Recent Changes to AWS Compliance Audits

Summary

In order to bring the audit more in-line with the guidance in the CIS benchmark, the 3.x section of the Level 1 and Level 2 CIS Amazon Web Services Foundations audits have been refactored. This section deals with how monitoring of the AWS environment should be configured. As a result of this refactoring, a number of variables have been added to the audit configuration to allow for specifying the metric names for metric filter alarms, and to specify which SNS endpoint ARN the metric alarms are subscribed to.

Impact

Customers will need to update the variable values in the scan setup to match their AWS environment.

Compliance Plugins

• 72426 - Amazon AWS Compliance Checks

Compliance Benchmarks

• CIS Amazon Web Services Foundations L1 1.2.0
• CIS Amazon Web Services Foundations L2 1.2.0

Target Release Date

8 April 2020

Additional Notes:

Results from scans run using the previous audit version may differ from results using the updated audits. We suggest that users test these updated audits be in their  environment to understand the differing results they may see.

__________________________________

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.