to take away the hassle of vendor assessments from their clients. It is tailored to meet specific needs and quickly identify, track, and measure all integral vendors to ensure the services they provide to your organization are secure.
ComplyScore manages third party assessment
This checklist helps you in assessing the best practices implemented by the vendor and evaluate their internal AWS implementations.
Security of Root AccountDisable Root API access
Delete root Access key (access key ID and secret access key) if one is created
Do not use root access to manage the AWS environment
Setup an alert when root access is used
Setup MFA for root account
Access ManagementRotate access keys once every 90 days
Enable MFA for all accounts that have console access or have access to system administration functions
Assign unique IAM user names for each user
Attach IAM policies only to groups or roles
Assign permissions to IAM Users strictly using groups
Run applications EC2 Instances using Roles
https://complyscore.com/ | 609-256-4579 | [email protected]
AWS InfoSec Implementation : Best Practices Checklist
NetworkNo security groups should allow ingress from 0.0.0.0/0 to port 22
No security groups should allow ingress from 0.0.0.0/0 to port 3389
Use security group to control inbound & outbound traffic
Monitoring, Encryption & Other controlsMonitor Activity in Your AWS Account
Enable logging for all resources
Integrate CloudTrail with CloudWatch Logs
Enable AWS Config in all regions
Encrypt CloudTrail logs at rest using KMS CMKs
Rotate customer created CMKs
Enable S3 Bucket access logging
Enable VPC Flow Logging
Deny public-access to S3 buckets [Many breaches were reported in this category]
Enable Server-side encryption (SSE) to encrypt sensitive data
Encrypt Inbound and outbound S3 traffic
Conduct a risk assessment of AWS environment
Maintain a structured asset library for AWS using AWS Config.[We regularly find that vendors do not have formal asset library for AWS]
Maintain a Cross reference between policies and user counts. This will highlight areas where a sensitive policy has been overused
https://complyscore.com/ | 609-256-4579 | [email protected]
AWS InfoSec Implementation : Best Practices Checklist
AWS offers multiple tools to manage security. An assessment of which tools are used gives a good indication of the vendors security posture.
Enabling alarms on sensitive events are critical to securing the environment.Alarms should be enabled for following eventsAlarms :
Unauthorized API calls
Management Console sign-in without MFA
Usage of 'root' account
IAM policy changes
Configuration changes
Disabling or scheduled deletion of customer created keys
Storage policy changes
Configuration changes
Security group changes
Changes to Network Access Control Lists
Changes to network gateways
Route table changes
https://complyscore.com/ | 609-256-4579 | [email protected]
AWS ConfigAWS Trusted Advisor
Cloud TrailCloudWatch
VPC Flow logs Amazon InspectorGuardDuty
Resource Configuration User Activities Network Traffic Host Vulnerabilities/Activities
AWS InfoSec Implementation : Best Practices Checklist