ntroducing CloudYali.io's latest feature: Security Compliance Checks for CIS AWS Foundations Benchmark 1.4.0 and AWS Foundational Security Best Practices framework.

We are thrilled to announce that our cloud visibility platform is now offering security compliance checks for CIS AWS Foundations Benchmark 1.4.0 and AWS Foundational Security Best Practices framework. This new feature is designed to help you in various roles, including DevOps, Cloud Security Engineers, and CIOs, gain better visibility into your AWS resource inventory and security compliance.

One of the key benefits of this new feature is that it allows you to easily identify and address any security vulnerabilities in your AWS environment. These security rules are evaluated continuously and violations are detected and reported. These conformance checks are evaluated across multiple AWS accounts and all AWS regions. By automating security compliance checks, you can quickly identify areas that need attention and take action to remediate any issues. This can help to reduce the risk of security breaches and protect sensitive data.

The new security compliance checks for CIS AWS Foundations Benchmark 1.4.0 controls and AWS Foundational Security Best Practices framework are based on industry best practices and guidelines. CIS AWS Foundations Benchmark 1.4.0 controls are a set of security best practices developed by the Center for Internet Security (CIS) to help organizations protect their AWS environments. AWS Foundational Best Practices framework is a set of guidelines developed by AWS to help customers secure their environments. By aligning with these industry best practices and guidelines, you can be confident that your AWS environment is secure and compliant.

In addition, our new feature also includes a dashboard for inventory and security controls. This provides a clear and easy-to-use interface for you to view and manage AWS resources and security compliance. The dashboard allows you to quickly view the status of resources, including any security vulnerabilities and compliance issues. It also allows them to drill down into specific resources to see more detailed information and take action as needed.

Additionally, the dashboard provides filters for violation results based on various criteria such as AWS Account ID, AWS Region, AWS Resource type, Security rule, and Severity.

Security Compliance Dashboard

Scenario: Identifying Security Violations Across Multiple AWS accounts and regions

The AWS Security Compliance feature can be used to monitor security violations across multiple AWS accounts and regions. In this scenario, we will demonstrate how the feature helps identify security violations across multiple AWS accounts and regions.

Step 1: Log in to the CloudYali platform and navigate to the AWS Security Compliance dashboard.

Step 2: In the dashboard, filter the results by AWS region and select the regions that need to be monitored for security violations. Additionally, select any specific AWS resource types. In this example we have selected AWS::EC2::NetworkAcl (NACL) and AWS::KMS::Key resource type in AWS Region us-east-1 (N. Virginia).


Step 3: Review the security violations detected in the selected regions. In this scenario, we have detected a few security violation related to the rotation of KMS Keys and Network ACL (NACLs) ingress that do not meet the requirements of the AWS CIS Benchmark.

Step 4: Click on the security violation to view the details of the violation. The details will provide information about the rule that has been violated, the resource that was affected, and the severity of the violation.

Failed Resources List

Step 5: View a specific resource details in Resource Inventory tab. In this case, customer KMS key is not enabled for rotation.

Resource Details

At CloudYali, we are committed to providing our users with the latest and most effective security solutions. Our new AWS Security Compliance feature is just one example of our dedication to this goal, and we are confident that it will be a valuable addition to our users' toolkits.

If you have any questions about our new feature, or if you would like to learn more about CloudYali's security solutions, please don't hesitate to contact us at support@cloudyali.io

About Author

CloudYali Team
CloudYali Team

More Reads