aws-cis-controls-assessment 1.0.8__py3-none-any.whl → 1.0.9__py3-none-any.whl

aws_cis_assessment/__init__.py

@@ -6,6 +6,6 @@ CIS Controls Implementation Groups (IG1, IG2, IG3). Implements 145 comprehensive
 across all implementation groups for complete security compliance assessment.
 """
 
-__version__ = "1.0.8"
+__version__ = "1.0.9"
 __author__ = "AWS CIS Assessment Team"
 __description__ = "Production-ready AWS CIS Controls Compliance Assessment Framework"

aws_cis_assessment/core/assessment_engine.py

@@ -702,12 +702,16 @@ class AssessmentEngine:
             # Calculate overall score using scoring engine
             overall_score = self.scoring_engine.calculate_overall_score(ig_scores)
             
+            # Calculate AWS Config-style unweighted score
+            aws_config_score = self.scoring_engine.calculate_aws_config_style_score(ig_scores)
+            
             # Create final assessment result
             assessment_result = AssessmentResult(
                 account_id=account_id,
                 regions_assessed=self.aws_factory.regions.copy(),
                 timestamp=datetime.now(),
                 overall_score=overall_score,
+                aws_config_score=aws_config_score,  # Add AWS Config score
                 ig_scores=ig_scores,
                 total_resources_evaluated=len(all_results),
                 assessment_duration=self.progress.elapsed_time

aws_cis_assessment/core/models.py

@@ -126,6 +126,7 @@ class AssessmentResult:
     regions_assessed: List[str]
     timestamp: datetime
     overall_score: float
+    aws_config_score: float = 0.0  # AWS Config Conformance Pack style score
     ig_scores: Dict[str, IGScore] = field(default_factory=dict)
     total_resources_evaluated: int = 0
     assessment_duration: Optional[timedelta] = None

aws_cis_assessment/core/scoring_engine.py

@@ -47,6 +47,36 @@ class ScoringEngine:
         
         logger.info("ScoringEngine initialized with control and IG weights")
     
+    def calculate_aws_config_style_score(self, ig_scores: Dict[str, IGScore]) -> float:
+        """Calculate compliance score using AWS Config Conformance Pack approach.
+        
+        This is a simple unweighted calculation:
+        Score = Total Compliant Resources / Total Resources
+        
+        Args:
+            ig_scores: Dictionary of IG scores
+            
+        Returns:
+            Unweighted compliance percentage (0-100)
+        """
+        total_compliant = 0
+        total_resources = 0
+        
+        # Sum all compliant and total resources across all IGs and controls
+        for ig_score in ig_scores.values():
+            for control_score in ig_score.control_scores.values():
+                total_compliant += control_score.compliant_resources
+                total_resources += control_score.total_resources
+        
+        if total_resources > 0:
+            aws_config_score = (total_compliant / total_resources) * 100
+        else:
+            aws_config_score = 0.0
+        
+        logger.info(f"AWS Config style score: {aws_config_score:.1f}% "
+                   f"({total_compliant}/{total_resources} resources compliant)")
+        return aws_config_score
+    
     def calculate_control_score(self, control_id: str, rule_results: List[ComplianceResult],
                               control_title: str = "", implementation_group: str = "") -> ControlScore:
         """Calculate compliance score for individual CIS Control.

aws_cis_assessment/reporters/base_reporter.py

@@ -110,6 +110,8 @@ class ReportGenerator(ABC):
             },
             'executive_summary': {
                 'overall_compliance_percentage': compliance_summary.overall_compliance_percentage,
+                'aws_config_style_score': assessment_result.aws_config_score,  # Add AWS Config score
+                'score_difference': compliance_summary.overall_compliance_percentage - assessment_result.aws_config_score,  # Show difference
                 'ig1_compliance_percentage': compliance_summary.ig1_compliance_percentage,
                 'ig2_compliance_percentage': compliance_summary.ig2_compliance_percentage,
                 'ig3_compliance_percentage': compliance_summary.ig3_compliance_percentage,

aws_cis_assessment/reporters/html_reporter.py

@@ -962,6 +962,171 @@ class HTMLReporter(ReportGenerator):
             }
         }
         
+        /* Score Comparison Styles */
+        .score-comparison-section {
+            background: white;
+            border-radius: 8px;
+            padding: 25px;
+            margin-bottom: 30px;
+            box-shadow: 0 2px 4px rgba(0,0,0,0.1);
+        }
+        
+        .comparison-grid {
+            display: grid;
+            grid-template-columns: 1fr 1fr;
+            gap: 20px;
+            margin-bottom: 20px;
+        }
+        
+        .comparison-card {
+            background: #f8f9fa;
+            border-radius: 8px;
+            padding: 20px;
+            border: 2px solid #e9ecef;
+        }
+        
+        .comparison-card h4 {
+            margin: 0 0 15px 0;
+            color: #2c3e50;
+            font-size: 1.1em;
+        }
+        
+        .comparison-value {
+            font-size: 2.5em;
+            font-weight: bold;
+            margin: 10px 0;
+        }
+        
+        .comparison-card.weighted .comparison-value {
+            color: #3498db;
+        }
+        
+        .comparison-card.aws-config .comparison-value {
+            color: #9b59b6;
+        }
+        
+        .comparison-features {
+            list-style: none;
+            padding: 0;
+            margin: 15px 0 0 0;
+        }
+        
+        .comparison-features li {
+            padding: 5px 0;
+            color: #666;
+            font-size: 0.9em;
+        }
+        
+        .comparison-features li:before {
+            content: "✓ ";
+            color: #27ae60;
+            font-weight: bold;
+            margin-right: 5px;
+        }
+        
+        .score-difference {
+            background: #fff3cd;
+            border: 1px solid #ffc107;
+            border-radius: 8px;
+            padding: 15px;
+            margin-top: 20px;
+            display: flex;
+            align-items: center;
+            gap: 15px;
+        }
+        
+        .diff-icon {
+            font-size: 2em;
+            flex-shrink: 0;
+        }
+        
+        .diff-content {
+            flex-grow: 1;
+        }
+        
+        .diff-content strong {
+            display: block;
+            margin-bottom: 5px;
+            color: #856404;
+        }
+        
+        .diff-content p {
+            margin: 0;
+            color: #856404;
+            font-size: 0.9em;
+        }
+        
+        .score-difference.neutral {
+            background: #d1ecf1;
+            border-color: #17a2b8;
+        }
+        
+        .score-difference.neutral .diff-content strong,
+        .score-difference.neutral .diff-content p {
+            color: #0c5460;
+        }
+        
+        .score-difference.warning {
+            background: #fff3cd;
+            border-color: #ffc107;
+        }
+        
+        .score-difference.warning .diff-content strong,
+        .score-difference.warning .diff-content p {
+            color: #856404;
+        }
+        
+        .score-difference.positive {
+            background: #d4edda;
+            border-color: #28a745;
+        }
+        
+        .score-difference.positive .diff-content strong,
+        .score-difference.positive .diff-content p {
+            color: #155724;
+        }
+        
+        .methodology-note {
+            background: #e7f3ff;
+            border-left: 4px solid #3498db;
+            padding: 15px;
+            margin-top: 20px;
+            border-radius: 4px;
+        }
+        
+        .methodology-note h5 {
+            margin: 0 0 10px 0;
+            color: #2c3e50;
+            font-size: 1em;
+        }
+        
+        .methodology-note p {
+            margin: 5px 0;
+            color: #555;
+            font-size: 0.9em;
+            line-height: 1.6;
+        }
+        
+        .methodology-note a {
+            color: #3498db;
+            text-decoration: none;
+            font-weight: 500;
+        }
+        
+        .methodology-note a:hover {
+            text-decoration: underline;
+        }
+        
+        @media (max-width: 768px) {
+            .comparison-grid {
+                grid-template-columns: 1fr;
+            }
+            
+            .comparison-value {
+                font-size: 2em;
+            }
+        }
+        
         /* Print styles */
         @media print {
             .navigation {
@@ -1300,6 +1465,18 @@ class HTMLReporter(ReportGenerator):
             a.click();
             window.URL.revokeObjectURL(url);
         }}
+        
+        // Toggle scoring details
+        function toggleScoringDetails() {{
+            const detailsSection = document.getElementById('scoringDetails');
+            if (detailsSection) {{
+                if (detailsSection.style.display === 'none') {{
+                    detailsSection.style.display = 'block';
+                }} else {{
+                    detailsSection.style.display = 'none';
+                }}
+            }}
+        }}
         """
     
     def _generate_header(self, html_data: Dict[str, Any]) -> str:
@@ -1362,14 +1539,22 @@ class HTMLReporter(ReportGenerator):
         
         # Generate metric cards
         overall_status = self._get_status_class(exec_summary.get("overall_compliance_percentage", 0))
+        aws_config_score = exec_summary.get('aws_config_style_score', 0)
+        score_diff = exec_summary.get('score_difference', 0)
         
         metric_cards = f"""
         <div class="metric-card {overall_status}">
             <div class="metric-value">{exec_summary.get('overall_compliance_percentage', 0):.1f}%</div>
-            <div class="metric-label">Overall Compliance</div>
+            <div class="metric-label">Weighted Compliance Score</div>
             <div class="metric-trend trend-stable">Grade: {exec_summary.get('compliance_grade', 'N/A')}</div>
         </div>
         
+        <div class="metric-card">
+            <div class="metric-value">{aws_config_score:.1f}%</div>
+            <div class="metric-label">AWS Config Style Score</div>
+            <div class="metric-trend trend-stable">Unweighted</div>
+        </div>
+        
         <div class="metric-card">
             <div class="metric-value">{exec_summary.get('total_resources', 0):,}</div>
             <div class="metric-label">Resources Evaluated</div>
@@ -1381,14 +1566,15 @@ class HTMLReporter(ReportGenerator):
             <div class="metric-label">Compliant Resources</div>
             <div class="metric-trend trend-up">{(exec_summary.get('compliant_resources', 0) / max(exec_summary.get('total_resources', 1), 1) * 100):.1f}% of total</div>
         </div>
-        
-        <div class="metric-card">
-            <div class="metric-value">{exec_summary.get('non_compliant_resources', 0):,}</div>
-            <div class="metric-label">Non-Compliant Resources</div>
-            <div class="metric-trend trend-down">Require attention</div>
-        </div>
         """
         
+        # Add scoring comparison section
+        score_comparison = self._generate_score_comparison_section(
+            exec_summary.get('overall_compliance_percentage', 0),
+            aws_config_score,
+            score_diff
+        )
+        
         # Generate IG progress bars
         ig_progress = ""
         for ig in ['ig1', 'ig2', 'ig3']:
@@ -1435,6 +1621,8 @@ class HTMLReporter(ReportGenerator):
                 {metric_cards}
             </div>
             
+            {score_comparison}
+            
             <div class="ig-progress-section">
                 <h3>Implementation Groups Progress</h3>
                 {ig_progress}
@@ -1910,6 +2098,90 @@ class HTMLReporter(ReportGenerator):
             display_findings.append(display_finding)
         return display_findings
     
+    def _generate_score_comparison_section(self, weighted_score: float, 
+                                          aws_config_score: float, 
+                                          score_diff: float) -> str:
+        """Generate scoring methodology comparison section.
+        
+        Args:
+            weighted_score: Our weighted compliance score
+            aws_config_score: AWS Config Conformance Pack style score
+            score_diff: Difference between the two scores
+            
+        Returns:
+            HTML section comparing the two scoring approaches
+        """
+        # Determine interpretation based on difference
+        if abs(score_diff) < 1.0:
+            interpretation = "Both scoring approaches show similar results, indicating balanced compliance across all control priorities."
+            icon = "ℹ️"
+            diff_class = "neutral"
+        elif score_diff < 0:
+            # Weighted score is lower
+            interpretation = f"The weighted score is {abs(score_diff):.1f}% lower, indicating critical security controls need attention despite good overall resource compliance."
+            icon = "⚠️"
+            diff_class = "warning"
+        else:
+            # Weighted score is higher
+            interpretation = f"The weighted score is {score_diff:.1f}% higher, indicating strong performance in critical security controls despite some gaps in less critical areas."
+            icon = "✓"
+            diff_class = "positive"
+        
+        return f"""
+        <div class="score-comparison-section">
+            <h3>Scoring Methodology Comparison</h3>
+            <div class="comparison-grid">
+                <div class="comparison-card">
+                    <h4>Weighted Score (Our Approach)</h4>
+                    <div class="comparison-value">{weighted_score:.1f}%</div>
+                    <p class="comparison-description">
+                        Uses risk-based weighting where critical controls (encryption, access control) 
+                        have higher impact on the overall score. Reflects actual security posture.
+                    </p>
+                    <ul class="comparison-features">
+                        <li>✓ Prioritizes critical security controls</li>
+                        <li>✓ Prevents resource count skew</li>
+                        <li>✓ Guides remediation priorities</li>
+                    </ul>
+                </div>
+                
+                <div class="comparison-card">
+                    <h4>AWS Config Style Score</h4>
+                    <div class="comparison-value">{aws_config_score:.1f}%</div>
+                    <p class="comparison-description">
+                        Simple unweighted calculation: compliant resources divided by total resources. 
+                        All rules treated equally regardless of security criticality.
+                    </p>
+                    <ul class="comparison-features">
+                        <li>✓ Simple and straightforward</li>
+                        <li>✓ Easy to audit</li>
+                        <li>✓ Resource-level tracking</li>
+                    </ul>
+                </div>
+            </div>
+            
+            <div class="score-difference {diff_class}">
+                <span class="diff-icon">{icon}</span>
+                <div class="diff-content">
+                    <strong>Score Difference: {score_diff:+.1f}%</strong>
+                    <p>{interpretation}</p>
+                </div>
+            </div>
+            
+            <div class="methodology-note">
+                <strong>Which score should I use?</strong>
+                <ul>
+                    <li><strong>Weighted Score:</strong> Use for security decision-making, risk prioritization, and remediation planning</li>
+                    <li><strong>AWS Config Style:</strong> Use for compliance reporting, audits, and simple stakeholder communication</li>
+                    <li><strong>Both:</strong> Track both metrics for comprehensive security program management</li>
+                </ul>
+                <p>
+                    <a href="#" onclick="toggleScoringDetails(); return false;">Learn more about scoring methodologies →</a>
+                </p>
+            </div>
+        </div>
+        """
+    
     def set_chart_options(self, include_charts: bool = True) -> None:
         """Configure chart inclusion options.
         

{aws_cis_controls_assessment-1.0.8.dist-info → aws_cis_controls_assessment-1.0.9.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aws-cis-controls-assessment
-Version: 1.0.8
+Version: 1.0.9
 Summary: Production-ready AWS CIS Controls compliance assessment framework with 145 comprehensive rules
 Author-email: AWS CIS Assessment Team <security@example.com>
 Maintainer-email: AWS CIS Assessment Team <security@example.com>
@@ -64,6 +64,7 @@ A production-ready, enterprise-grade framework for evaluating AWS account config
 ## 🎯 Key Features
 
 - **✅ Complete Coverage**: 131/131 CIS Controls rules implemented (100% coverage)
+- **✅ Dual Scoring System**: Both weighted and AWS Config-style scoring methodologies
 - **✅ Enterprise Ready**: Production-tested with enterprise-grade architecture
 - **✅ Performance Optimized**: Handles large-scale assessments efficiently
 - **✅ Multi-Format Reports**: JSON, HTML, and CSV with detailed remediation guidance
@@ -208,6 +209,9 @@ aws-cis-assess assess --output-format json
 - **[Installation Guide](docs/installation.md)**: Detailed installation instructions and requirements
 - **[User Guide](docs/user-guide.md)**: Comprehensive user manual and best practices
 - **[CLI Reference](docs/cli-reference.md)**: Complete command-line interface documentation
+- **[Dual Scoring Guide](docs/dual-scoring-implementation.md)**: Weighted vs AWS Config scoring methodologies
+- **[Scoring Methodology](docs/scoring-methodology.md)**: Detailed explanation of weighted scoring
+- **[AWS Config Comparison](docs/scoring-comparison-aws-config.md)**: Comparison with AWS Config approach
 - **[Troubleshooting Guide](docs/troubleshooting.md)**: Common issues and solutions
 - **[Developer Guide](docs/developer-guide.md)**: Development and contribution guidelines
 

{aws_cis_controls_assessment-1.0.8.dist-info → aws_cis_controls_assessment-1.0.9.dist-info}/RECORD

@@ -1,4 +1,4 @@
-aws_cis_assessment/__init__.py,sha256=trVrC7YvGPjivqPsY-Z2mULRuYcQBDAHH8d8zPB8rYw,480
+aws_cis_assessment/__init__.py,sha256=EO4JEYzH1KqBsVY47ECD1ctR40yddm7WEfZRGfctQf8,480
 aws_cis_assessment/cli/__init__.py,sha256=DYaGVAIoy5ucs9ubKQxX6Z3ZD46AGz9AaIaDQXzrzeY,100
 aws_cis_assessment/cli/examples.py,sha256=F9K2Fe297kUfwoq6Ine9Aj_IXNU-KwO9hd7SAPWeZHI,12884
 aws_cis_assessment/cli/main.py,sha256=i5QoqHXsPG_Kw0W7jM3Zj2YaAaCJnxxnfz82QBBHq-U,49441
@@ -50,30 +50,33 @@ aws_cis_assessment/controls/ig3/control_3_14.py,sha256=fY2MZATcicuP1Zich5L7J6-MM
 aws_cis_assessment/controls/ig3/control_7_1.py,sha256=GZQt0skGJVlUbGoH4MD5AoJJONf0nT9k7WQT-8F3le4,18499
 aws_cis_assessment/core/__init__.py,sha256=aXt5Z3mqaaDvFyZPyMaJYFy66A_phfFIhhH_eyaic8Q,52
 aws_cis_assessment/core/accuracy_validator.py,sha256=jnN2O32PpdDfWAp6erV4v4zKugC9ziJkDYnVF93FVuY,18386
-aws_cis_assessment/core/assessment_engine.py,sha256=QqQXWHRJOZadigA7fSwZld2nl2qhFY-MEhcDk2mVazY,62268
+aws_cis_assessment/core/assessment_engine.py,sha256=-dxww7Qp-dww3pUmyLOBAt44U2CrcP_8WmhjFrJ8sMw,62509
 aws_cis_assessment/core/audit_trail.py,sha256=qapCkI2zjbAPHlHQcgYonfDYyjU2MoX5Sc2IXtYj3eE,18395
 aws_cis_assessment/core/aws_client_factory.py,sha256=1qTLfQ3fgPBH3mWRpX1_i3bbHlQQYsmSE8vsKxKTz8w,13143
 aws_cis_assessment/core/error_handler.py,sha256=5JgH3Y2yG1-ZSuEJR7o0ZMzqlwGWFRW2N4SjcL2gnBw,24219
-aws_cis_assessment/core/models.py,sha256=qjkc_AAyUlUBWlOoM0E8mS9vP03cR38gTt2OpEzExJU,5748
-aws_cis_assessment/core/scoring_engine.py,sha256=JYSPZA9oYJZoH3khxHNzRe5asFIm9DovDGvugxKmy74,18990
+aws_cis_assessment/core/models.py,sha256=YhHTZq0DPa_m5GNuYH85uS2bq-70tYuIe19Mu-L4tmY,5825
+aws_cis_assessment/core/scoring_engine.py,sha256=ylx2urk_DxGzU_LZB0ip-qtUzOh4yu0Mjo6Lc_AlE_A,20191
 aws_cis_assessment/reporters/__init__.py,sha256=GXdlY08kKy1Y3mMBv8Y0JuUB69u--e5DIu2jNJpc6QI,357
-aws_cis_assessment/reporters/base_reporter.py,sha256=xalVCTpNzSrTcfZmyRL2I-3B6dd6sbeBIkatUiSDTrs,17838
+aws_cis_assessment/reporters/base_reporter.py,sha256=joy_O4IL4Hs_qwAuPtl81GIPxLAbUAMFKiF8r5si2aw,18082
 aws_cis_assessment/reporters/csv_reporter.py,sha256=r83xzfP1t5AO9MfKawgN4eTeOU6eGZwJQgvNDLEd7NI,31419
-aws_cis_assessment/reporters/html_reporter.py,sha256=TzCVxPGSFs0N5Zzz2evdm88gu7vjSXJJpzvEW-kimfY,104214
+aws_cis_assessment/reporters/html_reporter.py,sha256=i5HBLAjZB1TKAUrc6X7-Qbzr7QTQOwLplDu-ZnDzTUs,113444
 aws_cis_assessment/reporters/json_reporter.py,sha256=MObCzTc9nlGTEXeWc7P8tTMeKCpEaJNfcSYc79cHXhc,22250
-aws_cis_controls_assessment-1.0.8.dist-info/licenses/LICENSE,sha256=T_p0qKH4RoI3ejr3tktf3rx2Zart_9KeUmJd5iiqXW8,1079
+aws_cis_controls_assessment-1.0.9.dist-info/licenses/LICENSE,sha256=T_p0qKH4RoI3ejr3tktf3rx2Zart_9KeUmJd5iiqXW8,1079
 deprecation-package/aws_cis_assessment_deprecated/__init__.py,sha256=WOaufqanKNhvWQ3frj8e627tS_kZnyk2R2hwqPFqydw,1892
 docs/README.md,sha256=8UaAzc2pI1nhMFf_pGSFAf0UfeaM1MXw9X93IrN-z5A,4264
 docs/assessment-logic.md,sha256=7t1YPkLPI3-MpvF3cLpO4x4LeNMfM950-es4vn0W4Zc,27123
 docs/cli-reference.md,sha256=zyTacw3neOJ2lQmq8E7WPJUDGMIDgUzQCqutu0lJ3SY,17854
 docs/config-rule-mappings.md,sha256=Jk31ZqnSn1JAR3iXHlhGnVxVpPukVuCZtK4H58j08Nk,18508
 docs/developer-guide.md,sha256=uC0DvgmBoOQ2LnBNManTe_rdOccvjWbzvqd93huO4jE,31026
+docs/dual-scoring-implementation.md,sha256=n8xwurAAx4iOyCeITE9Anvz6W6YupejVYWt6ARtmmTY,8567
 docs/html-report-improvements.md,sha256=a0OzKvQC_KpcielntTHXMPObwulfWIDgBKnF66iaxp4,11432
 docs/installation.md,sha256=y_CQE44yE3ENeAcBANonJUqsl9pLQsGOX92tui-t2OU,9576
+docs/scoring-comparison-aws-config.md,sha256=8BBe1tQsaAT0BAE3OdGIRFjuT1VJcOlM1qBWFmZKaIo,11801
+docs/scoring-methodology.md,sha256=C86FisBxKt6pyr-Kp6rAVPz45yPZpgsGibjgq8obIsg,9404
 docs/troubleshooting.md,sha256=JcYw6qS9G9YsM0MxxxZUGfPZmmZBxDYTV8tAIK0Sa2U,13175
 docs/user-guide.md,sha256=4azuL1RWewtA2wRH0ejHkCvVKV3dBfyRJ28THahlmaA,10352
-aws_cis_controls_assessment-1.0.8.dist-info/METADATA,sha256=DI4dO_e0RTeeCL48Xil1V8oYTNk1hbg5GxwOebtUKJc,11406
-aws_cis_controls_assessment-1.0.8.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-aws_cis_controls_assessment-1.0.8.dist-info/entry_points.txt,sha256=-AxPn5Y7yau0pQh33F5_uyWfvcnm2Kg1_nMQuLrZ7SY,68
-aws_cis_controls_assessment-1.0.8.dist-info/top_level.txt,sha256=4OHmV6RAEWkz-Se50kfmuGCd-mUSotDZz3iLGF9CmkI,44
-aws_cis_controls_assessment-1.0.8.dist-info/RECORD,,
+aws_cis_controls_assessment-1.0.9.dist-info/METADATA,sha256=UjpUaAlo77AoGVHC8-okG5bo5DlWjwR7boXomQsPrKk,11809
+aws_cis_controls_assessment-1.0.9.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+aws_cis_controls_assessment-1.0.9.dist-info/entry_points.txt,sha256=-AxPn5Y7yau0pQh33F5_uyWfvcnm2Kg1_nMQuLrZ7SY,68
+aws_cis_controls_assessment-1.0.9.dist-info/top_level.txt,sha256=4OHmV6RAEWkz-Se50kfmuGCd-mUSotDZz3iLGF9CmkI,44
+aws_cis_controls_assessment-1.0.9.dist-info/RECORD,,