aws-cis-controls-assessment 1.0.5__tar.gz → 1.0.7__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (86) hide show
  1. {aws_cis_controls_assessment-1.0.5/aws_cis_controls_assessment.egg-info → aws_cis_controls_assessment-1.0.7}/PKG-INFO +9 -9
  2. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/README.md +2 -2
  3. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/__init__.py +1 -1
  4. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_critical_security.py +33 -36
  5. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/core/assessment_engine.py +8 -3
  6. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7/aws_cis_controls_assessment.egg-info}/PKG-INFO +9 -9
  7. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_controls_assessment.egg-info/SOURCES.txt +1 -0
  8. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_controls_assessment.egg-info/top_level.txt +1 -0
  9. aws_cis_controls_assessment-1.0.7/deprecation-package/aws_cis_assessment_deprecated/__init__.py +65 -0
  10. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/docs/README.md +1 -1
  11. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/docs/developer-guide.md +2 -2
  12. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/docs/installation.md +13 -11
  13. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/pyproject.toml +6 -6
  14. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/LICENSE +0 -0
  15. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/MANIFEST.in +0 -0
  16. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/cli/__init__.py +0 -0
  17. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/cli/examples.py +0 -0
  18. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/cli/main.py +0 -0
  19. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/cli/utils.py +0 -0
  20. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/config/__init__.py +0 -0
  21. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/config/config_loader.py +0 -0
  22. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/config/rules/cis_controls_ig1.yaml +0 -0
  23. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/config/rules/cis_controls_ig2.yaml +0 -0
  24. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/config/rules/cis_controls_ig3.yaml +0 -0
  25. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/__init__.py +0 -0
  26. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/base_control.py +0 -0
  27. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/__init__.py +0 -0
  28. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_1_1.py +0 -0
  29. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_2_2.py +0 -0
  30. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_3_3.py +0 -0
  31. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_3_4.py +0 -0
  32. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_4_1.py +0 -0
  33. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_access_keys.py +0 -0
  34. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_advanced_security.py +0 -0
  35. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_backup_recovery.py +0 -0
  36. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_cloudtrail_logging.py +0 -0
  37. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_data_protection.py +0 -0
  38. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_iam_advanced.py +0 -0
  39. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_iam_governance.py +0 -0
  40. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_iam_policies.py +0 -0
  41. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_instance_optimization.py +0 -0
  42. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_network_enhancements.py +0 -0
  43. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_network_security.py +0 -0
  44. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_s3_enhancements.py +0 -0
  45. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_s3_security.py +0 -0
  46. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_vpc_security.py +0 -0
  47. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig2/__init__.py +0 -0
  48. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig2/control_3_10.py +0 -0
  49. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig2/control_3_11.py +0 -0
  50. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig2/control_5_2.py +0 -0
  51. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig2/control_advanced_encryption.py +0 -0
  52. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig2/control_codebuild_security.py +0 -0
  53. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig2/control_encryption_rest.py +0 -0
  54. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig2/control_encryption_transit.py +0 -0
  55. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig2/control_network_ha.py +0 -0
  56. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig2/control_remaining_encryption.py +0 -0
  57. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig2/control_remaining_rules.py +0 -0
  58. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig2/control_service_logging.py +0 -0
  59. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig3/__init__.py +0 -0
  60. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig3/control_12_8.py +0 -0
  61. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig3/control_13_1.py +0 -0
  62. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig3/control_3_14.py +0 -0
  63. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig3/control_7_1.py +0 -0
  64. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/core/__init__.py +0 -0
  65. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/core/accuracy_validator.py +0 -0
  66. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/core/audit_trail.py +0 -0
  67. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/core/aws_client_factory.py +0 -0
  68. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/core/error_handler.py +0 -0
  69. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/core/models.py +0 -0
  70. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/core/scoring_engine.py +0 -0
  71. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/reporters/__init__.py +0 -0
  72. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/reporters/base_reporter.py +0 -0
  73. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/reporters/csv_reporter.py +0 -0
  74. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/reporters/html_reporter.py +0 -0
  75. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/reporters/json_reporter.py +0 -0
  76. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_controls_assessment.egg-info/dependency_links.txt +0 -0
  77. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_controls_assessment.egg-info/entry_points.txt +0 -0
  78. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_controls_assessment.egg-info/requires.txt +0 -0
  79. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/docs/assessment-logic.md +0 -0
  80. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/docs/cli-reference.md +0 -0
  81. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/docs/config-rule-mappings.md +0 -0
  82. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/docs/troubleshooting.md +0 -0
  83. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/docs/user-guide.md +0 -0
  84. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/pytest.ini +0 -0
  85. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/requirements.txt +0 -0
  86. {aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/setup.cfg +0 -0
{aws_cis_controls_assessment-1.0.5/aws_cis_controls_assessment.egg-info → aws_cis_controls_assessment-1.0.7}/PKG-INFO RENAMED
@@ -1,16 +1,16 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: aws-cis-controls-assessment
3
- Version: 1.0.5
3
+ Version: 1.0.7
4
4
  Summary: Production-ready AWS CIS Controls compliance assessment framework with 145 comprehensive rules
5
5
  Author-email: AWS CIS Assessment Team <security@example.com>
6
6
  Maintainer-email: AWS CIS Assessment Team <security@example.com>
7
7
  License: MIT
8
- Project-URL: Homepage, https://github.com/yourusername/aws-cis-assessment
9
- Project-URL: Documentation, https://github.com/yourusername/aws-cis-assessment/blob/main/README.md
10
- Project-URL: Repository, https://github.com/yourusername/aws-cis-assessment.git
11
- Project-URL: Bug Reports, https://github.com/yourusername/aws-cis-assessment/issues
12
- Project-URL: Changelog, https://github.com/yourusername/aws-cis-assessment/blob/main/CHANGELOG.md
13
- Project-URL: Source Code, https://github.com/yourusername/aws-cis-assessment
8
+ Project-URL: Homepage, https://github.com/yourusername/aws-cis-controls-assessment
9
+ Project-URL: Documentation, https://github.com/yourusername/aws-cis-controls-assessment/blob/main/README.md
10
+ Project-URL: Repository, https://github.com/yourusername/aws-cis-controls-assessment.git
11
+ Project-URL: Bug Reports, https://github.com/yourusername/aws-cis-controls-assessment/issues
12
+ Project-URL: Changelog, https://github.com/yourusername/aws-cis-controls-assessment/blob/main/CHANGELOG.md
13
+ Project-URL: Source Code, https://github.com/yourusername/aws-cis-controls-assessment
14
14
  Keywords: aws,security,compliance,cis,controls,assessment,audit,enterprise,production
15
15
  Classifier: Development Status :: 5 - Production/Stable
16
16
  Classifier: Intended Audience :: System Administrators
@@ -76,11 +76,11 @@ A production-ready, enterprise-grade framework for evaluating AWS account config
76
76
 
77
77
  ```bash
78
78
  # Install from PyPI (production-ready)
79
- pip install aws-cis-assessment
79
+ pip install aws-cis-controls-assessment
80
80
 
81
81
  # Or install from source for development
82
82
  git clone <repository-url>
83
- cd aws-cis-assessment
83
+ cd aws-cis-controls-assessment
84
84
  pip install -e .
85
85
  ```
86
86
 
{aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/README.md RENAMED
@@ -19,11 +19,11 @@ A production-ready, enterprise-grade framework for evaluating AWS account config
19
19
 
20
20
  ```bash
21
21
  # Install from PyPI (production-ready)
22
- pip install aws-cis-assessment
22
+ pip install aws-cis-controls-assessment
23
23
 
24
24
  # Or install from source for development
25
25
  git clone <repository-url>
26
- cd aws-cis-assessment
26
+ cd aws-cis-controls-assessment
27
27
  pip install -e .
28
28
  ```
29
29
 
{aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/__init__.py RENAMED
@@ -6,6 +6,6 @@ CIS Controls Implementation Groups (IG1, IG2, IG3). Implements 145 comprehensive
6
6
  across all implementation groups for complete security compliance assessment.
7
7
  """
8
8
 
9
- __version__ = "1.0.5"
9
+ __version__ = "1.0.7"
10
10
  __author__ = "AWS CIS Assessment Team"
11
11
  __description__ = "Production-ready AWS CIS Controls Compliance Assessment Framework"
{aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/controls/ig1/control_critical_security.py RENAMED
@@ -32,24 +32,31 @@ class RootAccountHardwareMFAEnabledAssessment(BaseConfigRuleAssessment):
32
32
  try:
33
33
  iam_client = aws_factory.get_client('iam', region)
34
34
 
35
- # Get account summary which includes MFA device count
35
+ # Get account summary which includes MFA device count for root
36
36
  account_summary = iam_client.get_account_summary()
37
+ summary_map = account_summary.get('SummaryMap', {})
37
38
 
38
- # List MFA devices for root account (empty user name for root)
39
- mfa_devices = iam_client.list_mfa_devices()
40
-
41
- # Get virtual MFA devices to differentiate from hardware
42
- virtual_mfa_devices = iam_client.list_virtual_mfa_devices()
39
+ # Get virtual MFA devices to check if root has hardware MFA
40
+ # Virtual MFA devices can be listed without specifying a user
41
+ try:
42
+ virtual_mfa_devices = iam_client.list_virtual_mfa_devices()
43
+ virtual_mfa_list = virtual_mfa_devices.get('VirtualMFADevices', [])
44
+ except ClientError as e:
45
+ logger.warning(f"Could not list virtual MFA devices: {e}")
46
+ virtual_mfa_list = []
43
47
 
44
48
  return [{
45
49
  'account_id': aws_factory.account_id,
46
- 'account_summary': account_summary.get('SummaryMap', {}),
47
- 'mfa_devices': mfa_devices.get('MFADevices', []),
48
- 'virtual_mfa_devices': virtual_mfa_devices.get('VirtualMFADevices', [])
50
+ 'account_summary': summary_map,
51
+ 'virtual_mfa_devices': virtual_mfa_list
49
52
  }]
50
53
 
51
54
  except ClientError as e:
52
- logger.error(f"Error getting root account MFA configuration: {e}")
55
+ error_code = e.response.get('Error', {}).get('Code', '')
56
+ if error_code in ['AccessDenied', 'UnauthorizedOperation']:
57
+ logger.warning(f"Insufficient permissions to check root account MFA: {e}")
58
+ else:
59
+ logger.error(f"Error getting root account MFA configuration: {e}")
53
60
  return []
54
61
  except Exception as e:
55
62
  logger.error(f"Unexpected error in root account MFA check: {e}")
@@ -59,15 +66,15 @@ class RootAccountHardwareMFAEnabledAssessment(BaseConfigRuleAssessment):
59
66
  """Evaluate root account hardware MFA compliance."""
60
67
  try:
61
68
  account_summary = resource.get('account_summary', {})
62
- mfa_devices = resource.get('mfa_devices', [])
63
69
  virtual_mfa_devices = resource.get('virtual_mfa_devices', [])
70
+ account_id = resource.get('account_id', 'unknown')
64
71
 
65
72
  # Check if root account has any MFA devices
66
73
  account_mfa_enabled = account_summary.get('AccountMFAEnabled', 0)
67
74
 
68
75
  if account_mfa_enabled == 0:
69
76
  return ComplianceResult(
70
- resource_id=resource['account_id'],
77
+ resource_id=account_id,
71
78
  resource_type="AWS::IAM::Root",
72
79
  compliance_status=ComplianceStatus.NON_COMPLIANT,
73
80
  evaluation_reason="Root account does not have MFA enabled",
@@ -75,42 +82,32 @@ class RootAccountHardwareMFAEnabledAssessment(BaseConfigRuleAssessment):
75
82
  region=region
76
83
  )
77
84
 
78
- # Check if there are any MFA devices for root (empty UserName indicates root)
79
- root_mfa_devices = [device for device in mfa_devices if not device.get('UserName')]
80
-
81
- if not root_mfa_devices:
82
- return ComplianceResult(
83
- resource_id=resource['account_id'],
84
- resource_type="AWS::IAM::Root",
85
- compliance_status=ComplianceStatus.NON_COMPLIANT,
86
- evaluation_reason="Root account MFA is enabled but no MFA devices found",
87
- config_rule_name=self.rule_name,
88
- region=region
89
- )
90
-
91
- # Check if any of the root MFA devices are hardware (not virtual)
92
- virtual_mfa_serial_numbers = {device.get('SerialNumber') for device in virtual_mfa_devices}
93
-
94
- hardware_mfa_devices = [
95
- device for device in root_mfa_devices
96
- if device.get('SerialNumber') not in virtual_mfa_serial_numbers
85
+ # Check if root has a virtual MFA device
86
+ # Virtual MFA devices for root have SerialNumber like: arn:aws:iam::ACCOUNT_ID:mfa/root-account-mfa-device
87
+ root_virtual_mfa = [
88
+ device for device in virtual_mfa_devices
89
+ if 'root-account-mfa-device' in device.get('SerialNumber', '').lower()
90
+ or device.get('User', {}).get('Arn', '').endswith(':root')
97
91
  ]
98
92
 
99
- if not hardware_mfa_devices:
93
+ if root_virtual_mfa:
100
94
  return ComplianceResult(
101
- resource_id=resource['account_id'],
95
+ resource_id=account_id,
102
96
  resource_type="AWS::IAM::Root",
103
97
  compliance_status=ComplianceStatus.NON_COMPLIANT,
104
- evaluation_reason="Root account only has virtual MFA devices, hardware MFA required",
98
+ evaluation_reason="Root account has virtual MFA enabled, hardware MFA required for enhanced security",
105
99
  config_rule_name=self.rule_name,
106
100
  region=region
107
101
  )
108
102
 
103
+ # If MFA is enabled but no virtual MFA found, assume hardware MFA
104
+ # Note: We cannot definitively verify hardware MFA without root credentials,
105
+ # but if AccountMFAEnabled=1 and no virtual MFA exists, it's likely hardware
109
106
  return ComplianceResult(
110
- resource_id=resource['account_id'],
107
+ resource_id=account_id,
111
108
  resource_type="AWS::IAM::Root",
112
109
  compliance_status=ComplianceStatus.COMPLIANT,
113
- evaluation_reason=f"Root account has {len(hardware_mfa_devices)} hardware MFA device(s) enabled",
110
+ evaluation_reason="Root account has MFA enabled (likely hardware MFA - no virtual MFA detected)",
114
111
  config_rule_name=self.rule_name,
115
112
  region=region
116
113
  )
{aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_assessment/core/assessment_engine.py RENAMED
@@ -1134,7 +1134,10 @@ class AssessmentEngine:
1134
1134
  'assessments_by_ig': {}
1135
1135
  }
1136
1136
 
1137
- total_assessments = 0
1137
+ # Track unique rules across all IGs to avoid double-counting
1138
+ # Since IG2 includes IG1 and IG3 includes IG2, we need to count unique rules
1139
+ unique_rules = set()
1140
+
1138
1141
  for ig in implementation_groups:
1139
1142
  if ig in self._assessment_registry:
1140
1143
  ig_controls = self._filter_controls_for_ig(ig, controls, exclude_controls)
@@ -1142,9 +1145,11 @@ class AssessmentEngine:
1142
1145
  'count': len(ig_controls),
1143
1146
  'rules': list(ig_controls.keys())
1144
1147
  }
1145
- total_assessments += len(ig_controls)
1148
+ # Add rules to unique set
1149
+ unique_rules.update(ig_controls.keys())
1146
1150
 
1147
- summary['total_assessments'] = total_assessments
1151
+ # Total assessments is the count of unique rules across all selected IGs
1152
+ summary['total_assessments'] = len(unique_rules)
1148
1153
  return summary
1149
1154
 
1150
1155
  def _filter_controls_for_ig(self, implementation_group: str,
{aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7/aws_cis_controls_assessment.egg-info}/PKG-INFO RENAMED
@@ -1,16 +1,16 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: aws-cis-controls-assessment
3
- Version: 1.0.5
3
+ Version: 1.0.7
4
4
  Summary: Production-ready AWS CIS Controls compliance assessment framework with 145 comprehensive rules
5
5
  Author-email: AWS CIS Assessment Team <security@example.com>
6
6
  Maintainer-email: AWS CIS Assessment Team <security@example.com>
7
7
  License: MIT
8
- Project-URL: Homepage, https://github.com/yourusername/aws-cis-assessment
9
- Project-URL: Documentation, https://github.com/yourusername/aws-cis-assessment/blob/main/README.md
10
- Project-URL: Repository, https://github.com/yourusername/aws-cis-assessment.git
11
- Project-URL: Bug Reports, https://github.com/yourusername/aws-cis-assessment/issues
12
- Project-URL: Changelog, https://github.com/yourusername/aws-cis-assessment/blob/main/CHANGELOG.md
13
- Project-URL: Source Code, https://github.com/yourusername/aws-cis-assessment
8
+ Project-URL: Homepage, https://github.com/yourusername/aws-cis-controls-assessment
9
+ Project-URL: Documentation, https://github.com/yourusername/aws-cis-controls-assessment/blob/main/README.md
10
+ Project-URL: Repository, https://github.com/yourusername/aws-cis-controls-assessment.git
11
+ Project-URL: Bug Reports, https://github.com/yourusername/aws-cis-controls-assessment/issues
12
+ Project-URL: Changelog, https://github.com/yourusername/aws-cis-controls-assessment/blob/main/CHANGELOG.md
13
+ Project-URL: Source Code, https://github.com/yourusername/aws-cis-controls-assessment
14
14
  Keywords: aws,security,compliance,cis,controls,assessment,audit,enterprise,production
15
15
  Classifier: Development Status :: 5 - Production/Stable
16
16
  Classifier: Intended Audience :: System Administrators
@@ -76,11 +76,11 @@ A production-ready, enterprise-grade framework for evaluating AWS account config
76
76
 
77
77
  ```bash
78
78
  # Install from PyPI (production-ready)
79
- pip install aws-cis-assessment
79
+ pip install aws-cis-controls-assessment
80
80
 
81
81
  # Or install from source for development
82
82
  git clone <repository-url>
83
- cd aws-cis-assessment
83
+ cd aws-cis-controls-assessment
84
84
  pip install -e .
85
85
  ```
86
86
 
{aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_controls_assessment.egg-info/SOURCES.txt RENAMED
@@ -73,6 +73,7 @@ aws_cis_controls_assessment.egg-info/dependency_links.txt
73
73
  aws_cis_controls_assessment.egg-info/entry_points.txt
74
74
  aws_cis_controls_assessment.egg-info/requires.txt
75
75
  aws_cis_controls_assessment.egg-info/top_level.txt
76
+ deprecation-package/aws_cis_assessment_deprecated/__init__.py
76
77
  docs/README.md
77
78
  docs/assessment-logic.md
78
79
  docs/cli-reference.md
{aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/aws_cis_controls_assessment.egg-info/top_level.txt RENAMED
@@ -1,6 +1,7 @@
1
1
  aws-config-rules
2
2
  aws_cis_assessment
3
3
  benchmarks
4
+ deprecation-package
4
5
  dist
5
6
  docs
6
7
  reports
aws_cis_controls_assessment-1.0.7/deprecation-package/aws_cis_assessment_deprecated/__init__.py ADDED
@@ -0,0 +1,65 @@
1
+ """
2
+ DEPRECATED: This package has been renamed to aws-cis-controls-assessment
3
+
4
+ This is a deprecation shim that redirects to the new package.
5
+ """
6
+
7
+ import warnings
8
+ import sys
9
+
10
+ # Show deprecation warning
11
+ warnings.warn(
12
+ "\n\n"
13
+ "=" * 80 + "\n"
14
+ "⚠️ DEPRECATION WARNING\n"
15
+ "=" * 80 + "\n"
16
+ "The package 'aws-cis-assessment' has been renamed to 'aws-cis-controls-assessment'\n"
17
+ "\n"
18
+ "Please uninstall this package and install the new one:\n"
19
+ " pip uninstall aws-cis-assessment\n"
20
+ " pip install aws-cis-controls-assessment\n"
21
+ "\n"
22
+ "This deprecation package will not receive updates.\n"
23
+ "All development continues under 'aws-cis-controls-assessment'.\n"
24
+ "=" * 80 + "\n",
25
+ DeprecationWarning,
26
+ stacklevel=2
27
+ )
28
+
29
+ __version__ = "1.0.3.post1"
30
+ __deprecated__ = True
31
+
32
+
33
+ def main():
34
+ """
35
+ Entry point that shows deprecation warning and delegates to the new package.
36
+ """
37
+ print("\n" + "=" * 80)
38
+ print("⚠️ DEPRECATION WARNING")
39
+ print("=" * 80)
40
+ print("The package 'aws-cis-assessment' has been renamed to 'aws-cis-controls-assessment'")
41
+ print()
42
+ print("Please uninstall this package and install the new one:")
43
+ print(" pip uninstall aws-cis-assessment")
44
+ print(" pip install aws-cis-controls-assessment")
45
+ print()
46
+ print("Attempting to run the new package...")
47
+ print("=" * 80 + "\n")
48
+
49
+ try:
50
+ # Try to import and run the new package
51
+ from aws_cis_assessment.cli.main import main as new_main
52
+ new_main()
53
+ except ImportError:
54
+ print("\n" + "=" * 80)
55
+ print("❌ ERROR: The new package 'aws-cis-controls-assessment' is not installed.")
56
+ print("=" * 80)
57
+ print()
58
+ print("Please install it manually:")
59
+ print(" pip install aws-cis-controls-assessment")
60
+ print()
61
+ sys.exit(1)
62
+
63
+
64
+ if __name__ == "__main__":
65
+ main()
{aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/docs/README.md RENAMED
@@ -17,7 +17,7 @@ Welcome to the comprehensive documentation for the AWS CIS Controls Compliance A
17
17
 
18
18
  ## Quick Start
19
19
 
20
- 1. **Install the framework**: `pip install aws-cis-assessment`
20
+ 1. **Install the framework**: `pip install aws-cis-controls-assessment`
21
21
  2. **Configure AWS credentials**: `aws configure` or set environment variables
22
22
  3. **Run basic assessment**: `aws-cis-assess assess`
23
23
  4. **View results**: Open the generated HTML report
{aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/docs/developer-guide.md RENAMED
@@ -70,8 +70,8 @@ aws_cis_assessment/
70
70
 
71
71
  ```bash
72
72
  # Clone the repository
73
- git clone https://github.com/your-org/aws-cis-assessment.git
74
- cd aws-cis-assessment
73
+ git clone https://github.com/your-org/aws-cis-controls-assessment.git
74
+ cd aws-cis-controls-assessment
75
75
 
76
76
  # Create virtual environment
77
77
  python -m venv venv
{aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/docs/installation.md RENAMED
@@ -2,6 +2,8 @@
2
2
 
3
3
  This guide covers the installation and initial setup of the AWS CIS Controls Compliance Assessment Framework - a production-ready, enterprise-grade solution for AWS security compliance assessment.
4
4
 
5
+ > **📦 Package Name Change**: Starting from version 1.0.4, this package is published as `aws-cis-controls-assessment` (previously `aws-cis-assessment`). If you have the old package installed, please uninstall it first: `pip uninstall aws-cis-assessment` then install the new package: `pip install aws-cis-controls-assessment`
6
+
5
7
  ## Production Status
6
8
 
7
9
  **✅ Ready for Enterprise Deployment**
@@ -33,7 +35,7 @@ This guide covers the installation and initial setup of the AWS CIS Controls Com
33
35
 
34
36
  ```bash
35
37
  # Install the latest production version
36
- pip install aws-cis-assessment
38
+ pip install aws-cis-controls-assessment
37
39
 
38
40
  # Verify installation
39
41
  aws-cis-assess --version
@@ -43,8 +45,8 @@ aws-cis-assess --version
43
45
 
44
46
  ```bash
45
47
  # Clone the repository
46
- git clone https://github.com/your-org/aws-cis-assessment.git
47
- cd aws-cis-assessment
48
+ git clone https://github.com/your-org/aws-cis-controls-assessment.git
49
+ cd aws-cis-controls-assessment
48
50
 
49
51
  # Create virtual environment (recommended)
50
52
  python -m venv venv
@@ -223,18 +225,18 @@ aws-cis-assess assess --dry-run
223
225
  python --version
224
226
 
225
227
  # Use specific Python version
226
- python3.9 -m pip install aws-cis-assessment
228
+ python3.9 -m pip install aws-cis-controls-assessment
227
229
  ```
228
230
 
229
231
  #### Permission Issues
230
232
  ```bash
231
233
  # Install for current user only
232
- pip install --user aws-cis-assessment
234
+ pip install --user aws-cis-controls-assessment
233
235
 
234
236
  # Use virtual environment
235
237
  python -m venv aws-cis-env
236
238
  source aws-cis-env/bin/activate
237
- pip install aws-cis-assessment
239
+ pip install aws-cis-controls-assessment
238
240
  ```
239
241
 
240
242
  #### AWS Credential Issues
@@ -249,7 +251,7 @@ aws-cis-assess validate-credentials --verbose
249
251
  #### Network/Proxy Issues
250
252
  ```bash
251
253
  # Install with proxy
252
- pip install --proxy http://proxy.company.com:8080 aws-cis-assessment
254
+ pip install --proxy http://proxy.company.com:8080 aws-cis-controls-assessment
253
255
 
254
256
  # Configure AWS CLI with proxy
255
257
  aws configure set proxy.http http://proxy.company.com:8080
@@ -275,16 +277,16 @@ After successful installation:
275
277
  3. **Run Your First Assessment**: Follow the quick start in the user guide
276
278
  4. **Explore CLI Commands**: `docs/cli-reference.md`
277
279
 
278
- ## Upgrading
280
+ ### Upgrading
279
281
 
280
282
  ### Upgrade from PyPI
281
283
  ```bash
282
- pip install --upgrade aws-cis-assessment
284
+ pip install --upgrade aws-cis-controls-assessment
283
285
  ```
284
286
 
285
287
  ### Upgrade from Source
286
288
  ```bash
287
- cd aws-cis-assessment
289
+ cd aws-cis-controls-assessment
288
290
  git pull origin main
289
291
  pip install -e .
290
292
  ```
@@ -295,5 +297,5 @@ pip install -e .
295
297
  aws-cis-assess --version
296
298
 
297
299
  # Check for available updates
298
- pip list --outdated | grep aws-cis-assessment
300
+ pip list --outdated | grep aws-cis-controls-assessment
299
301
  ```
{aws_cis_controls_assessment-1.0.5 → aws_cis_controls_assessment-1.0.7}/pyproject.toml RENAMED
@@ -65,12 +65,12 @@ security = [
65
65
  ]
66
66
 
67
67
  [project.urls]
68
- Homepage = "https://github.com/yourusername/aws-cis-assessment"
69
- Documentation = "https://github.com/yourusername/aws-cis-assessment/blob/main/README.md"
70
- Repository = "https://github.com/yourusername/aws-cis-assessment.git"
71
- "Bug Reports" = "https://github.com/yourusername/aws-cis-assessment/issues"
72
- Changelog = "https://github.com/yourusername/aws-cis-assessment/blob/main/CHANGELOG.md"
73
- "Source Code" = "https://github.com/yourusername/aws-cis-assessment"
68
+ Homepage = "https://github.com/yourusername/aws-cis-controls-assessment"
69
+ Documentation = "https://github.com/yourusername/aws-cis-controls-assessment/blob/main/README.md"
70
+ Repository = "https://github.com/yourusername/aws-cis-controls-assessment.git"
71
+ "Bug Reports" = "https://github.com/yourusername/aws-cis-controls-assessment/issues"
72
+ Changelog = "https://github.com/yourusername/aws-cis-controls-assessment/blob/main/CHANGELOG.md"
73
+ "Source Code" = "https://github.com/yourusername/aws-cis-controls-assessment"
74
74
 
75
75
  [project.scripts]
76
76
  aws-cis-assess = "aws_cis_assessment.cli.main:main"