Alert Logic® is excited to announce that Alert Logic Cloud Insight™ Essentials has been certified by the Center for Internet Security (CIS) for Amazon Web Services (AWS) Foundations Benchmark.
CIS is a globally recognized security organization with a mission to identify, develop, validate, promote and sustain best practice solutions for cyber defense. The CIS AWS Foundations Benchmark is a set of guidelines from industry security experts that go beyond high-level security guidance for AWS by providing step-by-step implementation and assessment procedures to remove any guesswork on how to secure your AWS accounts.
With this announcement, several new features have been introduced that allow you to assess your AWS environment against the CIS AWS Foundations Benchmark. These features include:
- New configuration checks that support both Level 1 and Level 2 of the CIS AWS Foundations Benchmark
- Step-by-step remediation guidance for the AWS Management Console and AWS command line interface (CLI) to resolve configuration settings that do not meet the foundations benchmark
- New CIS Benchmarks report that shows you every Amazon Resource Name (ARN) and whether they are compliant or not for each new configuration check
- New Remediation filters that allow you to easily search for remediations that only apply to the CIS AWS Foundations Benchmark
- Updated IAM policy with the appropriate rights to assess your account against the new configuration checks
To take advantage of these new features, simply update the IAM policy by following the steps outlined in Update Your IAM Policy for Cloud Insight or Cloud Insight Essentials.
New IAM Policy Permissions
To assess your AWS account against the new CIS configuration checks, several permissions have been added to the IAM policies for Cloud Insight and Cloud Insight Essentials.
These allow Cloud Insight to perform configuration checks related to CloudTrail.
These allow Cloud Insight to perform configuration checks related to Config.
Cost and Usage Report
This allows Cloud Insight to perform configuration checks related to Cost and Usage Report.
These allow Cloud Insight to perform configuration checks related to KMS. Note: These permissions do not allow Cloud Insight to access encryption keys or other sensitive data stored in KMS.
These allow Cloud Insight to perform configuration checks related to SNS.
These allow Cloud Insight to perform configuration checks related to tags.
If you have any questions about these new features, please post them in the Cloud Insight Essentials Community.