Alert Logic® Managed Detection & Response (MDR) is certified by the Center of Internet Security (CIS) for Level 1 and Level 2 of the latest version (1.5.0) of the CIS Amazon Web Services (AWS) Foundations Benchmark. The CIS AWS Foundations Benchmark is a set of guidelines that help you to secure your AWS environment by providing step-by-step implementation and assessment procedures from industry security experts that go beyond high-level security guidance.
CIS is a globally recognized security organization with a mission to identify, develop, validate, promote, and sustain best practice solutions for cyber defense. In this article, learn about assessing your AWS environment against the Benchmark.
Updated IAM Role Policy
An updated IAM Role Policy has been released with specific changes required to discover new asset types and/or properties.
Deployment mode | Policy version | Change | Optional/Required | Purpose |
automatic | 2022-11-16 |
+ iam:ListServerCertificates |
Required | Discovery of new asset types/properties to support new CIS benchmark checks |
+ ec2:GetConsoleOutput | Optional | Enable appliance troubleshooting. Parity with manual-mode policy. | ||
- ec2:CreateKeyPair - ec2:ImportKeyPair |
N/A | Formerly used by decommissioned Launcher service to deploy appliances. No longer needed. | ||
none (Essentials-only) | 2022-11-16 |
+ iam:ListServerCertificates |
Required | Discovery of new asset types/properties to support new CIS benchmark checks |
manual and defender | 2022-11-16 |
+ iam:ListServerCertificates |
Required | Discovery of new asset types/properties to support new CIS benchmark |
To take advantage of the new functionality for supporting version 1.5.0 of the CIS AWS Foundations Benchmark, you must copy the updated policy document from the Alert Logic console and update the IAM role in the AWS console. Refer to Update AWS IAM Role.
Note: Existing functionality will not be affected. However, until IAM roles are updated with the new policy, your existing AWS deployments in the Alert Logic console will continue to report the “Outdated IAM Policy document” health exposure and the “Update Policy Document for the Associated IAM Role” health remediation.
Updated CIS AWS Foundations Benchmark Report
You can find the updated CIS AWS Foundations Benchmark report in the Alert Logic console:
- Click the navigation menu () > Validate.
- Click Reports, and then click Compliance.
- Under CIS AWS Benchmark, click VIEW.
- Click CIS AWS Foundations Benchmark.
- Use the Deployment and Section filters to refine the results in the report.
Note: It may take up to 24 hours after you update the IAM Role policy to present complete results in the report. Refer to CIS AWS Foundation Benchmark report.
Comments
0 comments
Please sign in to leave a comment.