Dump controls

iainelder · Dec 20, 2024 · 59667dd · 59667dd
1 parent 9fe106a
commit 59667dd
Showing 1 changed file with 10 additions and 10 deletions.
diff --git a/security-hub-controls.jsonl b/security-hub-controls.jsonl
@@ -172,13 +172,13 @@
 {"Id":"EC2.76","Title":"VPCs should be configured with an interface endpoint for CloudFormation","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
 {"Id":"EC2.77","Title":"VPCs should be configured with an interface endpoint for EventBridge","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
 {"Id":"EC2.78","Title":"VPCs should be configured with an interface endpoint for EC2 Auto Scaling","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
-{"Id":"EC2.79","Title":"VPCs should be configured with an interface endpoint for SageMaker AI API","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
-{"Id":"EC2.80","Title":"VPCs should be configured with an interface endpoint for SageMaker AI Feature Store Runtime","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
-{"Id":"EC2.81","Title":"VPCs should be configured with an interface endpoint for SageMaker AI Metrics Service","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
-{"Id":"EC2.82","Title":"VPCs should be configured with an interface endpoint for SageMaker AI Runtime","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
-{"Id":"EC2.83","Title":"VPCs should be configured with an interface endpoint for SageMaker AI Runtime for FIPS","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
-{"Id":"EC2.84","Title":"VPCs should be configured with an interface endpoint for SageMaker AI notebook","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
-{"Id":"EC2.85","Title":"VPCs should be configured with an interface endpoint for SageMaker AI studio","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
+{"Id":"EC2.79","Title":"VPCs should be configured with an interface endpoint for SageMaker API","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
+{"Id":"EC2.80","Title":"VPCs should be configured with an interface endpoint for SageMaker Feature Store Runtime","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
+{"Id":"EC2.81","Title":"VPCs should be configured with an interface endpoint for SageMaker Metrics Service","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
+{"Id":"EC2.82","Title":"VPCs should be configured with an interface endpoint for SageMaker Runtime","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
+{"Id":"EC2.83","Title":"VPCs should be configured with an interface endpoint for SageMaker Runtime for FIPS","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
+{"Id":"EC2.84","Title":"VPCs should be configured with an interface endpoint for SageMaker notebook","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
+{"Id":"EC2.85","Title":"VPCs should be configured with an interface endpoint for SageMaker studio","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
 {"Id":"EC2.86","Title":"VPCs should be configured with an interface endpoint for AWS Glue","ApplicableStandards":["NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
 {"Id":"EC2.87","Title":"VPCs should be configured with an interface endpoint for Kinesis Data Streams","ApplicableStandards":["NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
 {"Id":"EC2.88","Title":"VPCs should be configured with an interface endpoint for Transfer Family for SFTP","ApplicableStandards":["NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}
@@ -517,9 +517,9 @@
 {"Id":"S3.23","Title":"S3 general purpose buckets should log object-level read events","ApplicableStandards":["CIS AWS Foundations Benchmark v3.0.0","PCI DSS v4.0.1"],"Severity":"MEDIUM","SupportsCustomParameters":"No","ScheduleType":"Periodic"}
 {"Id":"S3.24","Title":"S3 Multi-Region Access Points should have block public access settings enabled","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","PCI DSS v4.0.1"],"Severity":"HIGH","SupportsCustomParameters":"No","ScheduleType":"Change triggered"}
 {"Id":"SageMaker.1","Title":"Amazon SageMaker AI notebook instances should not have direct internet access","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5","PCI DSS v3.2.1","PCI DSS v4.0.1","Service-Managed Standard: AWS Control Tower"],"Severity":"HIGH","SupportsCustomParameters":"No","ScheduleType":"Periodic"}
-{"Id":"SageMaker.2","Title":"SageMaker AI notebook instances should be launched in a custom VPC","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"HIGH","SupportsCustomParameters":"No","ScheduleType":"Change triggered"}
-{"Id":"SageMaker.3","Title":"Users should not have root access to SageMaker AI notebook instances","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"HIGH","SupportsCustomParameters":"No","ScheduleType":"Change triggered"}
-{"Id":"SageMaker.4","Title":"SageMaker AI endpoint production variants should have an initial instance count greater than 1","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"No","ScheduleType":"Periodic"}
+{"Id":"SageMaker.2","Title":"SageMaker notebook instances should be launched in a custom VPC","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"HIGH","SupportsCustomParameters":"No","ScheduleType":"Change triggered"}
+{"Id":"SageMaker.3","Title":"Users should not have root access to SageMaker notebook instances","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"HIGH","SupportsCustomParameters":"No","ScheduleType":"Change triggered"}
+{"Id":"SageMaker.4","Title":"SageMaker endpoint production variants should have an initial instance count greater than 1","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","SupportsCustomParameters":"No","ScheduleType":"Periodic"}
 {"Id":"SecretsManager.1","Title":"Secrets Manager secrets should have automatic rotation enabled","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5","PCI DSS v4.0.1","Service-Managed Standard: AWS Control Tower"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Change triggered"}
 {"Id":"SecretsManager.2","Title":"Secrets Manager secrets configured with automatic rotation should rotate successfully","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5","PCI DSS v4.0.1","Service-Managed Standard: AWS Control Tower"],"Severity":"MEDIUM","SupportsCustomParameters":"No","ScheduleType":"Change triggered"}
 {"Id":"SecretsManager.3","Title":"Remove unused Secrets Manager secrets","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5","Service-Managed Standard: AWS Control Tower"],"Severity":"MEDIUM","SupportsCustomParameters":"Yes","ScheduleType":"Periodic"}