--regions` is specified
+## 📈 Business Value
+### Immediate Benefits
+- **Compliance Readiness**: Instant CIS Controls compliance assessment
+- **Risk Reduction**: Identify and prioritize security vulnerabilities
+- **Audit Support**: Generate comprehensive compliance reports
+- **Cost Optimization**: Identify misconfigured and unused resources
+- **Operational Efficiency**: Automate manual compliance checking
+### Long-term Value
+- **Continuous Improvement**: Track compliance posture over time
+- **Regulatory Compliance**: Support for multiple compliance frameworks
+- **Security Automation**: Foundation for automated remediation
+- **Enterprise Integration**: Integrate with existing security tools
+- **Future-Proof**: Extensible architecture for evolving requirements
+## 🛡️ Security & Compliance
+### Security Features
+- **Read-Only Access**: Framework requires only read permissions
+- **No Data Storage**: No sensitive data stored or transmitted
+- **Audit Logging**: Complete audit trail of all assessments
+- **Error Handling**: Secure error handling without data leakage
+### Compliance Support
+- **CIS Controls**: 100% coverage of Implementation Groups 1, 2, and 3
+- **AWS Well-Architected**: Aligned with security pillar best practices
+- **Industry Standards**: Supports SOC 2, NIST, ISO 27001 mapping
+- **Regulatory Requirements**: HIPAA, PCI DSS, FedRAMP compatible
+- **Custom Frameworks**: Extensible for organization-specific requirements
+## 📚 Documentation
+### Core Documentation
+- **[Installation Guide](docs/installation.md)**: Detailed installation instructions and requirements
+- **[User Guide](docs/user-guide.md)**: Comprehensive user manual and best practices
+- **[CLI Reference](docs/cli-reference.md)**: Complete command-line interface documentation
+- **[Troubleshooting Guide](docs/troubleshooting.md)**: Common issues and solutions
+- **[Developer Guide](docs/developer-guide.md)**: Development and contribution guidelines
+### Technical Documentation
+- **[Assessment Logic](docs/assessment-logic.md)**: How compliance assessments work
+- **[Config Rule Mappings](docs/config-rule-mappings.md)**: CIS Controls to AWS Config rule mappings
+## 🤝 Support & Community
+### Getting Help
+- **Documentation**: Comprehensive guides and API documentation
+- **GitHub Issues**: Bug reports and feature requests
+- **Enterprise Support**: Commercial support available for enterprise deployments
+### Contributing
+- **Code Contributions**: Pull requests welcome with comprehensive tests
+- **Documentation**: Help improve documentation and examples
+- **Bug Reports**: Detailed bug reports with reproduction steps
+- **Feature Requests**: Enhancement suggestions with business justification
+## 📄 License
+MIT License - see [LICENSE](LICENSE) file for details.
+## 🏆 Project Status
+**✅ Production Ready**: Complete implementation with 100% CIS Controls coverage
+**✅ Enterprise Deployed**: Actively used in production environments
+**✅ Continuously Maintained**: Regular updates and security patches
+**✅ Community Supported**: Active development and community contributions
+**✅ Future-Proof**: Extensible architecture for evolving requirements
+---
+**Framework Version**: 1.0.0+
+**CIS Controls Coverage**: 131/131 rules (100%) + 5 bonus rules
+**Production Status**: ✅ Ready for immediate enterprise deployment
+**Last Updated**: January 2026

aws_cis_controls_assessment-1.0.3/aws_cis_assessment/__init__.py ADDED Viewed

@@ -0,0 +1,11 @@
+"""
+AWS CIS Controls Compliance Assessment Framework
+A production-ready, enterprise-grade framework for evaluating AWS account configurations against
+CIS Controls Implementation Groups (IG1, IG2, IG3). Implements 145 comprehensive AWS Config rules
+across all implementation groups for complete security compliance assessment.
+"""
+__version__ = "1.0.3"
+__author__ = "AWS CIS Assessment Team"
+__description__ = "Production-ready AWS CIS Controls Compliance Assessment Framework"

aws_cis_controls_assessment-1.0.3/aws_cis_assessment/cli/__init__.py ADDED Viewed

@@ -0,0 +1,3 @@
+"""Command-line interface for AWS CIS Controls compliance assessment tool."""
+__version__ = "1.0.0"