Stax Changelog logo

Changelog

Back to Homepage Subscribe to Updates

Labels

  • All Posts
  • Fix
  • changed
  • added
  • deprecated
  • removed
  • security
  • notice

Jump to Month

  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
added
a year ago

CIS Benchmark version 1.4.0 is Now Available in the Compliance Module

Stax has introduced support for the Center for Internet Security's Amazon Web Services Foundations Benchmark version 1.4.0. This introduces the following changes over the previous iteration, version 1.3.0:

Three new rules were added to the Benchmark:

  • 2.1.3: Ensure MFA Delete is enabled on S3 buckets
  • 2.1.4: Ensure all data in Amazon S3 has been discovered, classified and secured when required (This rule cannot be automatically checked by Stax, see below for more details)
  • 2.3.1: Ensure that encryption is enabled for RDS instances

One rule changed category:

  • 2.1.5: Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' was moved from Identity and Access Management to Storage.

The Rule Bundle cannot validate all components of the Benchmark, so the following items must be evaluated manually:

  • 1.1: Maintain current contact details
  • 1.2: Ensure security contact information is registered
  • 1.3: Ensure security questions are registered in the AWS account
  • 1.18: Ensure IAM instance roles are used for AWS resource access from instances
  • 1.21: Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • 2.1.4: Ensure all data in Amazon S3 has been discovered, classified and secured when required
  • 5.4: Ensure routing tables for VPC peering are "least access"

To enable this new version of the Bundle, see Keep Bundles Up To Date. If you have automatic updates enabled, no action is required.