PyPI - aws-cis-controls-assessment - Versions diffs - 1.0.9__py3-none-any.whl → 1.0.10__py3-none-any.whl - Mend

aws-cis-controls-assessment 1.0.9py3-none-any.whl → 1.0.10py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

aws_cis_assessment/controls/ig2/__init__.py CHANGED Viewed

@@ -92,6 +92,13 @@ from .control_remaining_rules import (
     AuditLogPolicyExistsAssessment
 )
+# Import AWS Backup IG2 controls
+from .control_aws_backup_ig2 import (
+    BackupVaultLockCheckAssessment,
+    BackupReportPlanExistsCheckAssessment,
+    BackupRestoreTestingPlanExistsCheckAssessment
+)
 __all__ = [
     # Control 3.10 - Encrypt Sensitive Data in Transit
     'APIGatewaySSLEnabledAssessment',
@@ -165,6 +172,11 @@ __all__ = [
     'RestrictedCommonPortsAssessment',
     'AuditLogPolicyExistsAssessment',
+    # AWS Backup IG2 Controls
+    'BackupVaultLockCheckAssessment',
+    'BackupReportPlanExistsCheckAssessment',
+    'BackupRestoreTestingPlanExistsCheckAssessment',
     # Control 5.2 - Use Unique Passwords
     'MFAEnabledForIAMConsoleAccessAssessment',
     'RootAccountMFAEnabledAssessment',

aws_cis_assessment/controls/ig2/control_aws_backup_ig2.py ADDED Viewed

@@ -0,0 +1,23 @@
+"""AWS Backup Service Controls for IG2 - Advanced backup infrastructure assessment.
+This module implements IG2-level AWS Backup service controls that assess
+advanced backup capabilities like vault lock, reporting, and restore testing.
+Controls:
+- backup-vault-lock-check: Verifies vault lock (ransomware protection)
+- backup-report-plan-exists-check: Validates backup compliance reporting
+- backup-restore-testing-plan-exists-check: Ensures backups are recoverable
+"""
+# Import the IG2 controls from the IG1 module since they're all in the same file
+from aws_cis_assessment.controls.ig1.control_aws_backup_service import (
+    BackupVaultLockCheckAssessment,
+    BackupReportPlanExistsCheckAssessment,
+    BackupRestoreTestingPlanExistsCheckAssessment
+)
+__all__ = [
+    'BackupVaultLockCheckAssessment',
+    'BackupReportPlanExistsCheckAssessment',
+    'BackupRestoreTestingPlanExistsCheckAssessment'
+]

aws_cis_assessment/core/assessment_engine.py CHANGED Viewed

@@ -95,6 +95,11 @@ from aws_cis_assessment.controls.ig1.control_backup_recovery import (
     DBInstanceBackupEnabledAssessment, RedshiftBackupEnabledAssessment, DynamoDBPITREnabledAssessment,
     ElastiCacheRedisClusterAutomaticBackupCheckAssessment, S3BucketReplicationEnabledAssessment
 )
+from aws_cis_assessment.controls.ig1.control_aws_backup_service import (
+    BackupPlanMinFrequencyAndMinRetentionCheckAssessment,
+    BackupVaultAccessPolicyCheckAssessment,
+    BackupSelectionResourceCoverageCheckAssessment
+)
 from aws_cis_assessment.controls.ig1.control_s3_enhancements import (
     S3AccountLevelPublicAccessBlocksPeriodicAssessment, S3BucketPublicWriteProhibitedAssessment
 )
@@ -151,6 +156,11 @@ from aws_cis_assessment.controls.ig2.control_remaining_rules import (
     RedshiftEnhancedVPCRoutingEnabledAssessment, RestrictedCommonPortsAssessment,
     AuditLogPolicyExistsAssessment
 )
+from aws_cis_assessment.controls.ig2.control_aws_backup_ig2 import (
+    BackupVaultLockCheckAssessment,
+    BackupReportPlanExistsCheckAssessment,
+    BackupRestoreTestingPlanExistsCheckAssessment
+)
 from aws_cis_assessment.controls.ig3.control_3_14 import (
     APIGatewayExecutionLoggingEnabledAssessment, CloudTrailS3DataEventsEnabledAssessment,
     MultiRegionCloudTrailEnabledAssessment, CloudTrailCloudWatchLogsEnabledAssessment
@@ -412,6 +422,11 @@ class AssessmentEngine:
                 'elasticache-redis-cluster-automatic-backup-check': ElastiCacheRedisClusterAutomaticBackupCheckAssessment(),
                 's3-bucket-replication-enabled': S3BucketReplicationEnabledAssessment(),
+                # AWS Backup Service Controls (IG1)
+                'backup-plan-min-frequency-and-min-retention-check': BackupPlanMinFrequencyAndMinRetentionCheckAssessment(),
+                'backup-vault-access-policy-check': BackupVaultAccessPolicyCheckAssessment(),
+                'backup-selection-resource-coverage-check': BackupSelectionResourceCoverageCheckAssessment(),
                 # S3 Security Enhancements
                 's3-account-level-public-access-blocks-periodic': S3AccountLevelPublicAccessBlocksPeriodicAssessment(),
                 's3-bucket-public-write-prohibited': S3BucketPublicWriteProhibitedAssessment(),
@@ -488,6 +503,11 @@ class AssessmentEngine:
                 'redshift-enhanced-vpc-routing-enabled': RedshiftEnhancedVPCRoutingEnabledAssessment(),
                 'restricted-common-ports': RestrictedCommonPortsAssessment(),
                 'audit-log-policy-exists (Process check)': AuditLogPolicyExistsAssessment(),
+                # AWS Backup Service Controls (IG2)
+                'backup-vault-lock-check': BackupVaultLockCheckAssessment(),
+                'backup-report-plan-exists-check': BackupReportPlanExistsCheckAssessment(),
+                'backup-restore-testing-plan-exists-check': BackupRestoreTestingPlanExistsCheckAssessment(),
             },
             'IG3': {
                 # Control 3.14 - Sensitive Data Logging

{aws_cis_controls_assessment-1.0.9.dist-info → aws_cis_controls_assessment-1.0.10.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aws-cis-controls-assessment
-Version: 1.0.9
+Version: 1.0.10
 Summary: Production-ready AWS CIS Controls compliance assessment framework with 145 comprehensive rules
 Author-email: AWS CIS Assessment Team <security@example.com>
 Maintainer-email: AWS CIS Assessment Team <security@example.com>
@@ -57,19 +57,20 @@ Dynamic: license-file
 # AWS CIS Controls Compliance Assessment Framework
-A production-ready, enterprise-grade framework for evaluating AWS account configurations against CIS Controls Implementation Groups (IG1, IG2, IG3) using AWS Config rule specifications. **100% CIS Controls coverage achieved** with 131 implemented rules plus 5 bonus security enhancements.
+A production-ready, enterprise-grade framework for evaluating AWS account configurations against CIS Controls Implementation Groups (IG1, IG2, IG3) using AWS Config rule specifications. **100% CIS Controls coverage achieved** with 133 implemented rules plus 5 bonus security enhancements.
 > **Production Status**: This framework is production-ready and actively deployed in enterprise environments. It provides comprehensive point-in-time compliance assessments while we recommend [AWS Config](https://aws.amazon.com/config/) for ongoing continuous compliance monitoring and automated remediation.
 ## 🎯 Key Features
-- **✅ Complete Coverage**: 131/131 CIS Controls rules implemented (100% coverage)
+- **✅ Complete Coverage**: 137/137 CIS Controls rules implemented (100% coverage)
 - **✅ Dual Scoring System**: Both weighted and AWS Config-style scoring methodologies
 - **✅ Enterprise Ready**: Production-tested with enterprise-grade architecture
 - **✅ Performance Optimized**: Handles large-scale assessments efficiently
 - **✅ Multi-Format Reports**: JSON, HTML, and CSV with detailed remediation guidance
 - **✅ No AWS Config Required**: Direct AWS API calls based on Config rule specifications
 - **✅ Bonus Security Rules**: 5 additional security enhancements beyond CIS requirements
+- **✅ AWS Backup Controls**: 6 comprehensive backup infrastructure controls (3 IG1 + 3 IG2)
 ## 🚀 Quick Start
@@ -88,7 +89,7 @@ pip install -e .
 ### Basic Usage
 ```bash
-# Run complete assessment (all 136 rules) - defaults to us-east-1
+# Run complete assessment (all 142 rules) - defaults to us-east-1
 aws-cis-assess assess --aws-profile my-aws-profile
 # Assess multiple regions
@@ -109,19 +110,19 @@ aws-cis-assess assess --output-format json
 ## 📊 Implementation Groups Coverage
-### IG1 - Essential Cyber Hygiene (93 Rules) ✅
+### IG1 - Essential Cyber Hygiene (96 Rules) ✅
 **100% Coverage Achieved**
 - Asset Inventory and Management (6 rules)
 - Identity and Access Management (15 rules)
 - Data Protection and Encryption (8 rules)
 - Network Security Controls (20 rules)
 - Logging and Monitoring (13 rules)
-- Backup and Recovery (12 rules)
+- Backup and Recovery (17 rules) - **NEW: 6 AWS Backup service controls added (3 IG1 + 3 IG2)**
 - Security Services Integration (5 rules)
 - Configuration Management (9 rules)
 - Vulnerability Management (5 rules)
-### IG2 - Enhanced Security (+37 Rules) ✅
+### IG2 - Enhanced Security (+40 Rules) ✅
 **100% Coverage Achieved**
 - Advanced Encryption at Rest (6 rules)
 - Certificate Management (2 rules)
@@ -132,6 +133,7 @@ aws-cis-assess assess --output-format json
 - Network Segmentation (5 rules)
 - Auto-scaling Security (1 rule)
 - Enhanced Access Controls (8 rules)
+- AWS Backup Advanced Controls (3 rules) - **NEW: Vault lock, reporting, restore testing**
 ### IG3 - Advanced Security (+1 Rule) ✅
 **100% Coverage Achieved**
@@ -151,7 +153,7 @@ aws-cis-assess assess --output-format json
 ### Core Components
 - **Assessment Engine**: Orchestrates compliance evaluations across all AWS regions
-- **Control Assessments**: 136 individual rule implementations with robust error handling
+- **Control Assessments**: 138 individual rule implementations with robust error handling
 - **Scoring Engine**: Calculates compliance scores and generates executive metrics
 - **Reporting System**: Multi-format output with detailed remediation guidance
 - **Resource Management**: Optimized for enterprise-scale deployments with memory management
@@ -247,7 +249,48 @@ MIT License - see [LICENSE](LICENSE) file for details.
 ---
-**Framework Version**: 1.0.0+
-**CIS Controls Coverage**: 131/131 rules (100%) + 5 bonus rules
+**Framework Version**: 1.0.10 (in development)
+**CIS Controls Coverage**: 137/137 rules (100%) + 5 bonus rules
 **Production Status**: ✅ Ready for immediate enterprise deployment
 **Last Updated**: January 2026
+## 🆕 What's New in Version 1.0.10
+### AWS Backup Service Controls
+Six new controls added to assess AWS Backup infrastructure:
+**IG1 Controls (3)**:
+1. **backup-plan-min-frequency-and-min-retention-check** - Validates backup plans have appropriate frequency and retention policies
+   - Ensures backup plans have at least one rule defined
+   - Validates schedule expressions (cron or rate)
+   - Checks retention periods meet minimum requirements (default: 7 days)
+   - Validates lifecycle policies for cold storage transitions
+2. **backup-vault-access-policy-check** - Ensures backup vaults have secure access policies
+   - Detects publicly accessible backup vaults
+   - Identifies overly permissive access policies
+   - Warns about dangerous permissions (DeleteBackupVault, DeleteRecoveryPoint)
+   - Validates principle of least privilege
+3. **backup-selection-resource-coverage-check** - Validates backup plans cover critical resources
+   - Ensures backup plans have at least one selection
+   - Validates selections target specific resources or use tags
+   - Checks that selections are not empty
+**IG2 Controls (3)**:
+4. **backup-vault-lock-check** - Verifies vault lock for ransomware protection
+   - Ensures critical vaults have Vault Lock enabled
+   - Validates immutable backup configuration (WORM)
+   - Checks minimum and maximum retention periods
+5. **backup-report-plan-exists-check** - Validates backup compliance reporting
+   - Ensures at least one report plan exists
+   - Validates report delivery configuration
+   - Checks for active report generation
+6. **backup-restore-testing-plan-exists-check** - Ensures backups are recoverable
+   - Validates restore testing plans exist
+   - Checks testing schedules are configured
+   - Ensures backups are actually tested for recoverability
+These controls complement the existing 12 resource-specific backup controls by assessing the centralized AWS Backup service infrastructure itself. Total backup controls: 17 (12 resource-specific + 5 service-level). See [AWS Backup Controls Guide](docs/adding-aws-backup-controls.md) for detailed documentation.

{aws_cis_controls_assessment-1.0.9.dist-info → aws_cis_controls_assessment-1.0.10.dist-info}/RECORD RENAMED Viewed

@@ -1,16 +1,16 @@
-aws_cis_assessment/__init__.py,sha256=EO4JEYzH1KqBsVY47ECD1ctR40yddm7WEfZRGfctQf8,480
+aws_cis_assessment/__init__.py,sha256=Kf2-Oe7QXfomiClATeX3xR_SoB0Gl7eVtWLb5gayD1E,481
 aws_cis_assessment/cli/__init__.py,sha256=DYaGVAIoy5ucs9ubKQxX6Z3ZD46AGz9AaIaDQXzrzeY,100
 aws_cis_assessment/cli/examples.py,sha256=F9K2Fe297kUfwoq6Ine9Aj_IXNU-KwO9hd7SAPWeZHI,12884
 aws_cis_assessment/cli/main.py,sha256=i5QoqHXsPG_Kw0W7jM3Zj2YaAaCJnxxnfz82QBBHq-U,49441
 aws_cis_assessment/cli/utils.py,sha256=ufdsifIPIE9HKVZAvFXfeJgEk_aAmz01tDrEukVyL0g,9783
 aws_cis_assessment/config/__init__.py,sha256=aSQyaKGEQ7WgldC8IocY-YK7nduzfgjI6EuDE4Xti6s,77
 aws_cis_assessment/config/config_loader.py,sha256=Wk6gfblj8RWU5QctHjPu5tTJMIb8lbEW3Ic9z-se4uQ,13165
-aws_cis_assessment/config/rules/cis_controls_ig1.yaml,sha256=_fzD09kHEeriBmNp-6GPsuZZFFfoY4d-OiNexM8mbGA,28310
-aws_cis_assessment/config/rules/cis_controls_ig2.yaml,sha256=sMQXkLWFgpbVhfrjvGwwWnOj-5TKu-wTQPnOWveARns,18464
+aws_cis_assessment/config/rules/cis_controls_ig1.yaml,sha256=K6GDBnhqeHqATcgYYmJ816sOplpPfp8e7S3o7fAmzPM,32388
+aws_cis_assessment/config/rules/cis_controls_ig2.yaml,sha256=qt4zrmfeV-Lu8k06HxwCtSYqr5yZszFGN6LEYwa09w4,22102
 aws_cis_assessment/config/rules/cis_controls_ig3.yaml,sha256=YSghyCmwKF5UNZXdQQQNsaidQ95VDUgnwvh4jsV6kQU,4347
 aws_cis_assessment/controls/__init__.py,sha256=oVTM94UAt0Vu7Hy-V84p6LAxZHORs-RRAj9j86r_730,72
 aws_cis_assessment/controls/base_control.py,sha256=DpjRrYdz3FzpuU_WtbvtqUBRgEoMW7Qgah-iD5Y_HJI,17227
-aws_cis_assessment/controls/ig1/__init__.py,sha256=fbBhuwDcekiSJJ5hCm4W76Rb66QDhGj7NRtTSU8ZamE,7748
+aws_cis_assessment/controls/ig1/__init__.py,sha256=hV_Amiwd-6wcrQcSp8O_gTaqujiPkZ0BY20DdboTfkc,8411
 aws_cis_assessment/controls/ig1/control_1_1.py,sha256=MwxaFCayJmFrBeGrVyTcLUksrPqRHId76m2Du1Vuk4I,28070
 aws_cis_assessment/controls/ig1/control_2_2.py,sha256=yPp4aGGGzroAFqoTSaujjALSPq4jPxcaDiDIhwC11P0,11504
 aws_cis_assessment/controls/ig1/control_3_3.py,sha256=f4ZuiMR6qSXCmVwP3OflEeZn48qpzQqq0XfjZgbq3Go,35668
@@ -18,6 +18,7 @@ aws_cis_assessment/controls/ig1/control_3_4.py,sha256=Flw_cA8_Qxv8zuIbOWv6JAYUdj
 aws_cis_assessment/controls/ig1/control_4_1.py,sha256=-lIoa0XRGwiRdtG9L9f00Wud525FZbv3961bXMuiQIE,22362
 aws_cis_assessment/controls/ig1/control_access_keys.py,sha256=Hj3G0Qpwa2EcJE-u49nvADjbESZh9YClElfP4dWYQfk,14424
 aws_cis_assessment/controls/ig1/control_advanced_security.py,sha256=PNtPfqSKGu7UYDx6PccO8tVT5ZL6YmzeH45Cew_UjLM,24256
+aws_cis_assessment/controls/ig1/control_aws_backup_service.py,sha256=_bUc6x7jXhav0Cm5jfX0_tk1UOa8qoso2ND1-6xsPtI,54651
 aws_cis_assessment/controls/ig1/control_backup_recovery.py,sha256=Y5za_4lCZmA5MYhHp4OCGyL4z97cj6dbO0KfabQ5Hr0,21465
 aws_cis_assessment/controls/ig1/control_cloudtrail_logging.py,sha256=lQOjshW8BBymvzphtWuwg4wIyv6nH2mOSiogBe_Ejfo,8514
 aws_cis_assessment/controls/ig1/control_critical_security.py,sha256=1MVMkfOAWcH5ppFv7psZvJvcOtpww6Pl5WFXrMyN158,20942
@@ -31,11 +32,12 @@ aws_cis_assessment/controls/ig1/control_network_security.py,sha256=DyaXzpMuZ5Ba9
 aws_cis_assessment/controls/ig1/control_s3_enhancements.py,sha256=uP0Ko6cjTvmpg47vNtdaFgdjVPMS6Yjww-WZQIzvk8o,7759
 aws_cis_assessment/controls/ig1/control_s3_security.py,sha256=8vt2rnNPdgQrvO5Ds3yV74mQ7qkF0f_LpKqQLjg0AQc,18308
 aws_cis_assessment/controls/ig1/control_vpc_security.py,sha256=RCtBUozvdIPrXKFU0ssxjBF6A9l_HMcAbRv0K87Bbhc,10639
-aws_cis_assessment/controls/ig2/__init__.py,sha256=mMOtjYH_CcH-ioswgVLse4XOh-i_-TDoLenJbSxiuFQ,5985
+aws_cis_assessment/controls/ig2/__init__.py,sha256=GbrrOjhA-IXxxIMbL-H7zBZoUpO_ylSgAOiVMCe0_Hw,6359
 aws_cis_assessment/controls/ig2/control_3_10.py,sha256=xv2F85SB1Jd5g7HWZzrqGntTH3az8BbCcZLlDV2Di7g,33762
 aws_cis_assessment/controls/ig2/control_3_11.py,sha256=Xrn1PRWQp3kK3won-AieUMIweEPQAF3Sb4OcFsUTj2A,65245
 aws_cis_assessment/controls/ig2/control_5_2.py,sha256=5-3eHaltXP_UiMTlk3pLv4VafzBf41Vjh_8DpWfhqrw,19060
 aws_cis_assessment/controls/ig2/control_advanced_encryption.py,sha256=S3wU0f46FIc8e50fd4zvyrLe8J5j9Ryb94he32XWVdQ,14201
+aws_cis_assessment/controls/ig2/control_aws_backup_ig2.py,sha256=FApHDPLQFDvfyvCClbdQC-9ap6I6wpW1d6D85bvHmMQ,907
 aws_cis_assessment/controls/ig2/control_codebuild_security.py,sha256=k2f8Xh6l09o1rb3B_J412qDsHI_Y8to3Ap8FbTGQ05g,11517
 aws_cis_assessment/controls/ig2/control_encryption_rest.py,sha256=EQ2wK1uz9LWpZiep_kMB4zccg9keh0XMiy44fIKt49Q,18002
 aws_cis_assessment/controls/ig2/control_encryption_transit.py,sha256=g9BOuA9ovTDT2WZ18k0i4YiZoz_Fsovihth4Kd4rE9k,18801
@@ -50,7 +52,7 @@ aws_cis_assessment/controls/ig3/control_3_14.py,sha256=fY2MZATcicuP1Zich5L7J6-MM
 aws_cis_assessment/controls/ig3/control_7_1.py,sha256=GZQt0skGJVlUbGoH4MD5AoJJONf0nT9k7WQT-8F3le4,18499
 aws_cis_assessment/core/__init__.py,sha256=aXt5Z3mqaaDvFyZPyMaJYFy66A_phfFIhhH_eyaic8Q,52
 aws_cis_assessment/core/accuracy_validator.py,sha256=jnN2O32PpdDfWAp6erV4v4zKugC9ziJkDYnVF93FVuY,18386
-aws_cis_assessment/core/assessment_engine.py,sha256=-dxww7Qp-dww3pUmyLOBAt44U2CrcP_8WmhjFrJ8sMw,62509
+aws_cis_assessment/core/assessment_engine.py,sha256=oKJa7562YFHqijCjk-IJ0XXEBNlNDuBoagtouKE0e84,63682
 aws_cis_assessment/core/audit_trail.py,sha256=qapCkI2zjbAPHlHQcgYonfDYyjU2MoX5Sc2IXtYj3eE,18395
 aws_cis_assessment/core/aws_client_factory.py,sha256=1qTLfQ3fgPBH3mWRpX1_i3bbHlQQYsmSE8vsKxKTz8w,13143
 aws_cis_assessment/core/error_handler.py,sha256=5JgH3Y2yG1-ZSuEJR7o0ZMzqlwGWFRW2N4SjcL2gnBw,24219
@@ -61,22 +63,23 @@ aws_cis_assessment/reporters/base_reporter.py,sha256=joy_O4IL4Hs_qwAuPtl81GIPxLA
 aws_cis_assessment/reporters/csv_reporter.py,sha256=r83xzfP1t5AO9MfKawgN4eTeOU6eGZwJQgvNDLEd7NI,31419
 aws_cis_assessment/reporters/html_reporter.py,sha256=i5HBLAjZB1TKAUrc6X7-Qbzr7QTQOwLplDu-ZnDzTUs,113444
 aws_cis_assessment/reporters/json_reporter.py,sha256=MObCzTc9nlGTEXeWc7P8tTMeKCpEaJNfcSYc79cHXhc,22250
-aws_cis_controls_assessment-1.0.9.dist-info/licenses/LICENSE,sha256=T_p0qKH4RoI3ejr3tktf3rx2Zart_9KeUmJd5iiqXW8,1079
+aws_cis_controls_assessment-1.0.10.dist-info/licenses/LICENSE,sha256=T_p0qKH4RoI3ejr3tktf3rx2Zart_9KeUmJd5iiqXW8,1079
 deprecation-package/aws_cis_assessment_deprecated/__init__.py,sha256=WOaufqanKNhvWQ3frj8e627tS_kZnyk2R2hwqPFqydw,1892
-docs/README.md,sha256=8UaAzc2pI1nhMFf_pGSFAf0UfeaM1MXw9X93IrN-z5A,4264
-docs/assessment-logic.md,sha256=7t1YPkLPI3-MpvF3cLpO4x4LeNMfM950-es4vn0W4Zc,27123
-docs/cli-reference.md,sha256=zyTacw3neOJ2lQmq8E7WPJUDGMIDgUzQCqutu0lJ3SY,17854
-docs/config-rule-mappings.md,sha256=Jk31ZqnSn1JAR3iXHlhGnVxVpPukVuCZtK4H58j08Nk,18508
-docs/developer-guide.md,sha256=uC0DvgmBoOQ2LnBNManTe_rdOccvjWbzvqd93huO4jE,31026
+docs/README.md,sha256=MXnfbPRmxir-7ihG2lNmLI9TJG0Pp0QWqoDZtXiH_Mk,4912
+docs/adding-aws-backup-controls.md,sha256=l_H0H8W71n-6NbeplNujC_li2NiaQcYPr0hQMhEPbrc,21081
+docs/assessment-logic.md,sha256=necuK7Ufk7zusuoGq5FKjOv0Z6Ih6s4m-yfLaJCfRto,38908
+docs/cli-reference.md,sha256=a6u_153XcDq43bw_a5CF53I9yklDxgAJ1vTG5f-5HZs,17854
+docs/config-rule-mappings.md,sha256=IT4O5wsD0WyuTi6YLqgVZi30ZTvIyUfINf9LEzLBLr8,21755
+docs/developer-guide.md,sha256=SqT2VEwDyIcLRcIn9BmM5J-V0qN9ctPa2JZ6wxvnqvo,43935
 docs/dual-scoring-implementation.md,sha256=n8xwurAAx4iOyCeITE9Anvz6W6YupejVYWt6ARtmmTY,8567
 docs/html-report-improvements.md,sha256=a0OzKvQC_KpcielntTHXMPObwulfWIDgBKnF66iaxp4,11432
-docs/installation.md,sha256=y_CQE44yE3ENeAcBANonJUqsl9pLQsGOX92tui-t2OU,9576
+docs/installation.md,sha256=GAyHN3LseuN2dRogemnwGaDo-Udp0V23KUd_m-9SrJQ,9576
 docs/scoring-comparison-aws-config.md,sha256=8BBe1tQsaAT0BAE3OdGIRFjuT1VJcOlM1qBWFmZKaIo,11801
 docs/scoring-methodology.md,sha256=C86FisBxKt6pyr-Kp6rAVPz45yPZpgsGibjgq8obIsg,9404
-docs/troubleshooting.md,sha256=JcYw6qS9G9YsM0MxxxZUGfPZmmZBxDYTV8tAIK0Sa2U,13175
-docs/user-guide.md,sha256=4azuL1RWewtA2wRH0ejHkCvVKV3dBfyRJ28THahlmaA,10352
-aws_cis_controls_assessment-1.0.9.dist-info/METADATA,sha256=UjpUaAlo77AoGVHC8-okG5bo5DlWjwR7boXomQsPrKk,11809
-aws_cis_controls_assessment-1.0.9.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-aws_cis_controls_assessment-1.0.9.dist-info/entry_points.txt,sha256=-AxPn5Y7yau0pQh33F5_uyWfvcnm2Kg1_nMQuLrZ7SY,68
-aws_cis_controls_assessment-1.0.9.dist-info/top_level.txt,sha256=4OHmV6RAEWkz-Se50kfmuGCd-mUSotDZz3iLGF9CmkI,44
-aws_cis_controls_assessment-1.0.9.dist-info/RECORD,,
+docs/troubleshooting.md,sha256=mGmWgrc3A1dn-Uk_XxWFh04OQxjmqkeax8vQX7takg0,18220
+docs/user-guide.md,sha256=lBDgU40tIPstOdNx4YqVkPTIDntn4o2y2tr2CPQt7b8,11942
+aws_cis_controls_assessment-1.0.10.dist-info/METADATA,sha256=JCDYrRLJz3PXZflczN6RPUwkPn7RPiO-hdW6WSfYBAg,14191
+aws_cis_controls_assessment-1.0.10.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+aws_cis_controls_assessment-1.0.10.dist-info/entry_points.txt,sha256=-AxPn5Y7yau0pQh33F5_uyWfvcnm2Kg1_nMQuLrZ7SY,68
+aws_cis_controls_assessment-1.0.10.dist-info/top_level.txt,sha256=4OHmV6RAEWkz-Se50kfmuGCd-mUSotDZz3iLGF9CmkI,44
+aws_cis_controls_assessment-1.0.10.dist-info/RECORD,,

docs/README.md CHANGED Viewed

@@ -2,6 +2,15 @@
 Welcome to the comprehensive documentation for the AWS CIS Controls Compliance Assessment Framework. This production-ready, enterprise-grade framework evaluates AWS account security posture against CIS Controls Implementation Groups (IG1, IG2, IG3) using AWS Config rule specifications without requiring AWS Config to be enabled.
+## 🆕 Latest Updates (Version 1.0.10)
+### New AWS Backup Service Controls
+Two new controls added to assess AWS Backup infrastructure security:
+- **backup-plan-min-frequency-and-min-retention-check** - Validates backup plan policies
+- **backup-vault-access-policy-check** - Ensures backup vault security
+See the [AWS Backup Controls Guide](adding-aws-backup-controls.md) for detailed documentation.
 ## Documentation Structure
 ### User Documentation
@@ -15,6 +24,7 @@ Welcome to the comprehensive documentation for the AWS CIS Controls Compliance A
 - **[Assessment Logic](assessment-logic.md)** - Detailed assessment logic documentation
 - **[Config Rule Mappings](config-rule-mappings.md)** - Complete mapping of CIS Controls to AWS Config rules
 - **[HTML Report Improvements](html-report-improvements.md)** - Enhanced HTML report features and customization
+- **[AWS Backup Controls Guide](adding-aws-backup-controls.md)** - **NEW:** Comprehensive guide for AWS Backup service controls
 ## Quick Start
@@ -25,16 +35,17 @@ Welcome to the comprehensive documentation for the AWS CIS Controls Compliance A
 ## Key Features
-- **✅ Complete Coverage**: 136 AWS Config rules (131 CIS Controls + 5 bonus security rules)
+- **✅ Complete Coverage**: 138 AWS Config rules (133 CIS Controls + 5 bonus security rules)
 - **✅ Production Ready**: Enterprise-tested with comprehensive error handling
 - **✅ Performance Optimized**: Handles large-scale assessments efficiently
 - **✅ Multiple Output Formats**: JSON, HTML, and CSV reports with detailed remediation guidance
 - **✅ No AWS Config Required**: Direct AWS API calls based on Config rule specifications
 - **✅ Enterprise Architecture**: Scalable, maintainable framework with audit trails
+- **✅ AWS Backup Controls**: Comprehensive backup infrastructure assessment
 ## Implementation Groups Overview
-### IG1 - Essential Cyber Hygiene (93 Config Rules) ✅
+### IG1 - Essential Cyber Hygiene (95 Config Rules) ✅
 **100% Coverage Achieved**
 Foundational safeguards for all enterprises:
 - Asset Inventory and Management (6 rules)
@@ -42,7 +53,7 @@ Foundational safeguards for all enterprises:
 - Data Protection and Encryption (8 rules)
 - Network Security Controls (20 rules)
 - Logging and Monitoring (13 rules)
-- Backup and Recovery (12 rules)
+- Backup and Recovery (14 rules) - **NEW: AWS Backup service controls**
 - Security Services Integration (5 rules)
 - Configuration Management (9 rules)
 - Vulnerability Management (5 rules)

aws-cis-controls-assessment 1.0.9__py3-none-any.whl → 1.0.10__py3-none-any.whl

aws-cis-controls-assessment 1.0.9py3-none-any.whl → 1.0.10py3-none-any.whl