AWS Foundational Security Best Practices

GPTKB entity

Statements (58)
Predicate Object
gptkbp:instanceOf crypt
gptkbp:appliesTo AWS resources
AWS accounts
gptkbp:complianceFramework gptkb:CIS_AWS_Foundations_Benchmark
gptkb:NIST_SP_800-53
gptkbp:controls data protection
identity and access management
incident response
infrastructure security
logging and monitoring
Enable multi-factor authentication (MFA) for root account
Enable AWS Config
Enable AWS Config rules
Enable AWS Shield Advanced
Enable AWS WAF
Enable CloudFront logging
Enable CloudTrail in all regions
Enable CloudTrail log file validation
Enable EC2 instance termination protection
Enable ECR image scanning
Enable GuardDuty
Enable IAM role trust policy validation
Enable KMS key rotation
Enable Lambda function logging
Enable RDS encryption
Enable S3 Block Public Access
Enable S3 MFA delete
Enable S3 access logging
Enable S3 bucket logging
Enable S3 bucket ownership controls
Enable S3 bucket policy enforcement
Enable S3 bucket replication
Enable S3 default encryption
Enable S3 object lock
Enable S3 versioning
Enable VPC endpoint policies
Enable VPC flow logs
Enable automatic software updates
Enable password policy for IAM users
Encrypt EBS volumes
Ensure CloudTrail is enabled
Restrict public access to S3 buckets
Restrict security group rules
Rotate IAM access keys regularly
Enable CloudWatch alarms for unauthorized API calls
gptkbp:documentation AWS documentation website
gptkbp:enables automated security checks
https://www.w3.org/2000/01/rdf-schema#label AWS Foundational Security Best Practices
gptkbp:integratesWith gptkb:AWS_Security_Hub
gptkbp:provides security controls
gptkbp:publishedBy gptkb:Amazon_Web_Services
gptkbp:purpose improve security posture
identify security risks
gptkbp:updated periodically
gptkbp:usedBy AWS customers
gptkbp:bfsParent gptkb:AWS_Security_Hub
gptkb:Security_Hub
gptkbp:bfsLayer 6