New CIS Amazon Web Services Foundations Benchmark v3.0.0

Summary

Customers can now utilize the CIS Amazon Web Services Foundations Benchmark v3.0.0 in Tenable Cloud Security as well as within all products that support Audits. Both offerings have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. This benchmark is the latest revision for services and configurations that CIS has determined to be foundational to the core security of AWS products. Several examples of the services included are:

The following have been updated to either add new automation steps, or renumbered as a result of recommendations being removed as they were no longer relevant:

• 2.4.1 Ensure that encryption is enabled for EFS file systems
• 3.3 Ensure AWS Config is enabled in all regions
• 3.4 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
• 3.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.6 Ensure rotation for customer-created symmetric CMKs is enabled
• 3.7 Ensure VPC flow logging is enabled in all VPCs
• 3.8 Ensure that Object-level logging for write events is enabled for S3 bucket
• 3.9 Ensure that Object-level logging for read events is enabled for S3 bucket

Audits

CIS Amazon Web Services Foundations L1 3.0.0

CIS Amazon Web Services Foundations L2 3.0.0

Target Release Date

The recommendations in this benchmark are available now and can be found in the Compliance section of Tenable Cloud Security as well as on the audits portal.