Comments (2)
akobara
commented on September 16, 2024
You need to specify the controls to disable as they appear in the standard.
For NIST Special Publication 800-53 Revision 5,
Config.1 should be CM-3 CM-6 CM-8
For CIS Foundations Benchmark v1.4.0,
Config.1 is "3.5" (and the quotation marks are required)
You can find those IDs next to the standard in the according user guides:
e.g. https://docs.aws.amazon.com/securityhub/latest/userguide/config-controls.html
from landing-zone-accelerator-on-aws.
frankscalzo
commented on September 16, 2024
@akobara seems overly complex i am better off using the policy and not using LZA at this point because if im reading you right
to remove cloudtrail.5 i would have to add all these in
- AC-2(4)
- AC-4(26)
- AC-6(9)
- AU-10
- AU-12
- AU-2
- AU-3
- AU-6(1)
- AU-6(3)
- AU-6(4)
- AU-6(5)
- AU-7(1)
- CA-7
- SC-7(9)
- SI-20
- SI-3(8)
- SI-4(20)
- SI-4(5)
- SI-7(8)
from landing-zone-accelerator-on-aws.
Related Issues (20)
- Network-Association error when deploying third party firewall
- Enable AWS SSM Quick Setup in Organization Config
- CodeBuild operational notification 29 August 2024 HOT 1
- Native support for a TLS Inspection Configuration class in the network-config.yaml file HOT 1
- Native support to supply a TLS Inspection Configuration ARN to a property of the NfwFirewallPolicyConfig Class NfwFirewallPolicyConfig HOT 1
- https://registry.yarnpkg.com/ return empty JSON and causing Build stage to fail
- LZA Validator : Detect duplicate named resources
- feat: Add option to auto-deploy from S3
- feat: Provide inital IAM IC user
- bug: Accounts pipeline often times out
- bug: Build doesn't detect version correctly HOT 5
- feat: Manage GuardDuty Lambda protection
- feat: Manage GuardDuty RDS protection
- feat: Bump JS SDK to v3
- Use existing configuration with S3 instead of CodeCommit within LZA CloudFormation installer template HOT 2
- Clarity on opt-in regions for individual account
- bug: LZA Validator is stuck? HOT 1
- Prepare Stage Fails with Control Tower launch issues
- Secret created for the break-glass user does not use CMK and is not rotated
- feat: Support for transit gateway peering to external/non-LZA transit gateways HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from landing-zone-accelerator-on-aws.