prowler-cloud 5.13.1__py3-none-any.whl → 5.14.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dashboard/__main__.py +2 -1
- dashboard/compliance/c5_azure.py +43 -0
- dashboard/compliance/fedramp_20x_ksi_low_aws.py +46 -0
- dashboard/compliance/fedramp_20x_ksi_low_azure.py +46 -0
- dashboard/compliance/fedramp_20x_ksi_low_gcp.py +46 -0
- dashboard/compliance/hipaa_gcp.py +25 -0
- dashboard/compliance/nist_csf_2_0_aws.py +24 -0
- dashboard/compliance/prowler_threatscore_kubernetes.py +28 -0
- prowler/AGENTS.md +366 -0
- prowler/CHANGELOG.md +85 -2
- prowler/__main__.py +54 -7
- prowler/compliance/aws/ens_rd2022_aws.json +1 -1
- prowler/compliance/aws/fedramp_20x_ksi_low_aws.json +347 -0
- prowler/compliance/aws/nis2_aws.json +1 -1
- prowler/compliance/aws/nist_csf_2.0_aws.json +1781 -0
- prowler/compliance/azure/c5_azure.json +9471 -0
- prowler/compliance/azure/ens_rd2022_azure.json +1 -1
- prowler/compliance/azure/fedramp_20x_ksi_low_azure.json +358 -0
- prowler/compliance/azure/nis2_azure.json +1 -1
- prowler/compliance/gcp/c5_gcp.json +9401 -0
- prowler/compliance/gcp/ens_rd2022_gcp.json +1 -1
- prowler/compliance/gcp/fedramp_20x_ksi_low_gcp.json +293 -0
- prowler/compliance/gcp/hipaa_gcp.json +415 -0
- prowler/compliance/gcp/nis2_gcp.json +1 -1
- prowler/compliance/github/cis_1.0_github.json +6 -2
- prowler/compliance/kubernetes/prowler_threatscore_kubernetes.json +1269 -0
- prowler/compliance/m365/prowler_threatscore_m365.json +6 -6
- prowler/compliance/{oci/cis_3.0_oci.json → oraclecloud/cis_3.0_oraclecloud.json} +1 -1
- prowler/config/config.py +59 -5
- prowler/config/config.yaml +3 -0
- prowler/lib/check/check.py +1 -9
- prowler/lib/check/checks_loader.py +65 -1
- prowler/lib/check/models.py +12 -2
- prowler/lib/check/utils.py +1 -7
- prowler/lib/cli/parser.py +17 -7
- prowler/lib/mutelist/mutelist.py +15 -7
- prowler/lib/outputs/compliance/c5/c5_azure.py +92 -0
- prowler/lib/outputs/compliance/c5/c5_gcp.py +92 -0
- prowler/lib/outputs/compliance/c5/models.py +54 -0
- prowler/lib/outputs/compliance/cis/{cis_oci.py → cis_oraclecloud.py} +7 -7
- prowler/lib/outputs/compliance/cis/models.py +3 -3
- prowler/lib/outputs/compliance/prowler_threatscore/models.py +29 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_kubernetes.py +98 -0
- prowler/lib/outputs/finding.py +16 -5
- prowler/lib/outputs/html/html.py +10 -8
- prowler/lib/outputs/outputs.py +1 -1
- prowler/lib/outputs/summary_table.py +1 -1
- prowler/lib/powershell/powershell.py +12 -11
- prowler/lib/scan/scan.py +105 -24
- prowler/lib/utils/utils.py +1 -1
- prowler/providers/aws/aws_regions_by_service.json +73 -15
- prowler/providers/aws/lib/quick_inventory/quick_inventory.py +1 -1
- prowler/providers/aws/lib/security_hub/security_hub.py +1 -1
- prowler/providers/aws/services/account/account_service.py +1 -1
- prowler/providers/aws/services/awslambda/awslambda_function_using_supported_runtimes/awslambda_function_using_supported_runtimes.metadata.json +1 -3
- prowler/providers/aws/services/cloudwatch/cloudwatch_alarm_actions_alarm_state_configured/cloudwatch_alarm_actions_alarm_state_configured.metadata.json +23 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_alarm_actions_enabled/cloudwatch_alarm_actions_enabled.metadata.json +21 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.metadata.json +23 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.metadata.json +24 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.metadata.json +21 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.metadata.json +17 -11
- prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.metadata.json +20 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled.metadata.json +22 -13
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs.metadata.json +22 -17
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_not_publicly_accessible/cloudwatch_log_group_not_publicly_accessible.metadata.json +18 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled.metadata.json +27 -13
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.metadata.json +20 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.metadata.json +22 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.metadata.json +25 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.metadata.json +23 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.metadata.json +17 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.metadata.json +21 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.metadata.json +21 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.metadata.json +27 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.metadata.json +22 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.metadata.json +26 -12
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.metadata.json +25 -12
- prowler/providers/aws/services/codeartifact/codeartifact_packages_external_public_publishing_disabled/codeartifact_packages_external_public_publishing_disabled.metadata.json +20 -11
- prowler/providers/aws/services/codebuild/codebuild_project_logging_enabled/codebuild_project_logging_enabled.metadata.json +22 -12
- prowler/providers/aws/services/codebuild/codebuild_project_no_secrets_in_variables/codebuild_project_no_secrets_in_variables.metadata.json +28 -12
- prowler/providers/aws/services/codebuild/codebuild_project_not_publicly_accessible/codebuild_project_not_publicly_accessible.metadata.json +22 -12
- prowler/providers/aws/services/codebuild/codebuild_project_older_90_days/codebuild_project_older_90_days.metadata.json +15 -10
- prowler/providers/aws/services/codebuild/codebuild_project_s3_logs_encrypted/codebuild_project_s3_logs_encrypted.metadata.json +19 -11
- prowler/providers/aws/services/codebuild/codebuild_project_source_repo_url_no_sensitive_credentials/codebuild_project_source_repo_url_no_sensitive_credentials.metadata.json +21 -12
- prowler/providers/aws/services/codebuild/codebuild_project_user_controlled_buildspec/codebuild_project_user_controlled_buildspec.metadata.json +19 -12
- prowler/providers/aws/services/codebuild/codebuild_project_uses_allowed_github_organizations/codebuild_project_uses_allowed_github_organizations.metadata.json +24 -13
- prowler/providers/aws/services/codebuild/codebuild_report_group_export_encrypted/codebuild_report_group_export_encrypted.metadata.json +35 -13
- prowler/providers/aws/services/codepipeline/__init__.py +0 -0
- prowler/providers/aws/services/codepipeline/codepipeline_client.py +6 -0
- prowler/providers/aws/services/codepipeline/codepipeline_project_repo_private/__init__.py +0 -0
- prowler/providers/aws/services/codepipeline/codepipeline_project_repo_private/codepipeline_project_repo_private.metadata.json +30 -0
- prowler/providers/aws/services/codepipeline/codepipeline_project_repo_private/codepipeline_project_repo_private.py +95 -0
- prowler/providers/aws/services/codepipeline/codepipeline_service.py +164 -0
- prowler/providers/aws/services/directconnect/directconnect_connection_redundancy/directconnect_connection_redundancy.metadata.json +18 -12
- prowler/providers/aws/services/directconnect/directconnect_virtual_interface_redundancy/directconnect_virtual_interface_redundancy.metadata.json +18 -12
- prowler/providers/aws/services/documentdb/documentdb_cluster_backup_enabled/documentdb_cluster_backup_enabled.metadata.json +24 -13
- prowler/providers/aws/services/documentdb/documentdb_cluster_cloudwatch_log_export/documentdb_cluster_cloudwatch_log_export.metadata.json +23 -13
- prowler/providers/aws/services/documentdb/documentdb_cluster_deletion_protection/documentdb_cluster_deletion_protection.metadata.json +24 -13
- prowler/providers/aws/services/documentdb/documentdb_cluster_multi_az_enabled/documentdb_cluster_multi_az_enabled.metadata.json +19 -13
- prowler/providers/aws/services/documentdb/documentdb_cluster_public_snapshot/documentdb_cluster_public_snapshot.metadata.json +20 -10
- prowler/providers/aws/services/documentdb/documentdb_cluster_storage_encrypted/documentdb_cluster_storage_encrypted.metadata.json +26 -13
- prowler/providers/aws/services/drs/drs_job_exist/drs_job_exist.metadata.json +20 -10
- prowler/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled.metadata.json +18 -11
- prowler/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_in_transit_encryption_enabled/dynamodb_accelerator_cluster_in_transit_encryption_enabled.metadata.json +16 -11
- prowler/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_multi_az/dynamodb_accelerator_cluster_multi_az.metadata.json +21 -13
- prowler/providers/aws/services/dynamodb/dynamodb_table_autoscaling_enabled/dynamodb_table_autoscaling_enabled.metadata.json +20 -12
- prowler/providers/aws/services/dynamodb/dynamodb_table_cross_account_access/dynamodb_table_cross_account_access.metadata.json +17 -10
- prowler/providers/aws/services/dynamodb/dynamodb_table_deletion_protection_enabled/dynamodb_table_deletion_protection_enabled.metadata.json +21 -13
- prowler/providers/aws/services/dynamodb/dynamodb_table_protected_by_backup_plan/dynamodb_table_protected_by_backup_plan.metadata.json +18 -12
- prowler/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled.metadata.json +18 -12
- prowler/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled.metadata.json +19 -12
- prowler/providers/aws/services/ecr/ecr_registry_scan_images_on_push_enabled/ecr_registry_scan_images_on_push_enabled.metadata.json +16 -11
- prowler/providers/aws/services/ecr/ecr_repositories_lifecycle_policy_enabled/ecr_repositories_lifecycle_policy_enabled.metadata.json +22 -13
- prowler/providers/aws/services/ecr/ecr_repositories_not_publicly_accessible/ecr_repositories_not_publicly_accessible.metadata.json +19 -13
- prowler/providers/aws/services/ecr/ecr_repositories_scan_images_on_push_enabled/ecr_repositories_scan_images_on_push_enabled.metadata.json +21 -13
- prowler/providers/aws/services/ecr/ecr_repositories_scan_vulnerabilities_in_latest_image/ecr_repositories_scan_vulnerabilities_in_latest_image.metadata.json +22 -12
- prowler/providers/aws/services/ecr/ecr_repositories_tag_immutability/ecr_repositories_tag_immutability.metadata.json +20 -12
- prowler/providers/aws/services/ecs/ecs_cluster_container_insights_enabled/ecs_cluster_container_insights_enabled.metadata.json +21 -11
- prowler/providers/aws/services/ecs/ecs_service_fargate_latest_platform_version/ecs_service_fargate_latest_platform_version.metadata.json +20 -11
- prowler/providers/aws/services/ecs/ecs_service_no_assign_public_ip/ecs_service_no_assign_public_ip.metadata.json +18 -12
- prowler/providers/aws/services/ecs/ecs_task_definitions_containers_readonly_access/ecs_task_definitions_containers_readonly_access.metadata.json +20 -13
- prowler/providers/aws/services/ecs/ecs_task_definitions_host_namespace_not_shared/ecs_task_definitions_host_namespace_not_shared.metadata.json +21 -13
- prowler/providers/aws/services/ecs/ecs_task_definitions_host_networking_mode_users/ecs_task_definitions_host_networking_mode_users.metadata.json +26 -13
- prowler/providers/aws/services/ecs/ecs_task_definitions_logging_block_mode/ecs_task_definitions_logging_block_mode.metadata.json +19 -12
- prowler/providers/aws/services/ecs/ecs_task_definitions_logging_enabled/ecs_task_definitions_logging_enabled.metadata.json +18 -12
- prowler/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.metadata.json +16 -12
- prowler/providers/aws/services/ecs/ecs_task_definitions_no_privileged_containers/ecs_task_definitions_no_privileged_containers.metadata.json +21 -14
- prowler/providers/aws/services/ecs/ecs_task_set_no_assign_public_ip/ecs_task_set_no_assign_public_ip.metadata.json +19 -13
- prowler/providers/aws/services/eks/eks_cluster_deletion_protection_enabled/eks_cluster_deletion_protection_enabled.metadata.json +20 -13
- prowler/providers/aws/services/eks/eks_cluster_kms_cmk_encryption_in_secrets_enabled/eks_cluster_kms_cmk_encryption_in_secrets_enabled.metadata.json +20 -13
- prowler/providers/aws/services/eks/eks_cluster_network_policy_enabled/eks_cluster_network_policy_enabled.metadata.json +20 -14
- prowler/providers/aws/services/eks/eks_cluster_not_publicly_accessible/eks_cluster_not_publicly_accessible.metadata.json +22 -13
- prowler/providers/aws/services/eks/eks_cluster_private_nodes_enabled/eks_cluster_private_nodes_enabled.metadata.json +19 -13
- prowler/providers/aws/services/eks/eks_cluster_uses_a_supported_version/eks_cluster_uses_a_supported_version.metadata.json +21 -12
- prowler/providers/aws/services/eks/eks_control_plane_logging_all_types_enabled/eks_control_plane_logging_all_types_enabled.metadata.json +20 -13
- prowler/providers/aws/services/elasticache/elasticache_cluster_uses_public_subnet/elasticache_cluster_uses_public_subnet.metadata.json +20 -12
- prowler/providers/aws/services/elasticache/elasticache_redis_cluster_auto_minor_version_upgrades/elasticache_redis_cluster_auto_minor_version_upgrades.metadata.json +21 -12
- prowler/providers/aws/services/elasticache/elasticache_redis_cluster_automatic_failover_enabled/elasticache_redis_cluster_automatic_failover_enabled.metadata.json +20 -13
- prowler/providers/aws/services/elasticache/elasticache_redis_cluster_backup_enabled/elasticache_redis_cluster_backup_enabled.metadata.json +23 -13
- prowler/providers/aws/services/elasticache/elasticache_redis_cluster_in_transit_encryption_enabled/elasticache_redis_cluster_in_transit_encryption_enabled.metadata.json +21 -12
- prowler/providers/aws/services/elasticache/elasticache_redis_cluster_multi_az_enabled/elasticache_redis_cluster_multi_az_enabled.metadata.json +22 -14
- prowler/providers/aws/services/elasticache/elasticache_redis_cluster_rest_encryption_enabled/elasticache_redis_cluster_rest_encryption_enabled.metadata.json +20 -11
- prowler/providers/aws/services/elasticache/elasticache_redis_replication_group_auth_enabled/elasticache_redis_replication_group_auth_enabled.metadata.json +23 -13
- prowler/providers/aws/services/elasticbeanstalk/elasticbeanstalk_environment_cloudwatch_logging_enabled/elasticbeanstalk_environment_cloudwatch_logging_enabled.metadata.json +18 -12
- prowler/providers/aws/services/elasticbeanstalk/elasticbeanstalk_environment_enhanced_health_reporting/elasticbeanstalk_environment_enhanced_health_reporting.metadata.json +17 -12
- prowler/providers/aws/services/elasticbeanstalk/elasticbeanstalk_environment_managed_updates_enabled/elasticbeanstalk_environment_managed_updates_enabled.metadata.json +17 -11
- prowler/providers/aws/services/elb/elb_connection_draining_enabled/elb_connection_draining_enabled.metadata.json +22 -13
- prowler/providers/aws/services/elb/elb_cross_zone_load_balancing_enabled/elb_cross_zone_load_balancing_enabled.metadata.json +24 -13
- prowler/providers/aws/services/elb/elb_desync_mitigation_mode/elb_desync_mitigation_mode.metadata.json +20 -11
- prowler/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers.metadata.json +20 -10
- prowler/providers/aws/services/elb/elb_internet_facing/elb_internet_facing.metadata.json +20 -11
- prowler/providers/aws/services/elb/elb_is_in_multiple_az/elb_is_in_multiple_az.metadata.json +20 -12
- prowler/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.metadata.json +19 -12
- prowler/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners.metadata.json +19 -11
- prowler/providers/aws/services/elb/elb_ssl_listeners_use_acm_certificate/elb_ssl_listeners_use_acm_certificate.metadata.json +17 -12
- prowler/providers/aws/services/elbv2/elbv2_cross_zone_load_balancing_enabled/elbv2_cross_zone_load_balancing_enabled.metadata.json +21 -13
- prowler/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection.metadata.json +19 -11
- prowler/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode.metadata.json +21 -12
- prowler/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers.metadata.json +18 -11
- prowler/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing.metadata.json +17 -10
- prowler/providers/aws/services/elbv2/elbv2_is_in_multiple_az/elbv2_is_in_multiple_az.metadata.json +22 -13
- prowler/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath.metadata.json +18 -12
- prowler/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled.metadata.json +17 -12
- prowler/providers/aws/services/elbv2/elbv2_nlb_tls_termination_enabled/elbv2_nlb_tls_termination_enabled.metadata.json +18 -11
- prowler/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners.metadata.json +18 -12
- prowler/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached.metadata.json +16 -11
- prowler/providers/aws/services/emr/emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled.metadata.json +21 -13
- prowler/providers/aws/services/emr/emr_cluster_master_nodes_no_public_ip/emr_cluster_master_nodes_no_public_ip.metadata.json +24 -11
- prowler/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible.metadata.json +18 -11
- prowler/providers/aws/services/eventbridge/eventbridge_bus_cross_account_access/eventbridge_bus_cross_account_access.metadata.json +26 -13
- prowler/providers/aws/services/eventbridge/eventbridge_bus_exposed/eventbridge_bus_exposed.metadata.json +21 -11
- prowler/providers/aws/services/eventbridge/eventbridge_global_endpoint_event_replication_enabled/eventbridge_global_endpoint_event_replication_enabled.metadata.json +24 -13
- prowler/providers/aws/services/eventbridge/eventbridge_schema_registry_cross_account_access/eventbridge_schema_registry_cross_account_access.metadata.json +26 -14
- prowler/providers/aws/services/firehose/firehose_stream_encrypted_at_rest/firehose_stream_encrypted_at_rest.metadata.json +26 -15
- prowler/providers/aws/services/firehose/firehose_stream_encrypted_at_rest/firehose_stream_encrypted_at_rest.py +15 -16
- prowler/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant.metadata.json +23 -11
- prowler/providers/aws/services/fsx/fsx_file_system_copy_tags_to_backups_enabled/fsx_file_system_copy_tags_to_backups_enabled.metadata.json +19 -12
- prowler/providers/aws/services/fsx/fsx_file_system_copy_tags_to_volumes_enabled/fsx_file_system_copy_tags_to_volumes_enabled.metadata.json +17 -12
- prowler/providers/aws/services/fsx/fsx_windows_file_system_multi_az_enabled/fsx_windows_file_system_multi_az_enabled.metadata.json +22 -13
- prowler/providers/aws/services/glacier/glacier_vaults_policy_public_access/glacier_vaults_policy_public_access.metadata.json +21 -12
- prowler/providers/aws/services/iam/lib/policy.py +24 -16
- prowler/providers/aws/services/kinesis/kinesis_stream_data_retention_period/kinesis_stream_data_retention_period.metadata.json +21 -13
- prowler/providers/aws/services/kinesis/kinesis_stream_encrypted_at_rest/kinesis_stream_encrypted_at_rest.metadata.json +22 -13
- prowler/providers/azure/services/cosmosdb/cosmosdb_service.py +7 -2
- prowler/providers/azure/services/defender/defender_service.py +4 -2
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/__init__.py +0 -0
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled.metadata.json +36 -0
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled.py +43 -0
- prowler/providers/azure/services/postgresql/postgresql_service.py +66 -9
- prowler/providers/azure/services/storage/storage_service.py +13 -4
- prowler/providers/azure/services/vm/vm_service.py +4 -7
- prowler/providers/common/arguments.py +19 -16
- prowler/providers/common/provider.py +2 -18
- prowler/providers/gcp/services/artifacts/artifacts_container_analysis_enabled/artifacts_container_analysis_enabled.metadata.json +16 -15
- prowler/providers/gcp/services/cloudresourcemanager/cloudresourcemanager_service.py +30 -4
- prowler/providers/gcp/services/cloudstorage/cloudstorage_audit_logs_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_audit_logs_enabled/cloudstorage_audit_logs_enabled.metadata.json +36 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_audit_logs_enabled/cloudstorage_audit_logs_enabled.py +61 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_log_retention_policy_lock/cloudstorage_bucket_log_retention_policy_lock.metadata.json +12 -9
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_log_retention_policy_lock/cloudstorage_bucket_log_retention_policy_lock.py +10 -3
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_logging_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_logging_enabled/cloudstorage_bucket_logging_enabled.metadata.json +36 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_logging_enabled/cloudstorage_bucket_logging_enabled.py +40 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_soft_delete_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_soft_delete_enabled/cloudstorage_bucket_soft_delete_enabled.metadata.json +36 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_soft_delete_enabled/cloudstorage_bucket_soft_delete_enabled.py +31 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_sufficient_retention_period/__init__.py +0 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_sufficient_retention_period/cloudstorage_bucket_sufficient_retention_period.metadata.json +35 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_sufficient_retention_period/cloudstorage_bucket_sufficient_retention_period.py +55 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_versioning_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_versioning_enabled/cloudstorage_bucket_versioning_enabled.metadata.json +36 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_versioning_enabled/cloudstorage_bucket_versioning_enabled.py +30 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_service.py +48 -2
- prowler/providers/github/services/organization/organization_default_repository_permission_strict/__init__.py +0 -0
- prowler/providers/github/services/organization/organization_default_repository_permission_strict/organization_default_repository_permission_strict.metadata.json +35 -0
- prowler/providers/github/services/organization/organization_default_repository_permission_strict/organization_default_repository_permission_strict.py +36 -0
- prowler/providers/github/services/organization/organization_members_mfa_required/organization_members_mfa_required.metadata.json +14 -8
- prowler/providers/github/services/organization/organization_repository_creation_limited/__init__.py +0 -0
- prowler/providers/github/services/organization/organization_repository_creation_limited/organization_repository_creation_limited.metadata.json +30 -0
- prowler/providers/github/services/organization/organization_repository_creation_limited/organization_repository_creation_limited.py +106 -0
- prowler/providers/github/services/organization/organization_service.py +84 -10
- prowler/providers/iac/iac_provider.py +279 -55
- prowler/providers/kubernetes/services/etcd/etcd_client_cert_auth/etcd_client_cert_auth.metadata.json +18 -13
- prowler/providers/kubernetes/services/etcd/etcd_no_auto_tls/etcd_no_auto_tls.metadata.json +16 -11
- prowler/providers/kubernetes/services/etcd/etcd_no_peer_auto_tls/etcd_no_peer_auto_tls.metadata.json +16 -11
- prowler/providers/kubernetes/services/etcd/etcd_peer_client_cert_auth/etcd_peer_client_cert_auth.metadata.json +18 -13
- prowler/providers/kubernetes/services/etcd/etcd_peer_tls_config/etcd_peer_tls_config.metadata.json +16 -12
- prowler/providers/kubernetes/services/etcd/etcd_tls_encryption/etcd_tls_encryption.metadata.json +16 -11
- prowler/providers/kubernetes/services/etcd/etcd_unique_ca/etcd_unique_ca.metadata.json +16 -10
- prowler/providers/m365/lib/powershell/m365_powershell.py +80 -93
- prowler/providers/m365/m365_provider.py +1 -6
- prowler/providers/mongodbatlas/exceptions/exceptions.py +16 -0
- prowler/providers/mongodbatlas/mongodbatlas_provider.py +15 -3
- prowler/providers/mongodbatlas/services/projects/projects_auditing_enabled/projects_auditing_enabled.metadata.json +20 -9
- prowler/providers/mongodbatlas/services/projects/projects_network_access_list_exposed_to_internet/projects_network_access_list_exposed_to_internet.metadata.json +14 -9
- prowler/providers/oraclecloud/lib/arguments/arguments.py +4 -13
- prowler/providers/oraclecloud/lib/service/service.py +3 -3
- prowler/providers/oraclecloud/{oci_provider.py → oraclecloud_provider.py} +15 -15
- prowler/providers/oraclecloud/services/analytics/analytics_instance_access_restricted/analytics_instance_access_restricted.metadata.json +20 -16
- prowler/providers/oraclecloud/services/audit/audit_log_retention_period_365_days/audit_log_retention_period_365_days.metadata.json +17 -17
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_block_volume_encrypted_with_cmk/blockstorage_block_volume_encrypted_with_cmk.metadata.json +17 -19
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_boot_volume_encrypted_with_cmk/blockstorage_boot_volume_encrypted_with_cmk.metadata.json +18 -18
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_enabled/cloudguard_enabled.metadata.json +17 -18
- prowler/providers/oraclecloud/services/compute/compute_instance_in_transit_encryption_enabled/compute_instance_in_transit_encryption_enabled.metadata.json +1 -1
- prowler/providers/oraclecloud/services/compute/compute_instance_legacy_metadata_endpoint_disabled/compute_instance_legacy_metadata_endpoint_disabled.metadata.json +1 -1
- prowler/providers/oraclecloud/services/compute/compute_instance_secure_boot_enabled/compute_instance_secure_boot_enabled.metadata.json +1 -1
- prowler/providers/oraclecloud/services/database/database_autonomous_database_access_restricted/database_autonomous_database_access_restricted.metadata.json +1 -1
- prowler/providers/oraclecloud/services/events/events_notification_topic_and_subscription_exists/events_notification_topic_and_subscription_exists.metadata.json +1 -1
- prowler/providers/oraclecloud/services/events/events_rule_cloudguard_problems/events_rule_cloudguard_problems.metadata.json +1 -1
- prowler/providers/oraclecloud/services/events/events_rule_iam_group_changes/events_rule_iam_group_changes.metadata.json +1 -1
- prowler/providers/oraclecloud/services/events/events_rule_iam_policy_changes/events_rule_iam_policy_changes.metadata.json +1 -1
- prowler/providers/oraclecloud/services/events/events_rule_identity_provider_changes/events_rule_identity_provider_changes.metadata.json +1 -1
- prowler/providers/oraclecloud/services/events/events_rule_idp_group_mapping_changes/events_rule_idp_group_mapping_changes.metadata.json +1 -1
- prowler/providers/oraclecloud/services/events/events_rule_local_user_authentication/events_rule_local_user_authentication.metadata.json +1 -1
- prowler/providers/oraclecloud/services/events/events_rule_network_gateway_changes/events_rule_network_gateway_changes.metadata.json +1 -1
- prowler/providers/oraclecloud/services/events/events_rule_network_security_group_changes/events_rule_network_security_group_changes.metadata.json +1 -1
- prowler/providers/oraclecloud/services/events/events_rule_route_table_changes/events_rule_route_table_changes.metadata.json +1 -1
- prowler/providers/oraclecloud/services/events/events_rule_security_list_changes/events_rule_security_list_changes.metadata.json +1 -1
- prowler/providers/oraclecloud/services/events/events_rule_user_changes/events_rule_user_changes.metadata.json +1 -1
- prowler/providers/oraclecloud/services/events/events_rule_vcn_changes/events_rule_vcn_changes.metadata.json +1 -1
- prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/filestorage_file_system_encrypted_with_cmk.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_iam_admins_cannot_update_tenancy_admins/identity_iam_admins_cannot_update_tenancy_admins.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_instance_principal_used/identity_instance_principal_used.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_no_resources_in_root_compartment/identity_no_resources_in_root_compartment.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_non_root_compartment_exists/identity_non_root_compartment_exists.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_password_policy_expires_within_365_days/identity_password_policy_expires_within_365_days.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_password_policy_minimum_length_14/identity_password_policy_minimum_length_14.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_password_policy_prevents_reuse/identity_password_policy_prevents_reuse.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_service_level_admins_exist/identity_service_level_admins_exist.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_permissions_limited/identity_tenancy_admin_permissions_limited.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_users_no_api_keys/identity_tenancy_admin_users_no_api_keys.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_user_api_keys_rotated_90_days/identity_user_api_keys_rotated_90_days.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_user_auth_tokens_rotated_90_days/identity_user_auth_tokens_rotated_90_days.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_user_customer_secret_keys_rotated_90_days/identity_user_customer_secret_keys_rotated_90_days.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_user_db_passwords_rotated_90_days/identity_user_db_passwords_rotated_90_days.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_user_mfa_enabled_console_access/identity_user_mfa_enabled_console_access.metadata.json +1 -1
- prowler/providers/oraclecloud/services/identity/identity_user_valid_email_address/identity_user_valid_email_address.metadata.json +1 -1
- prowler/providers/oraclecloud/services/integration/integration_instance_access_restricted/integration_instance_access_restricted.metadata.json +1 -1
- prowler/providers/oraclecloud/services/kms/kms_key_rotation_enabled/kms_key_rotation_enabled.metadata.json +1 -1
- prowler/providers/oraclecloud/services/network/network_default_security_list_restricts_traffic/network_default_security_list_restricts_traffic.metadata.json +1 -1
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_rdp_port/network_security_group_ingress_from_internet_to_rdp_port.metadata.json +1 -1
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_ssh_port/network_security_group_ingress_from_internet_to_ssh_port.metadata.json +1 -1
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_rdp_port/network_security_list_ingress_from_internet_to_rdp_port.metadata.json +1 -1
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_ssh_port/network_security_list_ingress_from_internet_to_ssh_port.metadata.json +1 -1
- prowler/providers/oraclecloud/services/network/network_vcn_subnet_flow_logs_enabled/network_vcn_subnet_flow_logs_enabled.metadata.json +1 -1
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_encrypted_with_cmk/objectstorage_bucket_encrypted_with_cmk.metadata.json +1 -1
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_logging_enabled/objectstorage_bucket_logging_enabled.metadata.json +1 -1
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_not_publicly_accessible/objectstorage_bucket_not_publicly_accessible.metadata.json +1 -1
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versioning_enabled/objectstorage_bucket_versioning_enabled.metadata.json +1 -1
- {prowler_cloud-5.13.1.dist-info → prowler_cloud-5.14.0.dist-info}/METADATA +17 -16
- {prowler_cloud-5.13.1.dist-info → prowler_cloud-5.14.0.dist-info}/RECORD +295 -246
- /prowler/compliance/{oci → oraclecloud}/__init__.py +0 -0
- {prowler_cloud-5.13.1.dist-info → prowler_cloud-5.14.0.dist-info}/LICENSE +0 -0
- {prowler_cloud-5.13.1.dist-info → prowler_cloud-5.14.0.dist-info}/WHEEL +0 -0
- {prowler_cloud-5.13.1.dist-info → prowler_cloud-5.14.0.dist-info}/entry_points.txt +0 -0
|
@@ -0,0 +1,415 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Framework": "HIPAA",
|
|
3
|
+
"Name": "HIPAA compliance framework for GCP",
|
|
4
|
+
"Version": "",
|
|
5
|
+
"Provider": "GCP",
|
|
6
|
+
"Description": "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is legislation that helps US workers to retain health insurance coverage when they change or lose jobs. The legislation also seeks to encourage electronic health records to improve the efficiency and quality of the US healthcare system through improved information sharing. This framework maps HIPAA requirements to Google Cloud Platform (GCP) security best practices.",
|
|
7
|
+
"Requirements": [
|
|
8
|
+
{
|
|
9
|
+
"Id": "164_308_a_1_ii_a",
|
|
10
|
+
"Name": "164.308(a)(1)(ii)(A) Risk analysis",
|
|
11
|
+
"Description": "Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.",
|
|
12
|
+
"Attributes": [
|
|
13
|
+
{
|
|
14
|
+
"ItemId": "164_308_a_1_ii_a",
|
|
15
|
+
"Section": "164.308 Administrative Safeguards",
|
|
16
|
+
"Service": "gcp"
|
|
17
|
+
}
|
|
18
|
+
],
|
|
19
|
+
"Checks": [
|
|
20
|
+
"iam_cloud_asset_inventory_enabled",
|
|
21
|
+
"securitycenter_security_health_analytics_enabled",
|
|
22
|
+
"essentialcontacts_security_contacts_configured"
|
|
23
|
+
]
|
|
24
|
+
},
|
|
25
|
+
{
|
|
26
|
+
"Id": "164_308_a_1_ii_b",
|
|
27
|
+
"Name": "164.308(a)(1)(ii)(B) Risk Management",
|
|
28
|
+
"Description": "Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with 164.306(a): Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits.",
|
|
29
|
+
"Attributes": [
|
|
30
|
+
{
|
|
31
|
+
"ItemId": "164_308_a_1_ii_b",
|
|
32
|
+
"Section": "164.308 Administrative Safeguards",
|
|
33
|
+
"Service": "gcp"
|
|
34
|
+
}
|
|
35
|
+
],
|
|
36
|
+
"Checks": [
|
|
37
|
+
"cloudstorage_bucket_encryption",
|
|
38
|
+
"cloudstorage_bucket_public_access",
|
|
39
|
+
"cloudstorage_bucket_uniform_access",
|
|
40
|
+
"cloudsql_instance_automatic_backups_enabled",
|
|
41
|
+
"cloudsql_instance_encryption_enabled",
|
|
42
|
+
"cloudsql_instance_public_access",
|
|
43
|
+
"compute_instance_public_ip",
|
|
44
|
+
"compute_disk_encryption_enabled",
|
|
45
|
+
"compute_firewall_rdp_access_from_internet_restricted",
|
|
46
|
+
"compute_firewall_ssh_access_from_internet_restricted",
|
|
47
|
+
"compute_network_legacy_network_not_used",
|
|
48
|
+
"gke_cluster_master_authorized_networks_enabled",
|
|
49
|
+
"gke_cluster_private_cluster_enabled",
|
|
50
|
+
"iam_sa_no_administrative_privileges",
|
|
51
|
+
"iam_no_service_roles_at_project_level",
|
|
52
|
+
"bigquery_dataset_public_access",
|
|
53
|
+
"bigquery_dataset_cmek_encryption",
|
|
54
|
+
"kms_key_rotation_enabled"
|
|
55
|
+
]
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
"Id": "164_308_a_1_ii_d",
|
|
59
|
+
"Name": "164.308(a)(1)(ii)(D) Information system activity review",
|
|
60
|
+
"Description": "Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.",
|
|
61
|
+
"Attributes": [
|
|
62
|
+
{
|
|
63
|
+
"ItemId": "164_308_a_1_ii_d",
|
|
64
|
+
"Section": "164.308 Administrative Safeguards",
|
|
65
|
+
"Service": "gcp"
|
|
66
|
+
}
|
|
67
|
+
],
|
|
68
|
+
"Checks": [
|
|
69
|
+
"logging_sink_created",
|
|
70
|
+
"logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled",
|
|
71
|
+
"logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled",
|
|
72
|
+
"logging_log_metric_filter_and_alert_for_custom_role_changes_enabled",
|
|
73
|
+
"logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled",
|
|
74
|
+
"logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled",
|
|
75
|
+
"logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled",
|
|
76
|
+
"logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled",
|
|
77
|
+
"logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled"
|
|
78
|
+
]
|
|
79
|
+
},
|
|
80
|
+
{
|
|
81
|
+
"Id": "164_308_a_3_i",
|
|
82
|
+
"Name": "164.308(a)(3)(i) Workforce security",
|
|
83
|
+
"Description": "Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information.",
|
|
84
|
+
"Attributes": [
|
|
85
|
+
{
|
|
86
|
+
"ItemId": "164_308_a_3_i",
|
|
87
|
+
"Section": "164.308 Administrative Safeguards",
|
|
88
|
+
"Service": "gcp"
|
|
89
|
+
}
|
|
90
|
+
],
|
|
91
|
+
"Checks": [
|
|
92
|
+
"iam_sa_no_administrative_privileges",
|
|
93
|
+
"iam_no_service_roles_at_project_level",
|
|
94
|
+
"iam_role_kms_enforce_separation_of_duties",
|
|
95
|
+
"iam_role_sa_enforce_separation_of_duties",
|
|
96
|
+
"iam_sa_no_user_managed_keys",
|
|
97
|
+
"iam_sa_user_managed_key_unused"
|
|
98
|
+
]
|
|
99
|
+
},
|
|
100
|
+
{
|
|
101
|
+
"Id": "164_308_a_4_i",
|
|
102
|
+
"Name": "164.308(a)(4)(i) Information access management",
|
|
103
|
+
"Description": "Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part.",
|
|
104
|
+
"Attributes": [
|
|
105
|
+
{
|
|
106
|
+
"ItemId": "164_308_a_4_i",
|
|
107
|
+
"Section": "164.308 Administrative Safeguards",
|
|
108
|
+
"Service": "gcp"
|
|
109
|
+
}
|
|
110
|
+
],
|
|
111
|
+
"Checks": [
|
|
112
|
+
"iam_account_access_approval_enabled",
|
|
113
|
+
"iam_sa_no_administrative_privileges",
|
|
114
|
+
"iam_no_service_roles_at_project_level",
|
|
115
|
+
"iam_organization_essential_contacts_configured",
|
|
116
|
+
"cloudstorage_bucket_public_access",
|
|
117
|
+
"cloudsql_instance_public_access",
|
|
118
|
+
"bigquery_dataset_public_access"
|
|
119
|
+
]
|
|
120
|
+
},
|
|
121
|
+
{
|
|
122
|
+
"Id": "164_308_a_5_ii_c",
|
|
123
|
+
"Name": "164.308(a)(5)(ii)(C) Log-in monitoring",
|
|
124
|
+
"Description": "Procedures for monitoring log-in attempts and reporting discrepancies.",
|
|
125
|
+
"Attributes": [
|
|
126
|
+
{
|
|
127
|
+
"ItemId": "164_308_a_5_ii_c",
|
|
128
|
+
"Section": "164.308 Administrative Safeguards",
|
|
129
|
+
"Service": "gcp"
|
|
130
|
+
}
|
|
131
|
+
],
|
|
132
|
+
"Checks": [
|
|
133
|
+
"logging_sink_created",
|
|
134
|
+
"logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled",
|
|
135
|
+
"logging_log_metric_filter_and_alert_for_custom_role_changes_enabled"
|
|
136
|
+
]
|
|
137
|
+
},
|
|
138
|
+
{
|
|
139
|
+
"Id": "164_308_a_6_ii",
|
|
140
|
+
"Name": "164.308(a)(6)(ii) Response and reporting",
|
|
141
|
+
"Description": "Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity or business associate; and document security incidents and their outcomes.",
|
|
142
|
+
"Attributes": [
|
|
143
|
+
{
|
|
144
|
+
"ItemId": "164_308_a_6_ii",
|
|
145
|
+
"Section": "164.308 Administrative Safeguards",
|
|
146
|
+
"Service": "gcp"
|
|
147
|
+
}
|
|
148
|
+
],
|
|
149
|
+
"Checks": [
|
|
150
|
+
"securitycenter_security_health_analytics_enabled",
|
|
151
|
+
"essentialcontacts_security_contacts_configured",
|
|
152
|
+
"logging_sink_created"
|
|
153
|
+
]
|
|
154
|
+
},
|
|
155
|
+
{
|
|
156
|
+
"Id": "164_308_a_7_i",
|
|
157
|
+
"Name": "164.308(a)(7)(i) Contingency plan",
|
|
158
|
+
"Description": "Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.",
|
|
159
|
+
"Attributes": [
|
|
160
|
+
{
|
|
161
|
+
"ItemId": "164_308_a_7_i",
|
|
162
|
+
"Section": "164.308 Administrative Safeguards",
|
|
163
|
+
"Service": "gcp"
|
|
164
|
+
}
|
|
165
|
+
],
|
|
166
|
+
"Checks": [
|
|
167
|
+
"cloudsql_instance_automatic_backups_enabled",
|
|
168
|
+
"compute_disk_snapshot_encryption_enabled",
|
|
169
|
+
"gke_cluster_stackdriver_logging_enabled"
|
|
170
|
+
]
|
|
171
|
+
},
|
|
172
|
+
{
|
|
173
|
+
"Id": "164_308_a_7_ii_a",
|
|
174
|
+
"Name": "164.308(a)(7)(ii)(A) Data backup plan",
|
|
175
|
+
"Description": "Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.",
|
|
176
|
+
"Attributes": [
|
|
177
|
+
{
|
|
178
|
+
"ItemId": "164_308_a_7_ii_a",
|
|
179
|
+
"Section": "164.308 Administrative Safeguards",
|
|
180
|
+
"Service": "gcp"
|
|
181
|
+
}
|
|
182
|
+
],
|
|
183
|
+
"Checks": [
|
|
184
|
+
"cloudsql_instance_automatic_backups_enabled",
|
|
185
|
+
"cloudstorage_bucket_object_versioning",
|
|
186
|
+
"compute_disk_snapshot_encryption_enabled"
|
|
187
|
+
]
|
|
188
|
+
},
|
|
189
|
+
{
|
|
190
|
+
"Id": "164_308_a_7_ii_b",
|
|
191
|
+
"Name": "164.308(a)(7)(ii)(B) Disaster recovery plan",
|
|
192
|
+
"Description": "Establish (and implement as needed) procedures to restore any loss of data.",
|
|
193
|
+
"Attributes": [
|
|
194
|
+
{
|
|
195
|
+
"ItemId": "164_308_a_7_ii_b",
|
|
196
|
+
"Section": "164.308 Administrative Safeguards",
|
|
197
|
+
"Service": "gcp"
|
|
198
|
+
}
|
|
199
|
+
],
|
|
200
|
+
"Checks": [
|
|
201
|
+
"cloudsql_instance_automatic_backups_enabled",
|
|
202
|
+
"cloudsql_instance_point_in_time_recovery_enabled",
|
|
203
|
+
"cloudstorage_bucket_object_versioning"
|
|
204
|
+
]
|
|
205
|
+
},
|
|
206
|
+
{
|
|
207
|
+
"Id": "164_310_a_1",
|
|
208
|
+
"Name": "164.310(a)(1) Facility access controls",
|
|
209
|
+
"Description": "Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.",
|
|
210
|
+
"Attributes": [
|
|
211
|
+
{
|
|
212
|
+
"ItemId": "164_310_a_1",
|
|
213
|
+
"Section": "164.310 Physical Safeguards",
|
|
214
|
+
"Service": "gcp"
|
|
215
|
+
}
|
|
216
|
+
],
|
|
217
|
+
"Checks": [
|
|
218
|
+
"compute_instance_public_ip",
|
|
219
|
+
"compute_firewall_rdp_access_from_internet_restricted",
|
|
220
|
+
"compute_firewall_ssh_access_from_internet_restricted",
|
|
221
|
+
"gke_cluster_private_cluster_enabled"
|
|
222
|
+
]
|
|
223
|
+
},
|
|
224
|
+
{
|
|
225
|
+
"Id": "164_310_d_1",
|
|
226
|
+
"Name": "164.310(d)(1) Device and media controls",
|
|
227
|
+
"Description": "Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of a facility, and the movement of these items within the facility.",
|
|
228
|
+
"Attributes": [
|
|
229
|
+
{
|
|
230
|
+
"ItemId": "164_310_d_1",
|
|
231
|
+
"Section": "164.310 Physical Safeguards",
|
|
232
|
+
"Service": "gcp"
|
|
233
|
+
}
|
|
234
|
+
],
|
|
235
|
+
"Checks": [
|
|
236
|
+
"compute_disk_encryption_enabled",
|
|
237
|
+
"compute_disk_snapshot_encryption_enabled",
|
|
238
|
+
"cloudstorage_bucket_encryption"
|
|
239
|
+
]
|
|
240
|
+
},
|
|
241
|
+
{
|
|
242
|
+
"Id": "164_312_a_1",
|
|
243
|
+
"Name": "164.312(a)(1) Access control",
|
|
244
|
+
"Description": "Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4).",
|
|
245
|
+
"Attributes": [
|
|
246
|
+
{
|
|
247
|
+
"ItemId": "164_312_a_1",
|
|
248
|
+
"Section": "164.312 Technical Safeguards",
|
|
249
|
+
"Service": "gcp"
|
|
250
|
+
}
|
|
251
|
+
],
|
|
252
|
+
"Checks": [
|
|
253
|
+
"iam_sa_no_administrative_privileges",
|
|
254
|
+
"iam_no_service_roles_at_project_level",
|
|
255
|
+
"iam_account_access_approval_enabled",
|
|
256
|
+
"cloudstorage_bucket_public_access",
|
|
257
|
+
"cloudstorage_bucket_uniform_access",
|
|
258
|
+
"cloudsql_instance_public_access",
|
|
259
|
+
"bigquery_dataset_public_access",
|
|
260
|
+
"compute_instance_public_ip",
|
|
261
|
+
"gke_cluster_private_cluster_enabled"
|
|
262
|
+
]
|
|
263
|
+
},
|
|
264
|
+
{
|
|
265
|
+
"Id": "164_312_a_2_i",
|
|
266
|
+
"Name": "164.312(a)(2)(i) Unique user identification",
|
|
267
|
+
"Description": "Assign a unique name and/or number for identifying and tracking user identity.",
|
|
268
|
+
"Attributes": [
|
|
269
|
+
{
|
|
270
|
+
"ItemId": "164_312_a_2_i",
|
|
271
|
+
"Section": "164.312 Technical Safeguards",
|
|
272
|
+
"Service": "gcp"
|
|
273
|
+
}
|
|
274
|
+
],
|
|
275
|
+
"Checks": [
|
|
276
|
+
"iam_sa_no_user_managed_keys",
|
|
277
|
+
"iam_sa_user_managed_key_unused"
|
|
278
|
+
]
|
|
279
|
+
},
|
|
280
|
+
{
|
|
281
|
+
"Id": "164_312_a_2_iv",
|
|
282
|
+
"Name": "164.312(a)(2)(iv) Encryption and decryption",
|
|
283
|
+
"Description": "Implement a mechanism to encrypt and decrypt electronic protected health information.",
|
|
284
|
+
"Attributes": [
|
|
285
|
+
{
|
|
286
|
+
"ItemId": "164_312_a_2_iv",
|
|
287
|
+
"Section": "164.312 Technical Safeguards",
|
|
288
|
+
"Service": "gcp"
|
|
289
|
+
}
|
|
290
|
+
],
|
|
291
|
+
"Checks": [
|
|
292
|
+
"cloudstorage_bucket_encryption",
|
|
293
|
+
"cloudsql_instance_encryption_enabled",
|
|
294
|
+
"compute_disk_encryption_enabled",
|
|
295
|
+
"compute_disk_snapshot_encryption_enabled",
|
|
296
|
+
"bigquery_dataset_cmek_encryption",
|
|
297
|
+
"kms_key_rotation_enabled"
|
|
298
|
+
]
|
|
299
|
+
},
|
|
300
|
+
{
|
|
301
|
+
"Id": "164_312_b",
|
|
302
|
+
"Name": "164.312(b) Audit controls",
|
|
303
|
+
"Description": "Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.",
|
|
304
|
+
"Attributes": [
|
|
305
|
+
{
|
|
306
|
+
"ItemId": "164_312_b",
|
|
307
|
+
"Section": "164.312 Technical Safeguards",
|
|
308
|
+
"Service": "gcp"
|
|
309
|
+
}
|
|
310
|
+
],
|
|
311
|
+
"Checks": [
|
|
312
|
+
"logging_sink_created",
|
|
313
|
+
"logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled",
|
|
314
|
+
"logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled",
|
|
315
|
+
"logging_log_metric_filter_and_alert_for_custom_role_changes_enabled",
|
|
316
|
+
"logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled",
|
|
317
|
+
"logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled",
|
|
318
|
+
"logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled",
|
|
319
|
+
"logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled",
|
|
320
|
+
"logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled",
|
|
321
|
+
"gke_cluster_stackdriver_logging_enabled"
|
|
322
|
+
]
|
|
323
|
+
},
|
|
324
|
+
{
|
|
325
|
+
"Id": "164_312_c_1",
|
|
326
|
+
"Name": "164.312(c)(1) Integrity",
|
|
327
|
+
"Description": "Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.",
|
|
328
|
+
"Attributes": [
|
|
329
|
+
{
|
|
330
|
+
"ItemId": "164_312_c_1",
|
|
331
|
+
"Section": "164.312 Technical Safeguards",
|
|
332
|
+
"Service": "gcp"
|
|
333
|
+
}
|
|
334
|
+
],
|
|
335
|
+
"Checks": [
|
|
336
|
+
"cloudstorage_bucket_object_versioning",
|
|
337
|
+
"cloudsql_instance_automatic_backups_enabled",
|
|
338
|
+
"cloudsql_instance_point_in_time_recovery_enabled",
|
|
339
|
+
"kms_key_rotation_enabled"
|
|
340
|
+
]
|
|
341
|
+
},
|
|
342
|
+
{
|
|
343
|
+
"Id": "164_312_d",
|
|
344
|
+
"Name": "164.312(d) Person or entity authentication",
|
|
345
|
+
"Description": "Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.",
|
|
346
|
+
"Attributes": [
|
|
347
|
+
{
|
|
348
|
+
"ItemId": "164_312_d",
|
|
349
|
+
"Section": "164.312 Technical Safeguards",
|
|
350
|
+
"Service": "gcp"
|
|
351
|
+
}
|
|
352
|
+
],
|
|
353
|
+
"Checks": [
|
|
354
|
+
"iam_account_access_approval_enabled",
|
|
355
|
+
"iam_sa_no_user_managed_keys"
|
|
356
|
+
]
|
|
357
|
+
},
|
|
358
|
+
{
|
|
359
|
+
"Id": "164_312_e_1",
|
|
360
|
+
"Name": "164.312(e)(1) Transmission security",
|
|
361
|
+
"Description": "Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.",
|
|
362
|
+
"Attributes": [
|
|
363
|
+
{
|
|
364
|
+
"ItemId": "164_312_e_1",
|
|
365
|
+
"Section": "164.312 Technical Safeguards",
|
|
366
|
+
"Service": "gcp"
|
|
367
|
+
}
|
|
368
|
+
],
|
|
369
|
+
"Checks": [
|
|
370
|
+
"cloudstorage_bucket_encryption",
|
|
371
|
+
"compute_firewall_rdp_access_from_internet_restricted",
|
|
372
|
+
"compute_firewall_ssh_access_from_internet_restricted",
|
|
373
|
+
"cloudsql_instance_ssl_required",
|
|
374
|
+
"gke_cluster_master_authorized_networks_enabled"
|
|
375
|
+
]
|
|
376
|
+
},
|
|
377
|
+
{
|
|
378
|
+
"Id": "164_312_e_2_i",
|
|
379
|
+
"Name": "164.312(e)(2)(i) Integrity controls",
|
|
380
|
+
"Description": "Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.",
|
|
381
|
+
"Attributes": [
|
|
382
|
+
{
|
|
383
|
+
"ItemId": "164_312_e_2_i",
|
|
384
|
+
"Section": "164.312 Technical Safeguards",
|
|
385
|
+
"Service": "gcp"
|
|
386
|
+
}
|
|
387
|
+
],
|
|
388
|
+
"Checks": [
|
|
389
|
+
"cloudstorage_bucket_object_versioning",
|
|
390
|
+
"cloudsql_instance_automatic_backups_enabled",
|
|
391
|
+
"logging_sink_created"
|
|
392
|
+
]
|
|
393
|
+
},
|
|
394
|
+
{
|
|
395
|
+
"Id": "164_312_e_2_ii",
|
|
396
|
+
"Name": "164.312(e)(2)(ii) Encryption",
|
|
397
|
+
"Description": "Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.",
|
|
398
|
+
"Attributes": [
|
|
399
|
+
{
|
|
400
|
+
"ItemId": "164_312_e_2_ii",
|
|
401
|
+
"Section": "164.312 Technical Safeguards",
|
|
402
|
+
"Service": "gcp"
|
|
403
|
+
}
|
|
404
|
+
],
|
|
405
|
+
"Checks": [
|
|
406
|
+
"cloudstorage_bucket_encryption",
|
|
407
|
+
"cloudsql_instance_encryption_enabled",
|
|
408
|
+
"compute_disk_encryption_enabled",
|
|
409
|
+
"bigquery_dataset_cmek_encryption",
|
|
410
|
+
"kms_key_rotation_enabled",
|
|
411
|
+
"cloudsql_instance_ssl_required"
|
|
412
|
+
]
|
|
413
|
+
}
|
|
414
|
+
]
|
|
415
|
+
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Framework": "NIS2",
|
|
3
|
-
"Name": "Network and Information Security Directive (Directive (EU) 2022/2555)",
|
|
3
|
+
"Name": "NIS2 - Network and Information Security Directive (Directive (EU) 2022/2555)",
|
|
4
4
|
"Version": "",
|
|
5
5
|
"Provider": "GCP",
|
|
6
6
|
"Description": "ANNEX to the Commission Implementing Regulation laying down rules for the application of Directive (EU) 2022/2555 as regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant with regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers",
|
|
@@ -476,7 +476,9 @@
|
|
|
476
476
|
{
|
|
477
477
|
"Id": "1.2.2",
|
|
478
478
|
"Description": "Limit the ability to create repositories to trusted users and teams.",
|
|
479
|
-
"Checks": [
|
|
479
|
+
"Checks": [
|
|
480
|
+
"organization_repository_creation_limited"
|
|
481
|
+
],
|
|
480
482
|
"Attributes": [
|
|
481
483
|
{
|
|
482
484
|
"Section": "1 Source Code",
|
|
@@ -753,7 +755,9 @@
|
|
|
753
755
|
{
|
|
754
756
|
"Id": "1.3.8",
|
|
755
757
|
"Description": "Base permissions define the permission level automatically granted to all organization members. Define strict base access permissions for all of the repositories in the organization, including new ones.",
|
|
756
|
-
"Checks": [
|
|
758
|
+
"Checks": [
|
|
759
|
+
"organization_default_repository_permission_strict"
|
|
760
|
+
],
|
|
757
761
|
"Attributes": [
|
|
758
762
|
{
|
|
759
763
|
"Section": "1 Source Code",
|