CIS AWS Benchmark v1.4.0 - AWS Audit Manager

CIS AWS Benchmark v1.4.0

AWS Audit Manager provides two prebuilt standard frameworks that support the Center for Internet Security (CIS) AWS Foundations Benchmark v1.4.0.

Note

What is the CIS AWS Benchmark?

The CIS AWS Benchmark v1.4.0 provides prescriptive guidance for configuring security options for a subset of Amazon Web Services. It has an emphasis on foundational, testable, and architecture agnostic settings. Some of the specific Amazon Web Services in scope for this document include the following:

  • AWS Identity and Access Management (IAM)

  • IAM Access Analyzer

  • AWS Config

  • AWS CloudTrail

  • Amazon CloudWatch

  • Amazon Simple Notification Service (Amazon SNS)

  • Amazon Simple Storage Service (Amazon S3)

  • Amazon Elastic Compute Cloud (Amazon EC2)

  • Amazon Relational Database Service (Amazon RDS)

  • Amazon Virtual Private Cloud

Difference between CIS Benchmarks and CIS Controls

The CIS Benchmarks are security best practice guidelines that are specific to vendor products. Ranging from operating systems to cloud services and networks devices, the settings that are applied from a benchmark protect the systems that are being used. The CIS Controls are foundational best practice guidelines for your organization to follow to help protect from known cyberattack vectors.

Examples
  • CIS Benchmarks are prescriptive. They typically reference a specific setting that can be reviewed and set in the vendor product.

    Example: CIS AWS Benchmark v1.3.0 - Ensure MFA is enabled for the "root user" account

    This recommendation provides prescriptive guidance on how to check for this and how to set this on the root account for the AWS environment.

  • CIS Controls are for your organization as a whole, and aren't specific to only one vendor product.

    Example: CIS v7.1 - Use Multi-Factor Authentication for All Administrative Access

    This control describes what's expected to be applied within your organization. However, it doesn't describe how to apply it for the systems and workloads that you're running, regardless of where they are.

Using these frameworks to support your audit preparation

You can use the CIS AWS Benchmark v1.4.0 frameworks in AWS Audit Manager to help you prepare for CIS audits. You can also customize these frameworks and their controls to support internal audits with specific requirements.

Using the frameworks as a starting point, you can create an Audit Manager assessment and start collecting evidence that’s relevant for your audit. After you create an assessment, Audit Manager starts to assess your AWS resources. It does this based on the controls that are defined in the CIS framework. When it's time for an audit, you—or a delegate of your choice—can review the evidence that Audit Manager collected. Either, you can browse the evidence folders in your assessment and choose which evidence you want to include in your assessment report. Or, if you enabled evidence finder, you can search for specific evidence and export it in CSV format, or create an assessment report from your search results. Either way, you can use this assessment report to show that your controls are working as intended.

The framework details are as follows:

Framework name in AWS Audit Manager Number of automated controls Number of manual controls Number of control sets
Center for Internet Security (CIS) Amazon Web Services (AWS) Benchmark v1.4.0, Level 1 32 6 5

Center for Internet Security (CIS) Amazon Web Services (AWS) Benchmark v1.4.0, Level 1 and 2

50 8 5
Tip

To review a list of the AWS Config rules that are used as data source mappings for these standard frameworks, download the following files:

The controls in these frameworks aren't intended to verify if your systems are compliant with the CIS AWS Benchmark v1.4.0. Moreover, they can't guarantee that you'll pass a CIS audit. AWS Audit Manager doesn't automatically check procedural controls that require manual evidence collection.

You can find these frameworks under the Standard frameworks tab of the framework library in Audit Manager.

Next steps

For instructions on how to create an assessment using these frameworks, see Creating an assessment in AWS Audit Manager.

For instructions on how to customize these frameworks to support your specific requirements, see Making an editable copy of an existing framework in AWS Audit Manager.

Additional resources