aws-cis-controls-assessment 1.1.1__py3-none-any.whl → 1.1.3__py3-none-any.whl

aws_cis_assessment/__init__.py

@@ -6,6 +6,6 @@ CIS Controls Implementation Groups (IG1, IG2, IG3). Implements 163 comprehensive
 across all implementation groups for complete security compliance assessment.
 """
 
-__version__ = "1.1.1"
+__version__ = "1.1.3"
 __author__ = "AWS CIS Assessment Team"
 __description__ = "Production-ready AWS CIS Controls Compliance Assessment Framework"

aws_cis_assessment/controls/ig1/control_cloudtrail_logging.py

@@ -39,8 +39,9 @@ class CloudTrailEnabledAssessment(BaseConfigRuleAssessment):
         try:
             cloudtrail_client = aws_factory.get_client('cloudtrail', region)
             
-            # Get all trails in this region
-            response = cloudtrail_client.describe_trails()
+            # Get all trails in this region, excluding shadow trails
+            # Shadow trails are replications from other regions or organization trails
+            response = cloudtrail_client.describe_trails(includeShadowTrails=False)
             trails = response.get('trailList', [])
             
             # Get trail status for each trail
@@ -48,6 +49,13 @@ class CloudTrailEnabledAssessment(BaseConfigRuleAssessment):
             for trail in trails:
                 trail_name = trail.get('Name', '')
                 trail_arn = trail.get('TrailARN', '')
+                home_region = trail.get('HomeRegion', '')
+                
+                # Skip shadow trails (trails from other regions or organization trails)
+                # These are indicated by HomeRegion being different from current region
+                if home_region and home_region != region:
+                    logger.debug(f"Skipping shadow trail {trail_name} (home region: {home_region}, current region: {region})")
+                    continue
                 
                 try:
                     # Get trail status
@@ -66,14 +74,22 @@ class CloudTrailEnabledAssessment(BaseConfigRuleAssessment):
                         'TrailARN': trail_arn,
                         'IsLogging': is_logging,
                         'IsMultiRegionTrail': trail.get('IsMultiRegionTrail', False),
+                        'IsOrganizationTrail': trail.get('IsOrganizationTrail', False),
                         'IncludeGlobalServiceEvents': trail.get('IncludeGlobalServiceEvents', False),
                         'S3BucketName': trail.get('S3BucketName', ''),
+                        'HomeRegion': home_region,
                         'EventSelectors': event_selectors,
                         'Region': region
                     })
                     
                 except ClientError as e:
-                    logger.warning(f"Error getting status for trail {trail_name}: {e}")
+                    error_code = e.response.get('Error', {}).get('Code', '')
+                    
+                    # Only log warning for unexpected errors, not for shadow trails
+                    if error_code == 'TrailNotFoundException':
+                        logger.debug(f"Trail {trail_name} not found in {region} - likely a shadow trail or deleted trail")
+                    else:
+                        logger.warning(f"Error getting status for trail {trail_name}: {e}")
                     continue
             
             # Return account-level resource with trail information
@@ -100,13 +116,33 @@ class CloudTrailEnabledAssessment(BaseConfigRuleAssessment):
         if has_active_trails:
             # Check for at least one properly configured trail
             active_trails = [trail for trail in trails if trail['IsLogging']]
-            trail_names = [trail['TrailName'] for trail in active_trails]
+            
+            # Categorize trails
+            org_trails = [t for t in active_trails if t.get('IsOrganizationTrail', False)]
+            multi_region_trails = [t for t in active_trails if t.get('IsMultiRegionTrail', False)]
+            regional_trails = [t for t in active_trails if not t.get('IsMultiRegionTrail', False)]
+            
+            # Build detailed reason
+            trail_details = []
+            for trail in active_trails:
+                trail_type = []
+                if trail.get('IsOrganizationTrail', False):
+                    trail_type.append("organization")
+                if trail.get('IsMultiRegionTrail', False):
+                    trail_type.append("multi-region")
+                else:
+                    trail_type.append("regional")
+                
+                trail_info = f"{trail['TrailName']} ({', '.join(trail_type)})"
+                trail_details.append(trail_info)
+            
+            reason = f"CloudTrail is enabled with {len(active_trails)} active trail(s): {', '.join(trail_details)}"
             
             return ComplianceResult(
                 resource_id=account_id,
                 resource_type="AWS::::Account",
                 compliance_status=ComplianceStatus.COMPLIANT,
-                evaluation_reason=f"CloudTrail is enabled with {len(active_trails)} active trail(s): {', '.join(trail_names)}",
+                evaluation_reason=reason,
                 config_rule_name=self.rule_name,
                 region=region
             )
@@ -115,7 +151,7 @@ class CloudTrailEnabledAssessment(BaseConfigRuleAssessment):
                 resource_id=account_id,
                 resource_type="AWS::::Account",
                 compliance_status=ComplianceStatus.NON_COMPLIANT,
-                evaluation_reason="CloudTrail is not enabled or no trails are actively logging",
+                evaluation_reason="CloudTrail is not enabled or no trails are actively logging in this region",
                 config_rule_name=self.rule_name,
                 region=region
             )

aws_cis_assessment/reporters/html_reporter.py

@@ -274,6 +274,8 @@ class HTMLReporter(ReportGenerator):
     def _generate_html_body(self, html_data: Dict[str, Any]) -> str:
         """Generate HTML body section with content.
         
+        Modified in v1.1.2 to remove Detailed Findings and Remediation sections.
+        
         Args:
             html_data: Enhanced HTML report data
             
@@ -285,9 +287,7 @@ class HTMLReporter(ReportGenerator):
         navigation = self._generate_navigation(html_data)
         executive_dashboard = self._generate_executive_dashboard(html_data)
         implementation_groups = self._generate_implementation_groups_section(html_data)
-        detailed_findings = self._generate_detailed_findings_section(html_data)
         resource_details = self._generate_resource_details_section(html_data)
-        remediation_section = self._generate_remediation_section(html_data)
         footer = self._generate_footer(html_data)
         
         body_content = f"""<body>
@@ -296,9 +296,7 @@ class HTMLReporter(ReportGenerator):
         {navigation}
         {executive_dashboard}
         {implementation_groups}
-        {detailed_findings}
         {resource_details}
-        {remediation_section}
         {footer}
     </div>
     
@@ -771,9 +769,9 @@ class HTMLReporter(ReportGenerator):
             background-color: #2c3e50;
         }
         
-        /* Resource ID column width constraint */
+        /* Resource ID column width constraint - increased to 220px in v1.1.2 */
         .resource-table td:first-child {
-            max-width: 200px;
+            max-width: 220px;
             overflow: hidden;
             text-overflow: ellipsis;
             white-space: nowrap;
@@ -785,6 +783,20 @@ class HTMLReporter(ReportGenerator):
             word-wrap: break-word;
         }
         
+        /* Resource Type column width constraint - added in v1.1.2 (reduced by 20%) */
+        .resource-table td:nth-child(2) {
+            max-width: 150px;
+            overflow: hidden;
+            text-overflow: ellipsis;
+            white-space: nowrap;
+        }
+        
+        .resource-table td:nth-child(2):hover {
+            overflow: visible;
+            white-space: normal;
+            word-wrap: break-word;
+        }
+        
         /* Visual frames around each resource row */
         .resource-row {
             border: 1px solid #e0e0e0;
@@ -1487,11 +1499,12 @@ class HTMLReporter(ReportGenerator):
             window.URL.revokeObjectURL(url);
         }}
         
-        // Resource filtering functionality
+        // Resource filtering functionality (updated in v1.1.2 to support Control filter)
         function filterResources() {{
             const searchTerm = document.getElementById('resourceSearch').value.toLowerCase();
             const statusFilter = document.getElementById('statusFilter').value;
             const typeFilter = document.getElementById('typeFilter').value;
+            const controlFilter = document.getElementById('controlFilter').value;
             const rows = document.querySelectorAll('#resourceTable tbody tr');
             
             rows.forEach(function(row) {{
@@ -1500,6 +1513,7 @@ class HTMLReporter(ReportGenerator):
                 const resourceType = cells[1].textContent;
                 const status = cells[3].textContent.includes('COMPLIANT') ? 
                     (cells[3].textContent.includes('NON_COMPLIANT') ? 'NON_COMPLIANT' : 'COMPLIANT') : 'NON_COMPLIANT';
+                const controlId = cells[4].textContent;
                 const evaluationReason = cells[6].textContent.toLowerCase();
                 
                 const matchesSearch = resourceId.includes(searchTerm) || 
@@ -1507,8 +1521,9 @@ class HTMLReporter(ReportGenerator):
                                     evaluationReason.includes(searchTerm);
                 const matchesStatus = !statusFilter || status === statusFilter;
                 const matchesType = !typeFilter || resourceType === typeFilter;
+                const matchesControl = !controlFilter || controlId === controlFilter;
                 
-                row.style.display = (matchesSearch && matchesStatus && matchesType) ? '' : 'none';
+                row.style.display = (matchesSearch && matchesStatus && matchesType && matchesControl) ? '' : 'none';
             }});
         }}
         
@@ -1538,21 +1553,78 @@ class HTMLReporter(ReportGenerator):
             }});
         }}
         
-        // Export resources to CSV
+        // Export resources to CSV (updated in v1.1.2 with ARN, aggregate filtering, and port truncation)
         function exportResourcesToCSV() {{
             const table = document.getElementById('resourceTable');
             const rows = table.querySelectorAll('tr');
             let csvContent = '';
             
-            rows.forEach(function(row) {{
+            // Excluded aggregate row IDs (v1.1.2)
+            const excludedIds = ['5631', '6460', '629'];
+            
+            // Helper function to truncate port lists (v1.1.2)
+            function truncatePortList(text) {{
+                // Match port list patterns like [0, 1, 2, 3, ...]
+                const portListRegex = /\\[(\\d+(?:,\\s*\\d+)*)\\]/g;
+                
+                return text.replace(portListRegex, function(match, ports) {{
+                    const portArray = ports.split(',').map(p => p.trim());
+                    if (portArray.length > 10) {{
+                        const truncated = portArray.slice(0, 10).join(', ');
+                        return `[${{truncated}}, ...]`;
+                    }}
+                    return match;
+                }});
+            }}
+            
+            rows.forEach(function(row, index) {{
                 const cells = row.querySelectorAll('th, td');
-                const rowData = Array.from(cells).map(cell => 
-                    '"' + cell.textContent.replace(/"/g, '""').replace(/\\s+/g, ' ').trim() + '"'
-                ).join(',');
-                csvContent += rowData + '\\n';
+                
+                // Handle header row - change "Resource ID" to "Resource ARN"
+                if (index === 0) {{
+                    const headerData = Array.from(cells).map((cell, cellIndex) => {{
+                        let headerText = cell.textContent.replace(/\\s+/g, ' ').trim();
+                        // Replace "Resource ID" with "Resource ARN" in header
+                        if (cellIndex === 0 && headerText.includes('Resource ID')) {{
+                            headerText = headerText.replace('Resource ID', 'Resource ARN');
+                        }}
+                        return '"' + headerText.replace(/"/g, '""') + '"';
+                    }}).join(',');
+                    csvContent += headerData + '\\n';
+                }} else if (cells.length > 0) {{
+                    // Get resource ID to check if it should be excluded
+                    const resourceIdCell = cells[0];
+                    const resourceId = resourceIdCell.textContent.replace(/\\s+/g, ' ').trim();
+                    
+                    // Skip aggregate rows (v1.1.2)
+                    if (excludedIds.includes(resourceId)) {{
+                        return;
+                    }}
+                    
+                    // Get ARN from data attribute or fall back to resource ID
+                    const resourceArn = resourceIdCell.getAttribute('data-arn') || resourceId;
+                    
+                    const rowData = Array.from(cells).map((cell, cellIndex) => {{
+                        let cellText = cell.textContent.replace(/\\s+/g, ' ').trim();
+                        
+                        // Use ARN for first column instead of Resource ID (v1.1.2)
+                        if (cellIndex === 0) {{
+                            cellText = resourceArn;
+                        }}
+                        
+                        // Apply port list truncation to evaluation reason column (v1.1.2)
+                        if (cellIndex === 6) {{
+                            cellText = truncatePortList(cellText);
+                        }}
+                        
+                        return '"' + cellText.replace(/"/g, '""') + '"';
+                    }}).join(',');
+                    csvContent += rowData + '\\n';
+                }}
             }});
             
-            const blob = new Blob([csvContent], {{ type: 'text/csv' }});
+            // Add UTF-8 BOM to ensure proper encoding in Excel and other tools
+            const blob = new Blob(['\ufeff' + csvContent], {{ type: 'text/csv;charset=utf-8;' }});
             const url = window.URL.createObjectURL(blob);
             const a = document.createElement('a');
             a.href = url;
@@ -1849,161 +1921,7 @@ class HTMLReporter(ReportGenerator):
         </section>
         """
     
-    def _generate_detailed_findings_section(self, html_data: Dict[str, Any]) -> str:
-        """Generate detailed findings section.
-        
-        This method consolidates findings by control ID only (not by IG) to eliminate
-        duplication. Each control appears once with IG membership indicators.
-        
-        Args:
-            html_data: Enhanced HTML report data
-            
-        Returns:
-            Detailed findings HTML as string
-        """
-        # Consolidate findings by control ID (deduplicated across IGs)
-        consolidated_findings = self._consolidate_findings_by_control(
-            html_data.get("implementation_groups", {})
-        )
-        
-        findings_content = ""
-        
-        # Generate findings grouped by control ID only (sorted alphanumerically)
-        for control_id, control_data in consolidated_findings.items():
-            findings = control_data.get('findings', [])
-            
-            # Skip if no non-compliant findings
-            if not findings:
-                continue
-            
-            # Get control metadata
-            config_rule_name = control_data.get('config_rule_name', '')
-            title = control_data.get('title', f'CIS Control {control_id}')
-            member_igs = control_data.get('member_igs', [])
-            
-            # Format display name for collapsible header
-            display_name = self._format_control_display_name(control_id, config_rule_name, title)
-            
-            # Generate IG membership badges
-            ig_badges_html = ""
-            for ig in member_igs:
-                badge_class = self._get_ig_badge_class(ig)
-                ig_badges_html += f'<span class="ig-membership-badge {badge_class}">{ig}</span>'
-            
-            # Generate findings table rows
-            findings_rows = ""
-            for finding in findings:
-                if finding.get("compliance_status") == "NON_COMPLIANT":
-                    findings_rows += f"""
-                    <tr>
-                        <td>{finding.get('resource_id', 'N/A')}</td>
-                        <td>{finding.get('resource_type', 'N/A')}</td>
-                        <td>{finding.get('region', 'N/A')}</td>
-                        <td><span class="badge {finding.get('compliance_status', '').lower()}">{finding.get('compliance_status', 'UNKNOWN')}</span></td>
-                        <td>{finding.get('evaluation_reason', 'N/A')}</td>
-                        <td>{finding.get('config_rule_name', config_rule_name)}</td>
-                    </tr>
-                    """
-            
-            # Only add control section if there are non-compliant findings
-            if findings_rows:
-                non_compliant_count = len([f for f in findings if f.get('compliance_status') == 'NON_COMPLIANT'])
-                
-                findings_content += f"""
-                <div class="control-findings-section">
-                    <button class="collapsible">
-                        <span class="control-display-name">{display_name}</span>
-                        <span class="findings-count"> - Non-Compliant Resources ({non_compliant_count} items)</span>
-                    </button>
-                    <div class="collapsible-content">
-                        <div class="ig-membership-badges" style="margin-bottom: 15px;">
-                            <strong>Implementation Groups:</strong> {ig_badges_html}
-                        </div>
-                        <table class="findings-table">
-                            <thead>
-                                <tr>
-                                    <th>Resource ID</th>
-                                    <th>Resource Type</th>
-                                    <th>Region</th>
-                                    <th>Compliance Status</th>
-                                    <th>Reason</th>
-                                    <th>Config Rule</th>
-                                </tr>
-                            </thead>
-                            <tbody>
-                                {findings_rows}
-                            </tbody>
-                        </table>
-                    </div>
-                </div>
-                """
-        
-        return f"""
-        <section id="detailed-findings" class="detailed-findings">
-            <h2>Detailed Findings</h2>
-            <p class="section-description">
-                Findings are grouped by control ID and deduplicated across Implementation Groups. 
-                Each control shows which IGs include it.
-            </p>
-            <div class="search-container">
-                <input type="text" placeholder="Search findings..." onkeyup="searchFindings(this.value)" style="width: 100%; padding: 10px; margin-bottom: 20px; border: 1px solid #ddd; border-radius: 5px;">
-            </div>
-            {findings_content if findings_content else '<p>No non-compliant findings to display.</p>'}
-        </section>
-        """
     
-    def _generate_remediation_section(self, html_data: Dict[str, Any]) -> str:
-        """Generate remediation section.
-        
-        Args:
-            html_data: Enhanced HTML report data
-            
-        Returns:
-            Remediation HTML as string
-        """
-        remediation_items = ""
-        
-        for remediation in html_data["remediation_priorities"]:
-            steps_html = ""
-            for step in remediation["remediation_steps"]:
-                steps_html += f"<li>{step}</li>"
-            
-            # Normalize priority and effort text to proper capitalization
-            priority_text = remediation['priority'].capitalize()
-            effort_text = remediation['estimated_effort'].capitalize()
-            
-            remediation_items += f"""
-            <div class="remediation-item">
-                <div class="remediation-header">
-                    <div>
-                        <h4>{remediation['control_id']} - {remediation['config_rule_name']}</h4>
-                    </div>
-                    <div class="remediation-badges">
-                        <span class="badge {remediation['priority_badge']}">{priority_text}</span>
-                        <span class="badge {remediation['effort_badge']}">{effort_text}</span>
-                    </div>
-                </div>
-                <div class="remediation-content">
-                    <h5>Remediation Steps:</h5>
-                    <ol>
-                        {steps_html}
-                    </ol>
-                    <p><strong>Documentation:</strong> <a href="{remediation['aws_documentation_link']}" target="_blank">AWS Documentation</a></p>
-                </div>
-            </div>
-            """
-        
-        return f"""
-        <section id="remediation" class="remediation">
-            <h2>Remediation Priorities</h2>
-            <div class="remediation-list">
-                {remediation_items}
-            </div>
-            <div class="export-actions">
-                <button onclick="exportToCSV()" class="export-btn">Export Findings to CSV</button>
-            </div>
-        </section>
-        """
     
     def _generate_footer(self, html_data: Dict[str, Any]) -> str:
         """Generate footer section.
@@ -2038,7 +1956,7 @@ class HTMLReporter(ReportGenerator):
                 </div>
             </div>
             <div class="footer-bottom">
-                <p>&copy; 2024 AWS CIS Assessment Tool. Generated with HTML Reporter v{html_data.get('report_version', '1.0')}</p>
+                <p>&copy; {datetime.now().year} AWS CIS Assessment Tool. Generated with HTML Reporter v{html_data.get('report_version', '1.1.2')}</p>
             </div>
         </footer>
         """
@@ -2109,6 +2027,8 @@ class HTMLReporter(ReportGenerator):
     def _build_navigation_structure(self, html_data: Dict[str, Any]) -> Dict[str, Any]:
         """Build navigation structure for the report.
         
+        Modified in v1.1.2 to remove Detailed Findings and Remediation sections.
+        
         Args:
             html_data: Enhanced HTML report data
             
@@ -2119,9 +2039,7 @@ class HTMLReporter(ReportGenerator):
             "sections": [
                 {"id": "dashboard", "title": "Dashboard"},
                 {"id": "implementation-groups", "title": "Implementation Groups"},
-                {"id": "detailed-findings", "title": "Detailed Findings"},
-                {"id": "resource-details", "title": "Resource Details"},
-                {"id": "remediation", "title": "Remediation"}
+                {"id": "resource-details", "title": "Resource Details"}
             ]
         }
     
@@ -2592,16 +2510,21 @@ class HTMLReporter(ReportGenerator):
         resource_rows = ""
         for resource in all_resources:
             status_class = "compliant" if resource["compliance_status"] == "COMPLIANT" else "non_compliant"
-            status_icon = "✓" if resource["compliance_status"] == "COMPLIANT" else "✗"
+            status_text = "COMPLIANT" if resource["compliance_status"] == "COMPLIANT" else "NON_COMPLIANT"
+            
+            # Construct pseudo-ARN for CSV export (v1.1.2)
+            # Format: arn:aws:service:region:account:resource-type/resource-id
+            # Since we don't have account ID in resource data, we'll use a placeholder
+            resource_arn = f"arn:aws:{resource['resource_type'].split('::')[1].lower() if '::' in resource['resource_type'] else 'unknown'}:{resource['region']}:*:{resource['resource_id']}"
             
             resource_rows += f"""
             <tr class="resource-row {status_class}">
-                <td><code>{resource['resource_id']}</code></td>
+                <td data-arn="{resource_arn}"><code>{resource['resource_id']}</code></td>
                 <td>{resource['resource_type']}</td>
                 <td>{resource['region']}</td>
                 <td>
                     <span class="badge {status_class}">
-                        {status_icon} {resource['compliance_status']}
+                        {status_text}
                     </span>
                 </td>
                 <td>{resource['control_id']}</td>
@@ -2616,6 +2539,12 @@ class HTMLReporter(ReportGenerator):
         non_compliant_resources = total_resources - compliant_resources
         compliance_percentage = (compliant_resources / total_resources * 100) if total_resources > 0 else 0
         
+        # Extract unique Control IDs for filter dropdown (v1.1.2)
+        unique_control_ids = sorted(set(r["control_id"] for r in all_resources), key=self._sort_control_id)
+        control_filter_options = ""
+        for control_id in unique_control_ids:
+            control_filter_options += f'<option value="{control_id}">{control_id}</option>'
+        
         # Generate resource type breakdown
         resource_type_stats = {}
         for resource in all_resources:
@@ -2689,17 +2618,21 @@ class HTMLReporter(ReportGenerator):
                         <option value="">All Types</option>
                         {self._generate_resource_type_options(resource_type_stats)}
                     </select>
+                    <select id="controlFilter" onchange="filterResources()" class="filter-select">
+                        <option value="">All Controls</option>
+                        {control_filter_options}
+                    </select>
                 </div>
                 
                 <table class="findings-table resource-table" id="resourceTable">
                     <thead>
                         <tr>
-                            <th onclick="sortResourceTable(0)">Resource ID ↕</th>
-                            <th onclick="sortResourceTable(1)">Resource Type ↕</th>
-                            <th onclick="sortResourceTable(2)">Region ↕</th>
-                            <th onclick="sortResourceTable(3)">Status ↕</th>
-                            <th onclick="sortResourceTable(4)">Control ↕</th>
-                            <th onclick="sortResourceTable(5)">Config Rule ↕</th>
+                            <th onclick="sortResourceTable(0)">Resource ID</th>
+                            <th onclick="sortResourceTable(1)">Resource Type</th>
+                            <th onclick="sortResourceTable(2)">Region</th>
+                            <th onclick="sortResourceTable(3)">Status</th>
+                            <th onclick="sortResourceTable(4)">Control</th>
+                            <th onclick="sortResourceTable(5)">Config Rule</th>
                             <th>Evaluation Details</th>
                         </tr>
                     </thead>
@@ -2859,6 +2792,8 @@ class HTMLReporter(ReportGenerator):
         Enriches control data with additional fields needed for improved display,
         including formatted names, IG membership badges, and truncation indicators.
         
+        Modified in v1.1.2 to remove duplicate Control ID prefix from display names.
+        
         Args:
             control_data: Existing control data dictionary
             control_id: Control identifier (e.g., "1.5")
@@ -2867,7 +2802,7 @@ class HTMLReporter(ReportGenerator):
             
         Returns:
             Enhanced control data with additional fields:
-            - display_name: Formatted name combining control ID and rule name
+            - display_name: Formatted name without duplicate Control ID prefix
             - originating_ig: Which IG introduced this control (IG1, IG2, or IG3)
             - ig_badge_class: CSS class for IG badge styling
             - needs_truncation: Boolean indicating if display name exceeds 50 characters
@@ -2884,7 +2819,7 @@ class HTMLReporter(ReportGenerator):
             Output enriched data (includes all input fields plus):
             {
                 ...original fields...,
-                'display_name': '1.5: root-account-hardware-mfa-enabled',
+                'display_name': 'root-account-hardware-mfa-enabled',  # No "1.5:" prefix
                 'originating_ig': 'IG1',
                 'ig_badge_class': 'ig-badge-1',
                 'needs_truncation': False
@@ -2895,16 +2830,25 @@ class HTMLReporter(ReportGenerator):
             - Truncation threshold is 50 characters
             - Gracefully handles missing config_rule_name
             - Originating IG is determined by checking IG1, IG2, IG3 in order
+            - v1.1.2: Removes duplicate Control ID prefix from display names
         """
         enriched = control_data.copy()
         
         # Format display name
-        enriched['display_name'] = self._format_control_display_name(
+        display_name = self._format_control_display_name(
             control_id,
             control_data.get('config_rule_name', ''),
             control_data.get('title')
         )
         
+        # Remove duplicate Control ID prefix if present (v1.1.2 improvement)
+        # Check if display_name starts with "control_id: "
+        prefix = f"{control_id}: "
+        if display_name.startswith(prefix):
+            display_name = display_name[len(prefix):]
+        
+        enriched['display_name'] = display_name
+        
         # Determine originating IG (which IG introduced this control)
         originating_ig = self._determine_originating_ig(control_id, all_igs)
         enriched['originating_ig'] = originating_ig

{aws_cis_controls_assessment-1.1.1.dist-info → aws_cis_controls_assessment-1.1.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aws-cis-controls-assessment
-Version: 1.1.1
+Version: 1.1.3
 Summary: Production-ready AWS CIS Controls compliance assessment framework with 145 comprehensive rules
 Author-email: AWS CIS Assessment Team <security@example.com>
 Maintainer-email: AWS CIS Assessment Team <security@example.com>

{aws_cis_controls_assessment-1.1.1.dist-info → aws_cis_controls_assessment-1.1.3.dist-info}/RECORD

@@ -1,4 +1,4 @@
-aws_cis_assessment/__init__.py,sha256=ICafcznKTUU2j4VAbZ6-yjWXSQZGQRYzpzY7NIZ_23U,480
+aws_cis_assessment/__init__.py,sha256=rJ8zffZgftMUnbpp_ElI6Lxf5RyebWV_n33Rmzn4rYQ,480
 aws_cis_assessment/cli/__init__.py,sha256=DYaGVAIoy5ucs9ubKQxX6Z3ZD46AGz9AaIaDQXzrzeY,100
 aws_cis_assessment/cli/examples.py,sha256=F9K2Fe297kUfwoq6Ine9Aj_IXNU-KwO9hd7SAPWeZHI,12884
 aws_cis_assessment/cli/main.py,sha256=i5QoqHXsPG_Kw0W7jM3Zj2YaAaCJnxxnfz82QBBHq-U,49441
@@ -20,7 +20,7 @@ aws_cis_assessment/controls/ig1/control_access_keys.py,sha256=Hj3G0Qpwa2EcJE-u49
 aws_cis_assessment/controls/ig1/control_advanced_security.py,sha256=PNtPfqSKGu7UYDx6PccO8tVT5ZL6YmzeH45Cew_UjLM,24256
 aws_cis_assessment/controls/ig1/control_aws_backup_service.py,sha256=_bUc6x7jXhav0Cm5jfX0_tk1UOa8qoso2ND1-6xsPtI,54651
 aws_cis_assessment/controls/ig1/control_backup_recovery.py,sha256=Y5za_4lCZmA5MYhHp4OCGyL4z97cj6dbO0KfabQ5Hr0,21465
-aws_cis_assessment/controls/ig1/control_cloudtrail_logging.py,sha256=lQOjshW8BBymvzphtWuwg4wIyv6nH2mOSiogBe_Ejfo,8514
+aws_cis_assessment/controls/ig1/control_cloudtrail_logging.py,sha256=Y2KEIHcf7cDj_lbdNWk6WHrKvls79zJnpGXyKEoJ-CU,10567
 aws_cis_assessment/controls/ig1/control_critical_security.py,sha256=1MVMkfOAWcH5ppFv7psZvJvcOtpww6Pl5WFXrMyN158,20942
 aws_cis_assessment/controls/ig1/control_data_protection.py,sha256=-EDT-d0IcYpdv4cYSNfsSKwX7YzKZ9MiVY18-6YHcVE,44216
 aws_cis_assessment/controls/ig1/control_iam_advanced.py,sha256=FQA_8IV5CyD_49u0eLN8q-JM50g1-tilDu9Ww_R3o9s,27694
@@ -63,9 +63,9 @@ aws_cis_assessment/core/scoring_engine.py,sha256=ylx2urk_DxGzU_LZB0ip-qtUzOh4yu0
 aws_cis_assessment/reporters/__init__.py,sha256=GXdlY08kKy1Y3mMBv8Y0JuUB69u--e5DIu2jNJpc6QI,357
 aws_cis_assessment/reporters/base_reporter.py,sha256=joy_O4IL4Hs_qwAuPtl81GIPxLAbUAMFKiF8r5si2aw,18082
 aws_cis_assessment/reporters/csv_reporter.py,sha256=r83xzfP1t5AO9MfKawgN4eTeOU6eGZwJQgvNDLEd7NI,31419
-aws_cis_assessment/reporters/html_reporter.py,sha256=H5LkcaXbzArNNO-CLJT5oXMSNccxU58L-ba_Q769Yhs,118310
+aws_cis_assessment/reporters/html_reporter.py,sha256=aAobXO3gsfE2ZmOhimNiRbvUad4DkXZQAbGPw_KHXhs,116399
 aws_cis_assessment/reporters/json_reporter.py,sha256=MObCzTc9nlGTEXeWc7P8tTMeKCpEaJNfcSYc79cHXhc,22250
-aws_cis_controls_assessment-1.1.1.dist-info/licenses/LICENSE,sha256=T_p0qKH4RoI3ejr3tktf3rx2Zart_9KeUmJd5iiqXW8,1079
+aws_cis_controls_assessment-1.1.3.dist-info/licenses/LICENSE,sha256=T_p0qKH4RoI3ejr3tktf3rx2Zart_9KeUmJd5iiqXW8,1079
 deprecation-package/aws_cis_assessment_deprecated/__init__.py,sha256=WOaufqanKNhvWQ3frj8e627tS_kZnyk2R2hwqPFqydw,1892
 docs/README.md,sha256=MXnfbPRmxir-7ihG2lNmLI9TJG0Pp0QWqoDZtXiH_Mk,4912
 docs/adding-aws-backup-controls.md,sha256=l_H0H8W71n-6NbeplNujC_li2NiaQcYPr0hQMhEPbrc,21081
@@ -80,8 +80,8 @@ docs/scoring-comparison-aws-config.md,sha256=8BBe1tQsaAT0BAE3OdGIRFjuT1VJcOlM1qB
 docs/scoring-methodology.md,sha256=C86FisBxKt6pyr-Kp6rAVPz45yPZpgsGibjgq8obIsg,9404
 docs/troubleshooting.md,sha256=mGmWgrc3A1dn-Uk_XxWFh04OQxjmqkeax8vQX7takg0,18220
 docs/user-guide.md,sha256=lBDgU40tIPstOdNx4YqVkPTIDntn4o2y2tr2CPQt7b8,11942
-aws_cis_controls_assessment-1.1.1.dist-info/METADATA,sha256=gXpUI7yboznt4qn6KmVKtKSZVVO9In29KhHqrokOqZo,21383
-aws_cis_controls_assessment-1.1.1.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-aws_cis_controls_assessment-1.1.1.dist-info/entry_points.txt,sha256=-AxPn5Y7yau0pQh33F5_uyWfvcnm2Kg1_nMQuLrZ7SY,68
-aws_cis_controls_assessment-1.1.1.dist-info/top_level.txt,sha256=4OHmV6RAEWkz-Se50kfmuGCd-mUSotDZz3iLGF9CmkI,44
-aws_cis_controls_assessment-1.1.1.dist-info/RECORD,,
+aws_cis_controls_assessment-1.1.3.dist-info/METADATA,sha256=NllvhMBOmpsLo01qt7FQxXcHWAd4rJWkgP6QTQYZMog,21383
+aws_cis_controls_assessment-1.1.3.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+aws_cis_controls_assessment-1.1.3.dist-info/entry_points.txt,sha256=-AxPn5Y7yau0pQh33F5_uyWfvcnm2Kg1_nMQuLrZ7SY,68
+aws_cis_controls_assessment-1.1.3.dist-info/top_level.txt,sha256=4OHmV6RAEWkz-Se50kfmuGCd-mUSotDZz3iLGF9CmkI,44
+aws_cis_controls_assessment-1.1.3.dist-info/RECORD,,