Platform
Plerion Platform
Asset inventory
Misconfigurations
Vulnerabilities
Breach detection
Permissions
Data security
Infrastructure as code
Compliance
Software composition
Explore the platform →
Integrations →
Supported clouds →
Use cases →
Use cases
Find & prioritize vulnerabilities
Identify the 1% of risk that matters
Understand what's in your cloud
Know who has access to what
Work where you already work
Resources
Blog
Cloud knowledge base
Customers
Company
About
Careers
Contact
Partnerships
Home
Platform
Asset Inventory
Misconfigurations
Vulnerabilities
Permissions
Breach Detection
Data Security
Infrastructure as Code
Compliance
Software Composition
Explore The Platform
Use Cases
Find & prioritize vulnerabilities
Identify the 1% of risk that matters
Understand what's in your cloud
Know who has access to what
Work where you already work
Resources
Blog
Cloud knowledge base
Customers
Company
About us
Careers
Contact us
Trust center
Get a demo
Sign up
Sign in
CLOUD KNOWLEDGE BASE
Cloud security articles
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Previous
Next
CIS AWS 1.21
Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
CIS AWS 2.1.2
Ensure MFA Delete is enabled on S3 buckets
CIS AWS 1.5
Ensure MFA is enabled for the 'root' user account
CIS AWS 4.11
Ensure Network Access Control Lists (NACL) changes are monitored
CIS AWS 2.1.1
Ensure S3 Bucket Policy is set to deny HTTP requests
CIS AWS 3.4
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
CIS AWS 4.8
Ensure S3 bucket policy changes are monitored
CIS AWS 4.14
Ensure VPC changes are monitored
CIS AWS 1.17
Ensure a support role has been created to manage incidents with AWS Support
CIS AWS 1.14
Ensure access keys are rotated every 90 days or less
CIS AWS 1.22
Ensure access to AWSCloudShellFullAccess is restricted
CIS AWS 2.1.3
Ensure all data in Amazon S3 has been discovered, classified and secured when required
CIS AWS 4.12
Ensure changes to network gateways are monitored
CIS AWS 1.12
Ensure credentials unused for 45 days or greater are disabled
CIS AWS 4.7
Ensure disabling or scheduled deletion of customer created CMKs is monitored
CIS AWS 1.6
Ensure hardware MFA is enabled for the 'root' user account
CIS AWS 4.2
Ensure management console sign-in without MFA is monitored
CIS AWS 1.10
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
CIS AWS 1.4
Ensure no 'root' user account access key exists
CIS AWS 5.1
Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
CIS AWS 5.2
Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
CIS AWS 5.3
Ensure no security groups allow ingress from ::/0 to remote server administration ports
CIS AWS 3.6
Ensure rotation for customer-created symmetric CMKs is enabled
CIS AWS 4.13
Ensure route table changes are monitored
CIS AWS 5.5
Ensure routing tables for VPC peering are "least access"
CIS AWS 1.2
Ensure security contact information is registered
CIS AWS 4.10
Ensure security group changes are monitored
CIS AWS 1.3
Ensure security questions are registered in the AWS account
Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
CIS AWS 5.6
Ensure that EC2 Metadata Service only allows IMDSv2
CIS AWS 1.20
Ensure that IAM Access analyzer is enabled for all regions
CIS AWS 3.9
Ensure that Object-level logging for read events is enabled for S3 bucket
CIS AWS 3.8
Ensure that Object-level logging for write events is enabled for S3 bucket
CIS AWS 2.1.4
Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
CIS AWS 1.19
Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
CIS AWS 2.4.1
Ensure that encryption is enabled for EFS file systems
CIS AWS 2.3.1
Ensure that encryption-at-rest is enabled for RDS Instances
CIS AWS 2.3.3
Ensure that public access is not given to RDS Instance
CIS AWS 5.4
Ensure the default security group of every VPC restricts all traffic
CIS AWS 1.13
Ensure there is only one active access key available for any single IAM user
CIS AWS 4.1
Ensure unauthorized API calls are monitored
CIS AWS 4.3
Ensure usage of 'root' account is monitored
CIS AWS 1.15
Ensure-iam-users-receive-permissions-only-through-groups
CSA CCM DCS-13
Environmental Systems
CSA CCM DCS-08
Equipment Identification
CSA CCM DCS-15
Equipment Location
CSA CCM BCR-11
Equipment Redundancy
CSA CCM SEF-06
Event Triage Processes
CSA CCM CCC-08
Exception Management
CSA CCM TVM-05
External Library Vulnerabilities
CSA CCM LOG-13
Failures and Anomalies Reporting
CSA CCM GRC-01
Governance Program Policy and Procedures
CSA CCM GRC-06
Governance Responsibility Model
CSA CCM IAM-03
Identity Inventory
CSA CCM IAM-01
Identity and Access Management Policy and Procedures
CSA CCM SEF-05
Incident Response Metrics
CSA CCM SEF-03
Incident Response Plans
CSA CCM SEF-04
Incident Response Testing
CSA CCM A&A-02
Independent Assessments
CSA CCM GRC-05
Information Security Program
CSA CCM GRC-07
Information System Regulatory Mapping
CSA CCM IVS-01
Infrastructure and Virtualization Security Policy and Procedures
CSA CCM STA-11
Internal Compliance Testing
CSA CCM IPY-01
Interoperability and Portability Policy and Procedures
CSA CCM CEK-15
Key Activation
CSA CCM CEK-18
Key Archival
CSA CCM CEK-19
Key Compromise
CSA CCM CEK-17
Key Deactivation
CSA CCM CEK-14
Key Destruction
CSA CCM CEK-10
Key Generation
CSA CCM CEK-21
Key Inventory Management
CSA CCM CEK-11
Key Purpose
CSA CCM CEK-20
Key Recovery
CSA CCM CEK-13
Key Revocation
CSA CCM CEK-12
Key Rotation
CSA CCM CEK-16
Key Suspension
CSA CCM IAM-05
Least Privilege
CSA CCM DSP-15
Limitation of Production Data Use
CSA CCM DSP-12
Limitation of Purpose in Personal Data Processing
CSA CCM LOG-09
Log Protection
CSA CCM LOG-08
Log Records
CSA CCM LOG-07
Logging Scope
CSA CCM LOG-01
Logging and Monitoring Policy and Procedures
CIS AWS 1.1
Maintain current contact details
CSA CCM TVM-02
Malware Protection Policy and Procedures
CSA CCM IAM-10
Management of Privileged Access Roles
CSA CCM IVS-07
Migration to Cloud Environments
CSA CCM IVS-08
Network Architecture Documentation
CSA CCM IVS-09
Network Defense
CSA CCM IVS-03
Network Security
CSA CCM HRS-10
Non-Disclosure Agreements
CSA CCM IVS-04
OS Hardening and Base Controls
CSA CCM DCS-01
Off-Site Equipment Disposal Policy and Procedures
CSA CCM DCS-02
Off-Site Transfer Authorization Policy and Procedures
CSA CCM UEM-07
Operating Systems
CSA CCM GRC-03
Organizational Policy Reviews
CSA CCM IAM-15
Passwords Management
CSA CCM TVM-06
Penetration Testing
CSA CCM DSP-11
Personal Data Access, Reversal, Rectification and Deletion
CSA CCM DSP-13
Personal Data Sub-processing
Blog
Learn cloud security with our research blog
Your queues, your responsibility
August 20, 2024
Things you wish you didn't need to know about S3
May 30, 2024
S3 Bucket Encryption Doesn't Work The Way You Think It Works
April 19, 2024
Read more