aws-cis-controls-assessment 1.0.8__py3-none-any.whl → 1.0.10__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- aws_cis_assessment/__init__.py +1 -1
- aws_cis_assessment/config/rules/cis_controls_ig1.yaml +94 -1
- aws_cis_assessment/config/rules/cis_controls_ig2.yaml +83 -1
- aws_cis_assessment/controls/ig1/__init__.py +17 -0
- aws_cis_assessment/controls/ig1/control_aws_backup_service.py +1276 -0
- aws_cis_assessment/controls/ig2/__init__.py +12 -0
- aws_cis_assessment/controls/ig2/control_aws_backup_ig2.py +23 -0
- aws_cis_assessment/core/assessment_engine.py +24 -0
- aws_cis_assessment/core/models.py +1 -0
- aws_cis_assessment/core/scoring_engine.py +30 -0
- aws_cis_assessment/reporters/base_reporter.py +2 -0
- aws_cis_assessment/reporters/html_reporter.py +279 -7
- {aws_cis_controls_assessment-1.0.8.dist-info → aws_cis_controls_assessment-1.0.10.dist-info}/METADATA +57 -10
- {aws_cis_controls_assessment-1.0.8.dist-info → aws_cis_controls_assessment-1.0.10.dist-info}/RECORD +30 -24
- docs/README.md +14 -3
- docs/adding-aws-backup-controls.md +562 -0
- docs/assessment-logic.md +291 -3
- docs/cli-reference.md +1 -1
- docs/config-rule-mappings.md +46 -5
- docs/developer-guide.md +312 -3
- docs/dual-scoring-implementation.md +303 -0
- docs/installation.md +2 -2
- docs/scoring-comparison-aws-config.md +379 -0
- docs/scoring-methodology.md +350 -0
- docs/troubleshooting.md +211 -2
- docs/user-guide.md +47 -2
- {aws_cis_controls_assessment-1.0.8.dist-info → aws_cis_controls_assessment-1.0.10.dist-info}/WHEEL +0 -0
- {aws_cis_controls_assessment-1.0.8.dist-info → aws_cis_controls_assessment-1.0.10.dist-info}/entry_points.txt +0 -0
- {aws_cis_controls_assessment-1.0.8.dist-info → aws_cis_controls_assessment-1.0.10.dist-info}/licenses/LICENSE +0 -0
- {aws_cis_controls_assessment-1.0.8.dist-info → aws_cis_controls_assessment-1.0.10.dist-info}/top_level.txt +0 -0
{aws_cis_controls_assessment-1.0.8.dist-info → aws_cis_controls_assessment-1.0.10.dist-info}/RECORD
RENAMED
|
@@ -1,16 +1,16 @@
|
|
|
1
|
-
aws_cis_assessment/__init__.py,sha256=
|
|
1
|
+
aws_cis_assessment/__init__.py,sha256=Kf2-Oe7QXfomiClATeX3xR_SoB0Gl7eVtWLb5gayD1E,481
|
|
2
2
|
aws_cis_assessment/cli/__init__.py,sha256=DYaGVAIoy5ucs9ubKQxX6Z3ZD46AGz9AaIaDQXzrzeY,100
|
|
3
3
|
aws_cis_assessment/cli/examples.py,sha256=F9K2Fe297kUfwoq6Ine9Aj_IXNU-KwO9hd7SAPWeZHI,12884
|
|
4
4
|
aws_cis_assessment/cli/main.py,sha256=i5QoqHXsPG_Kw0W7jM3Zj2YaAaCJnxxnfz82QBBHq-U,49441
|
|
5
5
|
aws_cis_assessment/cli/utils.py,sha256=ufdsifIPIE9HKVZAvFXfeJgEk_aAmz01tDrEukVyL0g,9783
|
|
6
6
|
aws_cis_assessment/config/__init__.py,sha256=aSQyaKGEQ7WgldC8IocY-YK7nduzfgjI6EuDE4Xti6s,77
|
|
7
7
|
aws_cis_assessment/config/config_loader.py,sha256=Wk6gfblj8RWU5QctHjPu5tTJMIb8lbEW3Ic9z-se4uQ,13165
|
|
8
|
-
aws_cis_assessment/config/rules/cis_controls_ig1.yaml,sha256=
|
|
9
|
-
aws_cis_assessment/config/rules/cis_controls_ig2.yaml,sha256=
|
|
8
|
+
aws_cis_assessment/config/rules/cis_controls_ig1.yaml,sha256=K6GDBnhqeHqATcgYYmJ816sOplpPfp8e7S3o7fAmzPM,32388
|
|
9
|
+
aws_cis_assessment/config/rules/cis_controls_ig2.yaml,sha256=qt4zrmfeV-Lu8k06HxwCtSYqr5yZszFGN6LEYwa09w4,22102
|
|
10
10
|
aws_cis_assessment/config/rules/cis_controls_ig3.yaml,sha256=YSghyCmwKF5UNZXdQQQNsaidQ95VDUgnwvh4jsV6kQU,4347
|
|
11
11
|
aws_cis_assessment/controls/__init__.py,sha256=oVTM94UAt0Vu7Hy-V84p6LAxZHORs-RRAj9j86r_730,72
|
|
12
12
|
aws_cis_assessment/controls/base_control.py,sha256=DpjRrYdz3FzpuU_WtbvtqUBRgEoMW7Qgah-iD5Y_HJI,17227
|
|
13
|
-
aws_cis_assessment/controls/ig1/__init__.py,sha256=
|
|
13
|
+
aws_cis_assessment/controls/ig1/__init__.py,sha256=hV_Amiwd-6wcrQcSp8O_gTaqujiPkZ0BY20DdboTfkc,8411
|
|
14
14
|
aws_cis_assessment/controls/ig1/control_1_1.py,sha256=MwxaFCayJmFrBeGrVyTcLUksrPqRHId76m2Du1Vuk4I,28070
|
|
15
15
|
aws_cis_assessment/controls/ig1/control_2_2.py,sha256=yPp4aGGGzroAFqoTSaujjALSPq4jPxcaDiDIhwC11P0,11504
|
|
16
16
|
aws_cis_assessment/controls/ig1/control_3_3.py,sha256=f4ZuiMR6qSXCmVwP3OflEeZn48qpzQqq0XfjZgbq3Go,35668
|
|
@@ -18,6 +18,7 @@ aws_cis_assessment/controls/ig1/control_3_4.py,sha256=Flw_cA8_Qxv8zuIbOWv6JAYUdj
|
|
|
18
18
|
aws_cis_assessment/controls/ig1/control_4_1.py,sha256=-lIoa0XRGwiRdtG9L9f00Wud525FZbv3961bXMuiQIE,22362
|
|
19
19
|
aws_cis_assessment/controls/ig1/control_access_keys.py,sha256=Hj3G0Qpwa2EcJE-u49nvADjbESZh9YClElfP4dWYQfk,14424
|
|
20
20
|
aws_cis_assessment/controls/ig1/control_advanced_security.py,sha256=PNtPfqSKGu7UYDx6PccO8tVT5ZL6YmzeH45Cew_UjLM,24256
|
|
21
|
+
aws_cis_assessment/controls/ig1/control_aws_backup_service.py,sha256=_bUc6x7jXhav0Cm5jfX0_tk1UOa8qoso2ND1-6xsPtI,54651
|
|
21
22
|
aws_cis_assessment/controls/ig1/control_backup_recovery.py,sha256=Y5za_4lCZmA5MYhHp4OCGyL4z97cj6dbO0KfabQ5Hr0,21465
|
|
22
23
|
aws_cis_assessment/controls/ig1/control_cloudtrail_logging.py,sha256=lQOjshW8BBymvzphtWuwg4wIyv6nH2mOSiogBe_Ejfo,8514
|
|
23
24
|
aws_cis_assessment/controls/ig1/control_critical_security.py,sha256=1MVMkfOAWcH5ppFv7psZvJvcOtpww6Pl5WFXrMyN158,20942
|
|
@@ -31,11 +32,12 @@ aws_cis_assessment/controls/ig1/control_network_security.py,sha256=DyaXzpMuZ5Ba9
|
|
|
31
32
|
aws_cis_assessment/controls/ig1/control_s3_enhancements.py,sha256=uP0Ko6cjTvmpg47vNtdaFgdjVPMS6Yjww-WZQIzvk8o,7759
|
|
32
33
|
aws_cis_assessment/controls/ig1/control_s3_security.py,sha256=8vt2rnNPdgQrvO5Ds3yV74mQ7qkF0f_LpKqQLjg0AQc,18308
|
|
33
34
|
aws_cis_assessment/controls/ig1/control_vpc_security.py,sha256=RCtBUozvdIPrXKFU0ssxjBF6A9l_HMcAbRv0K87Bbhc,10639
|
|
34
|
-
aws_cis_assessment/controls/ig2/__init__.py,sha256=
|
|
35
|
+
aws_cis_assessment/controls/ig2/__init__.py,sha256=GbrrOjhA-IXxxIMbL-H7zBZoUpO_ylSgAOiVMCe0_Hw,6359
|
|
35
36
|
aws_cis_assessment/controls/ig2/control_3_10.py,sha256=xv2F85SB1Jd5g7HWZzrqGntTH3az8BbCcZLlDV2Di7g,33762
|
|
36
37
|
aws_cis_assessment/controls/ig2/control_3_11.py,sha256=Xrn1PRWQp3kK3won-AieUMIweEPQAF3Sb4OcFsUTj2A,65245
|
|
37
38
|
aws_cis_assessment/controls/ig2/control_5_2.py,sha256=5-3eHaltXP_UiMTlk3pLv4VafzBf41Vjh_8DpWfhqrw,19060
|
|
38
39
|
aws_cis_assessment/controls/ig2/control_advanced_encryption.py,sha256=S3wU0f46FIc8e50fd4zvyrLe8J5j9Ryb94he32XWVdQ,14201
|
|
40
|
+
aws_cis_assessment/controls/ig2/control_aws_backup_ig2.py,sha256=FApHDPLQFDvfyvCClbdQC-9ap6I6wpW1d6D85bvHmMQ,907
|
|
39
41
|
aws_cis_assessment/controls/ig2/control_codebuild_security.py,sha256=k2f8Xh6l09o1rb3B_J412qDsHI_Y8to3Ap8FbTGQ05g,11517
|
|
40
42
|
aws_cis_assessment/controls/ig2/control_encryption_rest.py,sha256=EQ2wK1uz9LWpZiep_kMB4zccg9keh0XMiy44fIKt49Q,18002
|
|
41
43
|
aws_cis_assessment/controls/ig2/control_encryption_transit.py,sha256=g9BOuA9ovTDT2WZ18k0i4YiZoz_Fsovihth4Kd4rE9k,18801
|
|
@@ -50,30 +52,34 @@ aws_cis_assessment/controls/ig3/control_3_14.py,sha256=fY2MZATcicuP1Zich5L7J6-MM
|
|
|
50
52
|
aws_cis_assessment/controls/ig3/control_7_1.py,sha256=GZQt0skGJVlUbGoH4MD5AoJJONf0nT9k7WQT-8F3le4,18499
|
|
51
53
|
aws_cis_assessment/core/__init__.py,sha256=aXt5Z3mqaaDvFyZPyMaJYFy66A_phfFIhhH_eyaic8Q,52
|
|
52
54
|
aws_cis_assessment/core/accuracy_validator.py,sha256=jnN2O32PpdDfWAp6erV4v4zKugC9ziJkDYnVF93FVuY,18386
|
|
53
|
-
aws_cis_assessment/core/assessment_engine.py,sha256=
|
|
55
|
+
aws_cis_assessment/core/assessment_engine.py,sha256=oKJa7562YFHqijCjk-IJ0XXEBNlNDuBoagtouKE0e84,63682
|
|
54
56
|
aws_cis_assessment/core/audit_trail.py,sha256=qapCkI2zjbAPHlHQcgYonfDYyjU2MoX5Sc2IXtYj3eE,18395
|
|
55
57
|
aws_cis_assessment/core/aws_client_factory.py,sha256=1qTLfQ3fgPBH3mWRpX1_i3bbHlQQYsmSE8vsKxKTz8w,13143
|
|
56
58
|
aws_cis_assessment/core/error_handler.py,sha256=5JgH3Y2yG1-ZSuEJR7o0ZMzqlwGWFRW2N4SjcL2gnBw,24219
|
|
57
|
-
aws_cis_assessment/core/models.py,sha256=
|
|
58
|
-
aws_cis_assessment/core/scoring_engine.py,sha256=
|
|
59
|
+
aws_cis_assessment/core/models.py,sha256=YhHTZq0DPa_m5GNuYH85uS2bq-70tYuIe19Mu-L4tmY,5825
|
|
60
|
+
aws_cis_assessment/core/scoring_engine.py,sha256=ylx2urk_DxGzU_LZB0ip-qtUzOh4yu0Mjo6Lc_AlE_A,20191
|
|
59
61
|
aws_cis_assessment/reporters/__init__.py,sha256=GXdlY08kKy1Y3mMBv8Y0JuUB69u--e5DIu2jNJpc6QI,357
|
|
60
|
-
aws_cis_assessment/reporters/base_reporter.py,sha256=
|
|
62
|
+
aws_cis_assessment/reporters/base_reporter.py,sha256=joy_O4IL4Hs_qwAuPtl81GIPxLAbUAMFKiF8r5si2aw,18082
|
|
61
63
|
aws_cis_assessment/reporters/csv_reporter.py,sha256=r83xzfP1t5AO9MfKawgN4eTeOU6eGZwJQgvNDLEd7NI,31419
|
|
62
|
-
aws_cis_assessment/reporters/html_reporter.py,sha256=
|
|
64
|
+
aws_cis_assessment/reporters/html_reporter.py,sha256=i5HBLAjZB1TKAUrc6X7-Qbzr7QTQOwLplDu-ZnDzTUs,113444
|
|
63
65
|
aws_cis_assessment/reporters/json_reporter.py,sha256=MObCzTc9nlGTEXeWc7P8tTMeKCpEaJNfcSYc79cHXhc,22250
|
|
64
|
-
aws_cis_controls_assessment-1.0.
|
|
66
|
+
aws_cis_controls_assessment-1.0.10.dist-info/licenses/LICENSE,sha256=T_p0qKH4RoI3ejr3tktf3rx2Zart_9KeUmJd5iiqXW8,1079
|
|
65
67
|
deprecation-package/aws_cis_assessment_deprecated/__init__.py,sha256=WOaufqanKNhvWQ3frj8e627tS_kZnyk2R2hwqPFqydw,1892
|
|
66
|
-
docs/README.md,sha256=
|
|
67
|
-
docs/
|
|
68
|
-
docs/
|
|
69
|
-
docs/
|
|
70
|
-
docs/
|
|
68
|
+
docs/README.md,sha256=MXnfbPRmxir-7ihG2lNmLI9TJG0Pp0QWqoDZtXiH_Mk,4912
|
|
69
|
+
docs/adding-aws-backup-controls.md,sha256=l_H0H8W71n-6NbeplNujC_li2NiaQcYPr0hQMhEPbrc,21081
|
|
70
|
+
docs/assessment-logic.md,sha256=necuK7Ufk7zusuoGq5FKjOv0Z6Ih6s4m-yfLaJCfRto,38908
|
|
71
|
+
docs/cli-reference.md,sha256=a6u_153XcDq43bw_a5CF53I9yklDxgAJ1vTG5f-5HZs,17854
|
|
72
|
+
docs/config-rule-mappings.md,sha256=IT4O5wsD0WyuTi6YLqgVZi30ZTvIyUfINf9LEzLBLr8,21755
|
|
73
|
+
docs/developer-guide.md,sha256=SqT2VEwDyIcLRcIn9BmM5J-V0qN9ctPa2JZ6wxvnqvo,43935
|
|
74
|
+
docs/dual-scoring-implementation.md,sha256=n8xwurAAx4iOyCeITE9Anvz6W6YupejVYWt6ARtmmTY,8567
|
|
71
75
|
docs/html-report-improvements.md,sha256=a0OzKvQC_KpcielntTHXMPObwulfWIDgBKnF66iaxp4,11432
|
|
72
|
-
docs/installation.md,sha256=
|
|
73
|
-
docs/
|
|
74
|
-
docs/
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
aws_cis_controls_assessment-1.0.
|
|
78
|
-
aws_cis_controls_assessment-1.0.
|
|
79
|
-
aws_cis_controls_assessment-1.0.
|
|
76
|
+
docs/installation.md,sha256=GAyHN3LseuN2dRogemnwGaDo-Udp0V23KUd_m-9SrJQ,9576
|
|
77
|
+
docs/scoring-comparison-aws-config.md,sha256=8BBe1tQsaAT0BAE3OdGIRFjuT1VJcOlM1qBWFmZKaIo,11801
|
|
78
|
+
docs/scoring-methodology.md,sha256=C86FisBxKt6pyr-Kp6rAVPz45yPZpgsGibjgq8obIsg,9404
|
|
79
|
+
docs/troubleshooting.md,sha256=mGmWgrc3A1dn-Uk_XxWFh04OQxjmqkeax8vQX7takg0,18220
|
|
80
|
+
docs/user-guide.md,sha256=lBDgU40tIPstOdNx4YqVkPTIDntn4o2y2tr2CPQt7b8,11942
|
|
81
|
+
aws_cis_controls_assessment-1.0.10.dist-info/METADATA,sha256=JCDYrRLJz3PXZflczN6RPUwkPn7RPiO-hdW6WSfYBAg,14191
|
|
82
|
+
aws_cis_controls_assessment-1.0.10.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
|
|
83
|
+
aws_cis_controls_assessment-1.0.10.dist-info/entry_points.txt,sha256=-AxPn5Y7yau0pQh33F5_uyWfvcnm2Kg1_nMQuLrZ7SY,68
|
|
84
|
+
aws_cis_controls_assessment-1.0.10.dist-info/top_level.txt,sha256=4OHmV6RAEWkz-Se50kfmuGCd-mUSotDZz3iLGF9CmkI,44
|
|
85
|
+
aws_cis_controls_assessment-1.0.10.dist-info/RECORD,,
|
docs/README.md
CHANGED
|
@@ -2,6 +2,15 @@
|
|
|
2
2
|
|
|
3
3
|
Welcome to the comprehensive documentation for the AWS CIS Controls Compliance Assessment Framework. This production-ready, enterprise-grade framework evaluates AWS account security posture against CIS Controls Implementation Groups (IG1, IG2, IG3) using AWS Config rule specifications without requiring AWS Config to be enabled.
|
|
4
4
|
|
|
5
|
+
## 🆕 Latest Updates (Version 1.0.10)
|
|
6
|
+
|
|
7
|
+
### New AWS Backup Service Controls
|
|
8
|
+
Two new controls added to assess AWS Backup infrastructure security:
|
|
9
|
+
- **backup-plan-min-frequency-and-min-retention-check** - Validates backup plan policies
|
|
10
|
+
- **backup-vault-access-policy-check** - Ensures backup vault security
|
|
11
|
+
|
|
12
|
+
See the [AWS Backup Controls Guide](adding-aws-backup-controls.md) for detailed documentation.
|
|
13
|
+
|
|
5
14
|
## Documentation Structure
|
|
6
15
|
|
|
7
16
|
### User Documentation
|
|
@@ -15,6 +24,7 @@ Welcome to the comprehensive documentation for the AWS CIS Controls Compliance A
|
|
|
15
24
|
- **[Assessment Logic](assessment-logic.md)** - Detailed assessment logic documentation
|
|
16
25
|
- **[Config Rule Mappings](config-rule-mappings.md)** - Complete mapping of CIS Controls to AWS Config rules
|
|
17
26
|
- **[HTML Report Improvements](html-report-improvements.md)** - Enhanced HTML report features and customization
|
|
27
|
+
- **[AWS Backup Controls Guide](adding-aws-backup-controls.md)** - **NEW:** Comprehensive guide for AWS Backup service controls
|
|
18
28
|
|
|
19
29
|
## Quick Start
|
|
20
30
|
|
|
@@ -25,16 +35,17 @@ Welcome to the comprehensive documentation for the AWS CIS Controls Compliance A
|
|
|
25
35
|
|
|
26
36
|
## Key Features
|
|
27
37
|
|
|
28
|
-
- **✅ Complete Coverage**:
|
|
38
|
+
- **✅ Complete Coverage**: 138 AWS Config rules (133 CIS Controls + 5 bonus security rules)
|
|
29
39
|
- **✅ Production Ready**: Enterprise-tested with comprehensive error handling
|
|
30
40
|
- **✅ Performance Optimized**: Handles large-scale assessments efficiently
|
|
31
41
|
- **✅ Multiple Output Formats**: JSON, HTML, and CSV reports with detailed remediation guidance
|
|
32
42
|
- **✅ No AWS Config Required**: Direct AWS API calls based on Config rule specifications
|
|
33
43
|
- **✅ Enterprise Architecture**: Scalable, maintainable framework with audit trails
|
|
44
|
+
- **✅ AWS Backup Controls**: Comprehensive backup infrastructure assessment
|
|
34
45
|
|
|
35
46
|
## Implementation Groups Overview
|
|
36
47
|
|
|
37
|
-
### IG1 - Essential Cyber Hygiene (
|
|
48
|
+
### IG1 - Essential Cyber Hygiene (95 Config Rules) ✅
|
|
38
49
|
**100% Coverage Achieved**
|
|
39
50
|
Foundational safeguards for all enterprises:
|
|
40
51
|
- Asset Inventory and Management (6 rules)
|
|
@@ -42,7 +53,7 @@ Foundational safeguards for all enterprises:
|
|
|
42
53
|
- Data Protection and Encryption (8 rules)
|
|
43
54
|
- Network Security Controls (20 rules)
|
|
44
55
|
- Logging and Monitoring (13 rules)
|
|
45
|
-
- Backup and Recovery (
|
|
56
|
+
- Backup and Recovery (14 rules) - **NEW: AWS Backup service controls**
|
|
46
57
|
- Security Services Integration (5 rules)
|
|
47
58
|
- Configuration Management (9 rules)
|
|
48
59
|
- Vulnerability Management (5 rules)
|