sraverify 0.1.0__py3-none-any.whl

sraverify/services/macie/checks/sra_macie_04.py

@@ -0,0 +1,120 @@
+"""
+SRA-MACIE-04: Checks that findings are being exported to S3 in the log archive account are encrypted at rest.
+"""
+from typing import List, Dict, Any
+from sraverify.services.macie.base import MacieCheck
+from sraverify.core.logging import logger
+
+
+class SRA_MACIE_04(MacieCheck):
+    """Check if Macie findings exported to S3 are encrypted at rest using KMS."""
+    
+    def __init__(self):
+        """Initialize the check."""
+        super().__init__()
+        self.check_id = "SRA-MACIE-04"
+        self.check_name = "Checks that findings are being exported to S3 in the log archive account are encrypted at rest"
+        self.description = (
+            "This check verifies whether all Macie findings that are being exported to a S3 bucket within the Log Archive account "
+            "are encrypted using KMS key. Macie findings are sensitive in natures and should be encrypted to prevent from unauthorized disclosure."
+        )
+        self.severity = "HIGH"
+        self.account_type = "application"
+        self.check_logic = "Check validates using get-classification-export-configuration that kms key exists. PASS if KMS ARN returned."
+        self.resource_type = "AWS::Macie::Session"
+    
+    def execute(self) -> List[Dict[str, Any]]:
+        """
+        Execute the check.
+        
+        Returns:
+            List of findings
+        """
+        findings = []
+        
+        for region in self.regions:
+            # Get classification export configuration using the base class method with caching
+            export_config = self.get_classification_export_configuration(region)
+            
+            # Check if the API call was successful
+            if not export_config:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="KMS encryption for S3 bucket",
+                        actual_value="Failed to retrieve Macie classification export configuration",
+                        remediation="Ensure Macie is enabled and you have the necessary permissions to call the Macie GetClassificationExportConfiguration API"
+                    )
+                )
+                continue
+            
+            # Check if export configuration exists
+            configuration = export_config.get('configuration', {})
+            if not configuration:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="KMS encryption for S3 bucket",
+                        actual_value="Macie findings export configuration not found",
+                        remediation=(
+                            f"Configure Macie to export findings to a S3 bucket with KMS encryption in region {region} using the AWS CLI command: "
+                            f"aws macie2 put-classification-export-configuration --s3-destination bucketName=your-bucket-name,kmsKeyArn=arn:aws:kms:{region}:{self.account_id}:key/your-key-id --region {region}"
+                        )
+                    )
+                )
+                continue
+            
+            # Check if S3 destination exists
+            s3_destination = configuration.get('s3Destination', {})
+            if not s3_destination:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="KMS encryption for S3 bucket",
+                        actual_value="S3 destination not found in Macie findings export configuration",
+                        remediation=(
+                            f"Configure Macie to export findings to a S3 bucket with KMS encryption in region {region} using the AWS CLI command: "
+                            f"aws macie2 put-classification-export-configuration --s3-destination bucketName=your-bucket-name,kmsKeyArn=arn:aws:kms:{region}:{self.account_id}:key/your-key-id --region {region}"
+                        )
+                    )
+                )
+                continue
+            
+            # Get bucket name and KMS key ARN
+            bucket_name = s3_destination.get('bucketName', '')
+            kms_key_arn = s3_destination.get('kmsKeyArn', '')
+            
+            # Check if KMS key ARN exists
+            if kms_key_arn:
+                findings.append(
+                    self.create_finding(
+                        status="PASS",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="KMS encryption for S3 bucket",
+                        actual_value=f"Macie findings exported to S3 bucket '{bucket_name}' are encrypted using KMS key '{kms_key_arn}' in region {region}",
+                        remediation="No remediation needed"
+                    )
+                )
+            else:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="KMS encryption for S3 bucket",
+                        actual_value=f"Macie findings exported to S3 bucket '{bucket_name}' are not encrypted using KMS in region {region}",
+                        remediation=(
+                            f"Configure Macie to export findings to a S3 bucket with KMS encryption in region {region} using the AWS CLI command: "
+                            f"aws macie2 put-classification-export-configuration --s3-destination bucketName={bucket_name},kmsKeyArn=arn:aws:kms:{region}:{self.account_id}:key/your-key-id --region {region}"
+                        )
+                    )
+                )
+        
+        return findings

sraverify/services/macie/checks/sra_macie_05.py

@@ -0,0 +1,85 @@
+"""
+SRA-MACIE-05: Macie administration for the AWS Organization has a delegated administrator.
+"""
+from typing import List, Dict, Any
+from sraverify.services.macie.base import MacieCheck
+from sraverify.core.logging import logger
+
+
+class SRA_MACIE_05(MacieCheck):
+    """Check if Macie administration for the AWS Organization has a delegated administrator."""
+    
+    def __init__(self):
+        """Initialize the check."""
+        super().__init__()
+        self.check_id = "SRA-MACIE-05"
+        self.check_name = "Macie administration for the AWS Organization has a delegated administrator"
+        self.description = (
+            "This check verifies whether Macie service administration for the AWS Organization is delegated out to AWS Organization management account."
+        )
+        self.severity = "HIGH"
+        self.account_type = "management"
+        self.check_logic = "Check validates that a delegated administrator exists for Macie. PASS if macie2 get-administrator-account returns a valid administrator account"
+        self.resource_type = "AWS::Macie::Session"
+    
+    def execute(self) -> List[Dict[str, Any]]:
+        """
+        Execute the check.
+        
+        Returns:
+            List of findings
+        """
+        findings = []
+        
+        for region in self.regions:
+            # Get Macie administrator account using the base class method with caching
+            admin_account = self.get_macie_administrator_account(region)
+            
+            # Check if the API call was successful and returned an administrator
+            if not admin_account or 'administrator' not in admin_account:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="Administrator account for Macie",
+                        actual_value=f"No administrator account found for Macie in region {region}",
+                        remediation=(
+                            f"Enable Macie and register a delegated administrator for Macie in region {region} using the AWS CLI command: "
+                            f"aws macie2 enable-organization-admin-account --admin-account-id your-audit-account-id --region {region}"
+                        )
+                    )
+                )
+                continue
+            
+            # Check if administrator account exists and is enabled
+            admin_account_id = admin_account.get('administrator', {}).get('accountId')
+            relation_status = admin_account.get('administrator', {}).get('relationshipStatus')
+            
+            if admin_account_id and relation_status == 'Enabled':
+                findings.append(
+                    self.create_finding(
+                        status="PASS",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/administrator/{admin_account_id}/{region}",
+                        checked_value="Administrator account for Macie",
+                        actual_value=f"Macie has an administrator account: {admin_account_id} with status: {relation_status} in region {region}",
+                        remediation="No remediation needed"
+                    )
+                )
+            else:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="Administrator account for Macie",
+                        actual_value=f"Administrator account found for Macie in region {region} but status is not Enabled: {relation_status}",
+                        remediation=(
+                            f"Enable Macie and register a delegated administrator for Macie in region {region} using the AWS CLI command: "
+                            f"aws macie2 enable-organization-admin-account --admin-account-id your-audit-account-id --region {region}"
+                        )
+                    )
+                )
+        
+        return findings

sraverify/services/macie/checks/sra_macie_06.py

@@ -0,0 +1,124 @@
+"""
+SRA-MACIE-06: Macie delegated admin account is the Security Tooling (Audit) account.
+"""
+from typing import List, Dict, Any
+from sraverify.services.macie.base import MacieCheck
+from sraverify.core.logging import logger
+
+
+class SRA_MACIE_06(MacieCheck):
+    """Check if Macie delegated admin account is the Security Tooling (Audit) account."""
+    
+    def __init__(self):
+        """Initialize the check."""
+        super().__init__()
+        self.check_id = "SRA-MACIE-06"
+        self.check_name = "Macie delegated admin account is the Security Tooling (Audit) account"
+        self.description = (
+            "This check verifies whether Macie delegated admin account is the audit account of your AWS organization. "
+            "audit account is dedicated to operating security services, monitoring AWS accounts, and automating security "
+            "alerting and response. Macie provides sensitive data discovery service."
+        )
+        self.severity = "HIGH"
+        self.account_type = "management"
+        self.check_logic = "Check validates that the administrator account for Macie is the --audit-account. Check PASS if macie2 get-administrator-account account ID == audit account passed via —audit-account flag"
+        self.resource_type = "AWS::Macie::Session"
+    
+    def execute(self) -> List[Dict[str, Any]]:
+        """
+        Execute the check.
+        
+        Returns:
+            List of findings
+        """
+        findings = []
+        
+        # Check if audit accounts are provided
+        audit_accounts = []
+        if hasattr(self, '_audit_accounts') and self._audit_accounts:
+            audit_accounts = self._audit_accounts
+        
+        if not audit_accounts:
+            for region in self.regions:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="Administrator account is Audit account",
+                        actual_value="Audit Account ID not provided",
+                        remediation="Provide the Audit account IDs using --audit-account flag"
+                    )
+                )
+            return findings
+        
+        for region in self.regions:
+            # Get Macie administrator account using the base class method with caching
+            admin_account = self.get_macie_administrator_account(region)
+            
+            # Check if the API call was successful and returned an administrator
+            if not admin_account or 'administrator' not in admin_account:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="Administrator account is Audit account",
+                        actual_value=f"No administrator account found for Macie in region {region}",
+                        remediation=(
+                            f"Enable Macie and register the Audit account ({', '.join(audit_accounts)}) as a delegated administrator for Macie in region {region} using the AWS CLI command: "
+                            f"aws macie2 enable-organization-admin-account --admin-account-id {audit_accounts[0]} --region {region}"
+                        )
+                    )
+                )
+                continue
+            
+            # Check if administrator account exists and is enabled
+            admin_account_id = admin_account.get('administrator', {}).get('accountId')
+            relation_status = admin_account.get('administrator', {}).get('relationshipStatus')
+            
+            if not admin_account_id or relation_status != 'Enabled':
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="Administrator account is Audit account",
+                        actual_value=f"Administrator account found for Macie in region {region} but status is not Enabled: {relation_status}",
+                        remediation=(
+                            f"Enable Macie and register the Audit account ({', '.join(audit_accounts)}) as a delegated administrator for Macie in region {region} using the AWS CLI command: "
+                            f"aws macie2 enable-organization-admin-account --admin-account-id {audit_accounts[0]} --region {region}"
+                        )
+                    )
+                )
+                continue
+            
+            # Check if administrator account is the Audit account
+            if admin_account_id in audit_accounts:
+                findings.append(
+                    self.create_finding(
+                        status="PASS",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/administrator/{admin_account_id}/{region}",
+                        checked_value="Administrator account is Audit account",
+                        actual_value=f"Macie administrator account {admin_account_id} is one of the specified Audit accounts in region {region}",
+                        remediation="No remediation needed"
+                    )
+                )
+            else:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/administrator/{admin_account_id}/{region}",
+                        checked_value="Administrator account is Audit account",
+                        actual_value=f"Macie administrator account {admin_account_id} is not one of the specified Audit accounts ({', '.join(audit_accounts)}) in region {region}",
+                        remediation=(
+                            f"Disable the current administrator and enable the Audit account ({', '.join(audit_accounts)}) as a delegated administrator for Macie in region {region} using the AWS CLI commands: "
+                            f"aws macie2 disable-organization-admin-account --admin-account-id {admin_account_id} --region {region} && "
+                            f"aws macie2 enable-organization-admin-account --admin-account-id {audit_accounts[0]} --region {region}"
+                        )
+                    )
+                )
+        
+        return findings

sraverify/services/macie/checks/sra_macie_07.py

@@ -0,0 +1,138 @@
+"""
+SRA-MACIE-07: All active member accounts have relationship with delegated admin account enabled.
+"""
+from typing import List, Dict, Any, Set
+from sraverify.services.macie.base import MacieCheck
+from sraverify.core.logging import logger
+
+
+class SRA_MACIE_07(MacieCheck):
+    """Check if all active member accounts have relationship with delegated admin account enabled."""
+    
+    def __init__(self):
+        """Initialize the check."""
+        super().__init__()
+        self.check_id = "SRA-MACIE-07"
+        self.check_name = "All active member accounts have relationship with delegated admin account enabled"
+        self.description = (
+            "This check verifies whether all active members accounts of the AWS Organization have Macie member relationship "
+            "enabled with Macie delegated admin account. Amazon Macie is a data security service that discovers sensitive data "
+            "by using machine learning and pattern matching, provides visibility into data security risks, and enables automated "
+            "protection against those risks."
+        )
+        self.severity = "HIGH"
+        self.account_type = "audit"
+        self.check_logic = "Check runs organizations list-accounts AND macie2 list-members. Check PASS if macie2 list-members includes all members of the AWS organization minus the audit account."
+        self.resource_type = "AWS::Macie::Session"
+    
+    def execute(self) -> List[Dict[str, Any]]:
+        """
+        Execute the check.
+        
+        Returns:
+            List of findings
+        """
+        findings = []
+        
+        # Check if audit accounts are provided
+        audit_accounts = []
+        if hasattr(self, '_audit_accounts') and self._audit_accounts:
+            audit_accounts = self._audit_accounts
+        
+        for region in self.regions:
+            # Get organization members using the base class method with caching
+            org_members = self.get_organization_members(region)
+            
+            # Check if the API call was successful
+            if not org_members:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"organization/{self.account_id}",
+                        checked_value="All active member accounts have Macie relationship enabled",
+                        actual_value="Failed to retrieve AWS Organization members",
+                        remediation="Ensure you have the necessary permissions to call the Organizations ListAccounts API"
+                    )
+                )
+                continue
+            
+            # Get Macie members using the base class method with caching
+            macie_members = self.get_macie_members(region)
+            
+            # Check if the API call was successful
+            if macie_members is None:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}",
+                        checked_value="All active member accounts have Macie relationship enabled",
+                        actual_value="Failed to retrieve Macie members",
+                        remediation="Ensure you have the necessary permissions to call the Macie ListMembers API"
+                    )
+                )
+                continue
+            
+            # Filter active organization members
+            active_org_members = [
+                member for member in org_members 
+                if member.get('Status') == 'ACTIVE'
+            ]
+            
+            # Create sets of account IDs for comparison
+            active_org_account_ids = {member.get('Id') for member in active_org_members}
+            macie_member_account_ids = {member.get('accountId') for member in macie_members}
+            
+            # Remove the current account (delegated admin) from the set of accounts to check
+            if self.account_id in active_org_account_ids:
+                active_org_account_ids.remove(self.account_id)
+            
+            # Remove audit accounts from the set of accounts to check if provided
+            for audit_account in audit_accounts:
+                if audit_account in active_org_account_ids:
+                    active_org_account_ids.remove(audit_account)
+            
+            # Find accounts that are not Macie members
+            missing_accounts = active_org_account_ids - macie_member_account_ids
+            
+            # Find accounts that are Macie members but not enabled
+            not_enabled_accounts = []
+            for member in macie_members:
+                if member.get('accountId') in active_org_account_ids and member.get('relationshipStatus') != 'Enabled':
+                    not_enabled_accounts.append(member.get('accountId'))
+            
+            if not missing_accounts and not not_enabled_accounts:
+                findings.append(
+                    self.create_finding(
+                        status="PASS",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="All active member accounts have Macie relationship enabled",
+                        actual_value=f"All {len(active_org_account_ids)} active member accounts have Macie relationship enabled in region {region}",
+                        remediation="No remediation needed"
+                    )
+                )
+            else:
+                missing_accounts_str = ", ".join(missing_accounts) if missing_accounts else "None"
+                not_enabled_accounts_str = ", ".join(not_enabled_accounts) if not_enabled_accounts else "None"
+                
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="All active member accounts have Macie relationship enabled",
+                        actual_value=(
+                            f"Not all active member accounts have Macie relationship enabled in region {region}. "
+                            f"Missing accounts: {missing_accounts_str}. "
+                            f"Accounts with relationship not enabled: {not_enabled_accounts_str}."
+                        ),
+                        remediation=(
+                            f"Enable Macie for all member accounts in region {region} using the AWS CLI command: "
+                            f"aws macie2 create-member --account account_details --region {region}"
+                        )
+                    )
+                )
+        
+        return findings

sraverify/services/macie/checks/sra_macie_08.py

@@ -0,0 +1,82 @@
+"""
+SRA-MACIE-08: Macie AutoEnable configuration is enabled for new member accounts.
+"""
+from typing import List, Dict, Any
+from sraverify.services.macie.base import MacieCheck
+from sraverify.core.logging import logger
+
+
+class SRA_MACIE_08(MacieCheck):
+    """Check if Macie AutoEnable configuration is enabled for new member accounts."""
+    
+    def __init__(self):
+        """Initialize the check."""
+        super().__init__()
+        self.check_id = "SRA-MACIE-08"
+        self.check_name = "Macie AutoEnable configuration is enabled for new member accounts"
+        self.description = (
+            "This check verifies whether auto-enablement configuration for Macie is enabled for member accounts of the AWS Organization. "
+            "This ensures that all existing and new member accounts will have Macie monitoring."
+        )
+        self.severity = "MEDIUM"
+        self.account_type = "audit"
+        self.check_logic = "Check runs macie2 describe-organization-configuration. PASS if autoenable = True"
+        self.resource_type = "AWS::Macie::Session"
+    
+    def execute(self) -> List[Dict[str, Any]]:
+        """
+        Execute the check.
+        
+        Returns:
+            List of findings
+        """
+        findings = []
+        
+        for region in self.regions:
+            # Get organization configuration using the base class method with caching
+            org_config = self.get_organization_configuration(region)
+            
+            # Check if the API call was successful
+            if not org_config:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="autoEnable: true",
+                        actual_value="Failed to retrieve Macie organization configuration",
+                        remediation="Ensure Macie is enabled and you have the necessary permissions to call the Macie DescribeOrganizationConfiguration API"
+                    )
+                )
+                continue
+            
+            # Check if auto-enable is enabled
+            auto_enable = org_config.get('autoEnable', False)
+            
+            if auto_enable:
+                findings.append(
+                    self.create_finding(
+                        status="PASS",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="autoEnable: true",
+                        actual_value=f"Macie AutoEnable configuration is enabled for new member accounts in region {region}",
+                        remediation="No remediation needed"
+                    )
+                )
+            else:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="autoEnable: true",
+                        actual_value=f"Macie AutoEnable configuration is not enabled for new member accounts in region {region}",
+                        remediation=(
+                            f"Enable Macie AutoEnable configuration for new member accounts in region {region} using the AWS CLI command: "
+                            f"aws macie2 update-organization-configuration --auto-enable --region {region}"
+                        )
+                    )
+                )
+        
+        return findings

sraverify/services/macie/checks/sra_macie_09.py

@@ -0,0 +1,103 @@
+"""
+SRA-MACIE-09: All active member accounts have Macie enabled.
+"""
+from typing import List, Dict, Any
+from sraverify.services.macie.base import MacieCheck
+from sraverify.core.logging import logger
+
+
+class SRA_MACIE_09(MacieCheck):
+    """Check if all active member accounts have Macie enabled."""
+    
+    def __init__(self):
+        """Initialize the check."""
+        super().__init__()
+        self.check_id = "SRA-MACIE-09"
+        self.check_name = "All active member accounts have Macie enabled"
+        self.description = (
+            "This check verifies whether all active members accounts of the AWS Organization have Macie enabled. "
+            "Amazon Macie is a data security service that discovers sensitive data by using machine learning and pattern matching, "
+            "provides visibility into data security risks, and enables automated protection against those risks."
+        )
+        self.severity = "HIGH"
+        self.account_type = "audit"
+        self.check_logic = "Check runs macie2 list-members, PASS if 'relationshipStatus': 'Enabled' for all members"
+        self.resource_type = "AWS::Macie::Session"
+    
+    def execute(self) -> List[Dict[str, Any]]:
+        """
+        Execute the check.
+        
+        Returns:
+            List of findings
+        """
+        findings = []
+        
+        for region in self.regions:
+            # Get Macie members using the base class method with caching
+            macie_members = self.get_macie_members(region)
+            
+            # Check if the API call was successful
+            if macie_members is None:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="All member accounts have Macie enabled",
+                        actual_value="Failed to retrieve Macie members",
+                        remediation="Ensure you have the necessary permissions to call the Macie ListMembers API"
+                    )
+                )
+                continue
+            
+            # Check if there are any members
+            if not macie_members:
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="All member accounts have Macie enabled",
+                        actual_value="No Macie members found",
+                        remediation=f"Enable Macie for member accounts in region {region} using the AWS CLI command: aws macie2 create-member --account account_details --region {region}"
+                    )
+                )
+                continue
+            
+            # Check if all members have Macie enabled
+            disabled_members = [
+                member for member in macie_members 
+                if member.get('relationshipStatus') != 'Enabled'
+            ]
+            
+            if not disabled_members:
+                findings.append(
+                    self.create_finding(
+                        status="PASS",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="All member accounts have Macie enabled",
+                        actual_value=f"All {len(macie_members)} member accounts have Macie enabled in region {region}",
+                        remediation="No remediation needed"
+                    )
+                )
+            else:
+                disabled_account_ids = [member.get('accountId', 'Unknown') for member in disabled_members]
+                disabled_accounts_str = ", ".join(disabled_account_ids)
+                
+                findings.append(
+                    self.create_finding(
+                        status="FAIL",
+                        region=region,
+                        resource_id=f"macie2/{self.account_id}/{region}",
+                        checked_value="All member accounts have Macie enabled",
+                        actual_value=f"{len(disabled_members)} out of {len(macie_members)} member accounts do not have Macie enabled in region {region}: {disabled_accounts_str}",
+                        remediation=(
+                            f"Enable Macie for all member accounts in region {region} using the AWS CLI command: "
+                            f"aws macie2 enable-macie --region {region}"
+                        )
+                    )
+                )
+        
+        return findings