PyPI - aws-cis-controls-assessment - Versions diffs - 1.0.7__py3-none-any.whl → 1.0.9__py3-none-any.whl - Mend

aws-cis-controls-assessment 1.0.7py3-none-any.whl → 1.0.9py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

aws_cis_assessment/__init__.py CHANGED Viewed

@@ -6,6 +6,6 @@ CIS Controls Implementation Groups (IG1, IG2, IG3). Implements 145 comprehensive
 across all implementation groups for complete security compliance assessment.
 """
-__version__ = "1.0.7"
+__version__ = "1.0.9"
 __author__ = "AWS CIS Assessment Team"
 __description__ = "Production-ready AWS CIS Controls Compliance Assessment Framework"

aws_cis_assessment/controls/ig1/control_advanced_security.py CHANGED Viewed

@@ -68,8 +68,8 @@ class EC2ManagedInstanceAssociationComplianceStatusCheckAssessment(BaseConfigRul
                                 # Get association compliance status
                                 try:
                                     compliance_response = ssm_client.list_compliance_items(
-                                        ResourceId=instance_id,
-                                        ResourceType='ManagedInstance'
+                                        ResourceIds=[instance_id],
+                                        ResourceTypes=['ManagedInstance']
                                     )
                                     compliance_items = compliance_response.get('ComplianceItems', [])

aws_cis_assessment/core/assessment_engine.py CHANGED Viewed

@@ -702,12 +702,16 @@ class AssessmentEngine:
             # Calculate overall score using scoring engine
             overall_score = self.scoring_engine.calculate_overall_score(ig_scores)
+            # Calculate AWS Config-style unweighted score
+            aws_config_score = self.scoring_engine.calculate_aws_config_style_score(ig_scores)
             # Create final assessment result
             assessment_result = AssessmentResult(
                 account_id=account_id,
                 regions_assessed=self.aws_factory.regions.copy(),
                 timestamp=datetime.now(),
                 overall_score=overall_score,
+                aws_config_score=aws_config_score,  # Add AWS Config score
                 ig_scores=ig_scores,
                 total_resources_evaluated=len(all_results),
                 assessment_duration=self.progress.elapsed_time

aws_cis_assessment/core/models.py CHANGED Viewed

@@ -126,6 +126,7 @@ class AssessmentResult:
     regions_assessed: List[str]
     timestamp: datetime
     overall_score: float
+    aws_config_score: float = 0.0  # AWS Config Conformance Pack style score
     ig_scores: Dict[str, IGScore] = field(default_factory=dict)
     total_resources_evaluated: int = 0
     assessment_duration: Optional[timedelta] = None

aws_cis_assessment/core/scoring_engine.py CHANGED Viewed

@@ -47,6 +47,36 @@ class ScoringEngine:
         logger.info("ScoringEngine initialized with control and IG weights")
+    def calculate_aws_config_style_score(self, ig_scores: Dict[str, IGScore]) -> float:
+        """Calculate compliance score using AWS Config Conformance Pack approach.
+        This is a simple unweighted calculation:
+        Score = Total Compliant Resources / Total Resources
+        Args:
+            ig_scores: Dictionary of IG scores
+        Returns:
+            Unweighted compliance percentage (0-100)
+        """
+        total_compliant = 0
+        total_resources = 0
+        # Sum all compliant and total resources across all IGs and controls
+        for ig_score in ig_scores.values():
+            for control_score in ig_score.control_scores.values():
+                total_compliant += control_score.compliant_resources
+                total_resources += control_score.total_resources
+        if total_resources > 0:
+            aws_config_score = (total_compliant / total_resources) * 100
+        else:
+            aws_config_score = 0.0
+        logger.info(f"AWS Config style score: {aws_config_score:.1f}% "
+                   f"({total_compliant}/{total_resources} resources compliant)")
+        return aws_config_score
     def calculate_control_score(self, control_id: str, rule_results: List[ComplianceResult],
                               control_title: str = "", implementation_group: str = "") -> ControlScore:
         """Calculate compliance score for individual CIS Control.

aws_cis_assessment/reporters/base_reporter.py CHANGED Viewed

@@ -110,6 +110,8 @@ class ReportGenerator(ABC):
             },
             'executive_summary': {
                 'overall_compliance_percentage': compliance_summary.overall_compliance_percentage,
+                'aws_config_style_score': assessment_result.aws_config_score,  # Add AWS Config score
+                'score_difference': compliance_summary.overall_compliance_percentage - assessment_result.aws_config_score,  # Show difference
                 'ig1_compliance_percentage': compliance_summary.ig1_compliance_percentage,
                 'ig2_compliance_percentage': compliance_summary.ig2_compliance_percentage,
                 'ig3_compliance_percentage': compliance_summary.ig3_compliance_percentage,

aws-cis-controls-assessment 1.0.7__py3-none-any.whl → 1.0.9__py3-none-any.whl

aws-cis-controls-assessment 1.0.7py3-none-any.whl → 1.0.9py3-none-any.whl