Tables of control metadata - AWS Control Tower
AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED AWS-GR_AUDIT_BUCKET_RETENTION_POLICY AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS AWS-GR_DISALLOW_CROSS_REGION_NETWORKING AWS-GR_DISALLOW_VPC_INTERNET_ACCESS AWS-GR_DISALLOW_VPN_CONNECTIONS AWS-GR_DMS_REPLICATION_NOT_PUBLIC AWS-GR_EBS_OPTIMIZED_INSTANCE AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP AWS-GR_EC2_VOLUME_INUSE_CHECK AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS AWS-GR_ELASTICSEARCH_IN_VPC_ONLY AWS-GR_EMR_MASTER_NO_PUBLIC_IP AWS-GR_ENCRYPTED_VOLUMES AWS-GR_IAM_USER_MFA_ENABLED AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED AWS-GR_RDS_STORAGE_ENCRYPTED AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK AWS-GR_REGION_DENY AWS-GR_RESTRICTED_COMMON_PORTS AWS-GR_RESTRICTED_SSH AWS-GR_RESTRICT_ROOT_USER AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA AWS-GR_ROOT_ACCOUNT_MFA_ENABLED AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED AWS-GR_S3_VERSIONING_ENABLED AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS AWS-GR_SSM_DOCUMENT_NOT_PUBLIC AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED CT.ACM.PR.1 CT.APIGATEWAY.PR.1 CT.APIGATEWAY.PR.2 CT.APIGATEWAY.PR.3 CT.APIGATEWAY.PR.4 CT.APIGATEWAY.PR.5 CT.APIGATEWAY.PR.6 CT.APPSYNC.PR.1 CT.APPSYNC.PR.2 CT.APPSYNC.PR.3 CT.APPSYNC.PR.4 CT.APPSYNC.PR.5 CT.APPSYNC.PV.1 CT.ATHENA.PR.2 CT.AUTOSCALING.PR.1 CT.AUTOSCALING.PR.10 CT.AUTOSCALING.PR.11 CT.AUTOSCALING.PR.2 CT.AUTOSCALING.PR.4 CT.AUTOSCALING.PR.5 CT.AUTOSCALING.PR.6 CT.AUTOSCALING.PR.8 CT.AUTOSCALING.PR.9 CT.CLOUDFORMATION.PR.1 CT.CLOUDFRONT.PR.1 CT.CLOUDFRONT.PR.10 CT.CLOUDFRONT.PR.11 CT.CLOUDFRONT.PR.2 CT.CLOUDFRONT.PR.3 CT.CLOUDFRONT.PR.4 CT.CLOUDFRONT.PR.5 CT.CLOUDFRONT.PR.6 CT.CLOUDFRONT.PR.7 CT.CLOUDFRONT.PR.8 CT.CLOUDFRONT.PR.9 CT.CLOUDTRAIL.PR.1 CT.CLOUDTRAIL.PR.2 CT.CLOUDTRAIL.PR.3 CT.CLOUDTRAIL.PR.4 CT.CLOUDWATCH.PR.1 CT.CLOUDWATCH.PR.2 CT.CLOUDWATCH.PR.3 CT.CLOUDWATCH.PR.4 CT.CODEBUILD.PR.1 CT.CODEBUILD.PR.2 CT.CODEBUILD.PR.3 CT.CODEBUILD.PR.5 CT.CODEBUILD.PR.6 CT.DAX.PR.1 CT.DAX.PR.2 CT.DAX.PR.3 CT.DMS.PR.1 CT.DMS.PR.2 CT.DOCUMENTDB.PR.1 CT.DOCUMENTDB.PR.2 CT.DYNAMODB.PR.1 CT.DYNAMODB.PR.2 CT.EC2.PR.1 CT.EC2.PR.10 CT.EC2.PR.11 CT.EC2.PR.12 CT.EC2.PR.13 CT.EC2.PR.14 CT.EC2.PR.15 CT.EC2.PR.16 CT.EC2.PR.17 CT.EC2.PR.18 CT.EC2.PR.19 CT.EC2.PR.2 CT.EC2.PR.20 CT.EC2.PR.3 CT.EC2.PR.4 CT.EC2.PR.5 CT.EC2.PR.6 CT.EC2.PR.7 CT.EC2.PR.8 CT.EC2.PR.9 CT.EC2.PV.1 CT.EC2.PV.2 CT.EC2.PV.3 CT.EC2.PV.4 CT.EC2.PV.5 CT.EC2.PV.6 CT.ECR.PR.1 CT.ECR.PR.2 CT.ECR.PR.3 CT.ECS.PR.1 CT.ECS.PR.10 CT.ECS.PR.11 CT.ECS.PR.12 CT.ECS.PR.2 CT.ECS.PR.3 CT.ECS.PR.4 CT.ECS.PR.5 CT.ECS.PR.6 CT.ECS.PR.7 CT.ECS.PR.8 CT.ECS.PR.9 CT.EKS.PR.1 CT.EKS.PR.2 CT.ELASTICACHE.PR.1 CT.ELASTICACHE.PR.2 CT.ELASTICACHE.PR.3 CT.ELASTICACHE.PR.4 CT.ELASTICACHE.PR.5 CT.ELASTICACHE.PR.6 CT.ELASTICACHE.PR.7 CT.ELASTICACHE.PR.8 CT.ELASTICBEANSTALK.PR.1 CT.ELASTICBEANSTALK.PR.2 CT.ELASTICBEANSTALK.PR.3 CT.ELASTICFILESYSYSTEM.PR.1 CT.ELASTICFILESYSYSTEM.PR.2 CT.ELASTICFILESYSYSTEM.PR.3 CT.ELASTICFILESYSYSTEM.PR.4 CT.ELASTICLOADBALANCING.PR.1 CT.ELASTICLOADBALANCING.PR.10 CT.ELASTICLOADBALANCING.PR.11 CT.ELASTICLOADBALANCING.PR.12 CT.ELASTICLOADBALANCING.PR.13 CT.ELASTICLOADBALANCING.PR.14 CT.ELASTICLOADBALANCING.PR.15 CT.ELASTICLOADBALANCING.PR.2 CT.ELASTICLOADBALANCING.PR.3 CT.ELASTICLOADBALANCING.PR.4 CT.ELASTICLOADBALANCING.PR.5 CT.ELASTICLOADBALANCING.PR.6 CT.ELASTICLOADBALANCING.PR.7 CT.ELASTICLOADBALANCING.PR.8 CT.ELASTICLOADBALANCING.PR.9 CT.EMR.PR.1 CT.EMR.PR.2 CT.EMR.PR.3 CT.EMR.PR.4 CT.GLUE.PR.1 CT.GUARDDUTY.PR.1 CT.IAM.PR.1 CT.IAM.PR.2 CT.IAM.PR.3 CT.IAM.PR.4 CT.IAM.PR.5 CT.KINESIS.PR.1 CT.KMS.PR.1 CT.KMS.PR.2 CT.KMS.PR.3 CT.KMS.PV.1 CT.KMS.PV.2 CT.KMS.PV.3 CT.KMS.PV.4 CT.KMS.PV.5 CT.KMS.PV.6 CT.LAMBDA.PR.2 CT.LAMBDA.PR.3 CT.LAMBDA.PR.4 CT.LAMBDA.PR.5 CT.LAMBDA.PR.6 CT.LAMBDA.PV.1 CT.LAMBDA.PV.2 CT.MQ.PR.1 CT.MQ.PR.2 CT.MSK.PR.1 CT.MSK.PR.2 CT.MULTISERVICE.PV.1 CT.NEPTUNE.PR.1 CT.NEPTUNE.PR.2 CT.NEPTUNE.PR.3 CT.NEPTUNE.PR.4 CT.NEPTUNE.PR.5 CT.NETWORK-FIREWALL.PR.1 CT.NETWORK-FIREWALL.PR.2 CT.NETWORK-FIREWALL.PR.3 CT.NETWORK-FIREWALL.PR.4 CT.NETWORK-FIREWALL.PR.5 CT.OPENSEARCH.PR.1 CT.OPENSEARCH.PR.10 CT.OPENSEARCH.PR.11 CT.OPENSEARCH.PR.12 CT.OPENSEARCH.PR.13 CT.OPENSEARCH.PR.14 CT.OPENSEARCH.PR.15 CT.OPENSEARCH.PR.16 CT.OPENSEARCH.PR.2 CT.OPENSEARCH.PR.3 CT.OPENSEARCH.PR.4 CT.OPENSEARCH.PR.5 CT.OPENSEARCH.PR.6 CT.OPENSEARCH.PR.7 CT.OPENSEARCH.PR.8 CT.OPENSEARCH.PR.9 CT.RDS.PR.1 CT.RDS.PR.10 CT.RDS.PR.11 CT.RDS.PR.12 CT.RDS.PR.13 CT.RDS.PR.14 CT.RDS.PR.15 CT.RDS.PR.16 CT.RDS.PR.17 CT.RDS.PR.18 CT.RDS.PR.19 CT.RDS.PR.2 CT.RDS.PR.20 CT.RDS.PR.21 CT.RDS.PR.22 CT.RDS.PR.23 CT.RDS.PR.24 CT.RDS.PR.25 CT.RDS.PR.26 CT.RDS.PR.27 CT.RDS.PR.28 CT.RDS.PR.29 CT.RDS.PR.3 CT.RDS.PR.30 CT.RDS.PR.4 CT.RDS.PR.5 CT.RDS.PR.6 CT.RDS.PR.7 CT.RDS.PR.8 CT.RDS.PR.9 CT.REDSHIFT.PR.1 CT.REDSHIFT.PR.2 CT.REDSHIFT.PR.3 CT.REDSHIFT.PR.4 CT.REDSHIFT.PR.5 CT.REDSHIFT.PR.6 CT.REDSHIFT.PR.7 CT.REDSHIFT.PR.8 CT.REDSHIFT.PR.9 CT.S3.PR.1 CT.S3.PR.10 CT.S3.PR.11 CT.S3.PR.12 CT.S3.PR.2 CT.S3.PR.3 CT.S3.PR.4 CT.S3.PR.5 CT.S3.PR.6 CT.S3.PR.8 CT.S3.PR.9 CT.SAGEMAKER.PR.1 CT.SAGEMAKER.PR.2 CT.SAGEMAKER.PR.3 CT.SQS.PR.1 CT.SQS.PR.2 CT.STEPFUNCTIONS.PR.1 CT.STEPFUNCTIONS.PR.2 CT.WAF-REGIONAL.PR.1 CT.WAF-REGIONAL.PR.2 CT.WAF.PR.1 CT.WAF.PR.2 CT.WAFV2.PR.1 CT.WAFV2.PR.2 SH.ACM.1 SH.ACM.2 SH.APIGateway.1 SH.APIGateway.2 SH.APIGateway.3 SH.APIGateway.4 SH.APIGateway.5 SH.APIGateway.8 SH.APIGateway.9 SH.Account.1 SH.AppSync.5 SH.AutoScaling.1 SH.AutoScaling.2 SH.AutoScaling.3 SH.AutoScaling.6 SH.AutoScaling.9 SH.Autoscaling.5 SH.CloudTrail.1 SH.CloudTrail.2 SH.CloudTrail.4 SH.CloudTrail.5 SH.CloudTrail.6 SH.CodeBuild.1 SH.CodeBuild.2 SH.CodeBuild.3 SH.CodeBuild.4 SH.DMS.1 SH.DMS.9 SH.DocumentDB.3 SH.DynamoDB.1 SH.DynamoDB.2 SH.DynamoDB.3 SH.EC2.1 SH.EC2.10 SH.EC2.15 SH.EC2.16 SH.EC2.17 SH.EC2.18 SH.EC2.19 SH.EC2.2 SH.EC2.20 SH.EC2.21 SH.EC2.22 SH.EC2.23 SH.EC2.25 SH.EC2.3 SH.EC2.4 SH.EC2.6 SH.EC2.7 SH.EC2.8 SH.EC2.9 SH.ECR.1 SH.ECR.2 SH.ECR.3 SH.ECS.1 SH.ECS.10 SH.ECS.12 SH.ECS.2 SH.ECS.3 SH.ECS.4 SH.ECS.5 SH.ECS.8 SH.EFS.1 SH.EFS.2 SH.EFS.3 SH.EFS.4 SH.EKS.1 SH.EKS.2 SH.ELB.10 SH.ELB.12 SH.ELB.13 SH.ELB.14 SH.ELB.2 SH.ELB.3 SH.ELB.4 SH.ELB.5 SH.ELB.6 SH.ELB.7 SH.ELB.8 SH.ELB.9 SH.ELBv2.1 SH.EMR.1 SH.ES.1 SH.ES.2 SH.ES.3 SH.ES.4 SH.ES.5 SH.ES.6 SH.ES.7 SH.ES.8 SH.ElastiCache.3 SH.ElastiCache.4 SH.ElastiCache.5 SH.ElastiCache.6 SH.ElasticBeanstalk.1 SH.ElasticBeanstalk.2 SH.EventBridge.3 SH.GuardDuty.1 SH.IAM.1 SH.IAM.2 SH.IAM.21 SH.IAM.3 SH.IAM.4 SH.IAM.5 SH.IAM.6 SH.IAM.7 SH.IAM.8 SH.KMS.1 SH.KMS.2 SH.KMS.3 SH.KMS.4 SH.Kinesis.1 SH.Lambda.1 SH.Lambda.2 SH.Lambda.3 SH.Lambda.5 SH.MQ.5 SH.MQ.6 SH.MSK.1 SH.Neptune.1 SH.Neptune.2 SH.Neptune.3 SH.Neptune.4 SH.Neptune.5 SH.Neptune.6 SH.Neptune.7 SH.Neptune.8 SH.NetworkFirewall.3 SH.NetworkFirewall.4 SH.NetworkFirewall.5 SH.NetworkFirewall.6 SH.Opensearch.1 SH.Opensearch.2 SH.Opensearch.3 SH.Opensearch.4 SH.Opensearch.5 SH.Opensearch.6 SH.Opensearch.7 SH.Opensearch.8 SH.RDS.1 SH.RDS.10 SH.RDS.11 SH.RDS.12 SH.RDS.13 SH.RDS.15 SH.RDS.17 SH.RDS.18 SH.RDS.19 SH.RDS.2 SH.RDS.20 SH.RDS.21 SH.RDS.22 SH.RDS.23 SH.RDS.25 SH.RDS.27 SH.RDS.3 SH.RDS.4 SH.RDS.5 SH.RDS.6 SH.RDS.8 SH.RDS.9 SH.Redshift.1 SH.Redshift.10 SH.Redshift.2 SH.Redshift.4 SH.Redshift.6 SH.Redshift.7 SH.Redshift.8 SH.Redshift.9 SH.S3.1 SH.S3.10 SH.S3.11 SH.S3.12 SH.S3.13 SH.S3.17 SH.S3.2 SH.S3.3 SH.S3.5 SH.S3.6 SH.S3.8 SH.S3.9 SH.SQS.1 SH.SSM.1 SH.SSM.2 SH.SSM.3 SH.SSM.4 SH.SageMaker.1 SH.SageMaker.2 SH.SageMaker.3 SH.SecretsManager.1 SH.SecretsManager.2 SH.SecretsManager.3 SH.SecretsManager.4 SH.WAF.10 SH.WAF.2 SH.WAF.3 SH.WAF.4

Tables of control metadata

This section contains tables that show the metadata for controls. Remember that each control has a unique API identifier for each Region in which AWS Control Tower is available. When you are working with the control APIs, provide the identifier for the Region in which you are making the API call.

Last updated May 23, 2024.

AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED
  • CIS AWS Benchmark 1.4 2.1.1

  • NIST 800-53 Rev 5 AU-9

  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SC-7(10)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 10.5

  • PCI DSS version 3.2.1 10.5.2

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 3.4

  • PCI DSS version 3.2.1 8.2.1

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_AUDIT_BUCKET_ENCRYPTION_ENABLED

AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED
  • CIS AWS Benchmark 1.4 3.6

  • NIST 800-53 Rev 5 AC-2(4)

  • NIST 800-53 Rev 5 AC-4(26)

  • NIST 800-53 Rev 5 AC-6(9)

  • NIST 800-53 Rev 5 AU-10

  • NIST 800-53 Rev 5 AU-12

  • NIST 800-53 Rev 5 AU-2

  • NIST 800-53 Rev 5 AU-3

  • NIST 800-53 Rev 5 AU-6(3)

  • NIST 800-53 Rev 5 AU-6(4)

  • NIST 800-53 Rev 5 CA-7

  • NIST 800-53 Rev 5 SC-7(9)

  • NIST 800-53 Rev 5 SI-3(8)

  • NIST 800-53 Rev 5 SI-4(20)

  • NIST 800-53 Rev 5 SI-7(8)

  • PCI DSS version 3.2.1 10.1

  • PCI DSS version 3.2.1 10.2.1

  • PCI DSS version 3.2.1 10.2.3

  • PCI DSS version 3.2.1 10.2.4

  • PCI DSS version 3.2.1 10.3.1

  • PCI DSS version 3.2.1 2.2

  • Establish logging and monitoring

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_AUDIT_BUCKET_LOGGING_ENABLED

AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED
  • NIST 800-53 Rev 5 CM-2

  • NIST 800-53 Rev 5 CM-2(2)

  • NIST 800-53 Rev 5 CM-3

  • NIST 800-53 Rev 5 CM-3(8)

  • NIST 800-53 Rev 5 SA-8(19)

  • Protect data integrity

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_AUDIT_BUCKET_POLICY_CHANGES_PROHIBITED

AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_AUDIT_BUCKET_RETENTION_POLICY
  • NIST 800-53 Rev 5 SI-12

  • Improve resiliency

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_AUDIT_BUCKET_RETENTION_POLICY

AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS
  • NIST 800-53 Rev 5 AC-2(4)

  • NIST 800-53 Rev 5 AC-4(26)

  • NIST 800-53 Rev 5 AC-6(9)

  • NIST 800-53 Rev 5 AU-10

  • NIST 800-53 Rev 5 AU-12

  • NIST 800-53 Rev 5 AU-14(1)

  • NIST 800-53 Rev 5 AU-2

  • NIST 800-53 Rev 5 AU-3

  • NIST 800-53 Rev 5 AU-6(3)

  • NIST 800-53 Rev 5 AU-6(4)

  • NIST 800-53 Rev 5 AU-9

  • NIST 800-53 Rev 5 CA-7

  • NIST 800-53 Rev 5 SA-8(22)

  • NIST 800-53 Rev 5 SC-7(9)

  • NIST 800-53 Rev 5 SI-3(8)

  • NIST 800-53 Rev 5 SI-4(20)

  • NIST 800-53 Rev 5 SI-7(8)

  • PCI DSS version 3.2.1 10.1

  • PCI DSS version 3.2.1 10.2.1

  • PCI DSS version 3.2.1 10.2.2

  • PCI DSS version 3.2.1 10.2.3

  • PCI DSS version 3.2.1 10.2.4

  • PCI DSS version 3.2.1 10.2.5

  • PCI DSS version 3.2.1 10.2.6

  • PCI DSS version 3.2.1 10.2.7

  • PCI DSS version 3.2.1 10.3.1

  • PCI DSS version 3.2.1 10.3.2

  • PCI DSS version 3.2.1 10.3.3

  • PCI DSS version 3.2.1 10.3.4

  • PCI DSS version 3.2.1 10.3.5

  • PCI DSS version 3.2.1 10.3.6

  • PCI DSS version 3.2.1 10.5.3

  • PCI DSS version 3.2.1 10.5.4

  • Establish logging and monitoring

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_DETECT_CLOUDTRAIL_ENABLED_ON_MEMBER_ACCOUNTS

AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

None

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_DISALLOW_CROSS_REGION_NETWORKING

AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_DISALLOW_VPC_INTERNET_ACCESS
  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_DISALLOW_VPC_INTERNET_ACCESS

AWS-GR_DISALLOW_VPN_CONNECTIONS

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_DISALLOW_VPN_CONNECTIONS

None

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_DISALLOW_VPN_CONNECTIONS

AWS-GR_DMS_REPLICATION_NOT_PUBLIC

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_DMS_REPLICATION_NOT_PUBLIC
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_DMS_REPLICATION_NOT_PUBLIC

AWS-GR_EBS_OPTIMIZED_INSTANCE

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_EBS_OPTIMIZED_INSTANCE
  • NIST 800-53 Rev 5 CP-10

  • NIST 800-53 Rev 5 CP-9

  • NIST 800-53 Rev 5 SC-5(2)

  • Improve availability

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_EBS_OPTIMIZED_INSTANCE

AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • Enforce least privilege

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_EC2_INSTANCE_NO_PUBLIC_IP

AWS-GR_EC2_VOLUME_INUSE_CHECK

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_EC2_VOLUME_INUSE_CHECK
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-2

  • NIST 800-53 Rev 5 CM-2(2)

  • PCI DSS version 3.2.1 2.4

  • Optimize costs

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_EC2_VOLUME_INUSE_CHECK

AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_EKS_ENDPOINT_NO_PUBLIC_ACCESS

AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_ELASTICSEARCH_IN_VPC_ONLY
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_ELASTICSEARCH_IN_VPC_ONLY

AWS-GR_EMR_MASTER_NO_PUBLIC_IP

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_EMR_MASTER_NO_PUBLIC_IP
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_EMR_MASTER_NO_PUBLIC_IP

AWS-GR_ENCRYPTED_VOLUMES

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_ENCRYPTED_VOLUMES
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SC-7(10)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 3.4

  • PCI DSS version 3.2.1 8.2.1

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_ENCRYPTED_VOLUMES

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_ENCRYPTED_VOLUMES

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_ENCRYPTED_VOLUMES

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_ENCRYPTED_VOLUMES

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_ENCRYPTED_VOLUMES

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_ENCRYPTED_VOLUMES

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_ENCRYPTED_VOLUMES

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_ENCRYPTED_VOLUMES

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_ENCRYPTED_VOLUMES

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_ENCRYPTED_VOLUMES

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_ENCRYPTED_VOLUMES

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_ENCRYPTED_VOLUMES

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_ENCRYPTED_VOLUMES

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_ENCRYPTED_VOLUMES

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_ENCRYPTED_VOLUMES

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_ENCRYPTED_VOLUMES

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_ENCRYPTED_VOLUMES

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_ENCRYPTED_VOLUMES

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_ENCRYPTED_VOLUMES

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_ENCRYPTED_VOLUMES

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_ENCRYPTED_VOLUMES

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_ENCRYPTED_VOLUMES

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_ENCRYPTED_VOLUMES

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_ENCRYPTED_VOLUMES

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_ENCRYPTED_VOLUMES

AWS-GR_IAM_USER_MFA_ENABLED

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_IAM_USER_MFA_ENABLED
  • NIST 800-53 Rev 5 AC-2(1)

  • NIST 800-53 Rev 5 AC-3(15)

  • NIST 800-53 Rev 5 IA-2(1)

  • NIST 800-53 Rev 5 IA-2(2)

  • NIST 800-53 Rev 5 IA-2(6)

  • NIST 800-53 Rev 5 IA-2(8)

  • PCI DSS version 3.2.1 8.3.1

  • PCI DSS version 3.2.1 8.3.2

  • PCI DSS version 3.2.1 8.6

  • Enforce least privilege

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_IAM_USER_MFA_ENABLED

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_IAM_USER_MFA_ENABLED

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_IAM_USER_MFA_ENABLED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_IAM_USER_MFA_ENABLED

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_IAM_USER_MFA_ENABLED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_IAM_USER_MFA_ENABLED

AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS
  • CIS AWS Benchmark 1.4 1.10

  • NIST 800-53 Rev 5 AC-2(1)

  • NIST 800-53 Rev 5 AC-3(15)

  • NIST 800-53 Rev 5 IA-2(1)

  • NIST 800-53 Rev 5 IA-2(2)

  • NIST 800-53 Rev 5 IA-2(6)

  • NIST 800-53 Rev 5 IA-2(8)

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 8.3.1

  • PCI DSS version 3.2.1 8.3.2

  • PCI DSS version 3.2.1 8.6

  • Enforce least privilege

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW
  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 CM-7

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(4)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_NO_UNRESTRICTED_ROUTE_TO_IGW

AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

AWS-GR_RDS_STORAGE_ENCRYPTED

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_RDS_STORAGE_ENCRYPTED
  • CIS AWS Benchmark 1.4 2.3.1

  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SC-7(10)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 3.4

  • PCI DSS version 3.2.1 8.2.1

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_RDS_STORAGE_ENCRYPTED

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_RDS_STORAGE_ENCRYPTED

AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

AWS-GR_REGION_DENY

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_REGION_DENY
  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 7.2.1

  • Protect configurations

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_REGION_DENY

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_REGION_DENY

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_REGION_DENY

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_REGION_DENY

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_REGION_DENY

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_REGION_DENY

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_REGION_DENY

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_REGION_DENY

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_REGION_DENY

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_REGION_DENY

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_REGION_DENY

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_REGION_DENY

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_REGION_DENY

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_REGION_DENY

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_REGION_DENY

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_REGION_DENY

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_REGION_DENY

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_REGION_DENY

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_REGION_DENY

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_REGION_DENY

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_REGION_DENY

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_REGION_DENY

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_REGION_DENY

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_REGION_DENY

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_REGION_DENY

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_REGION_DENY

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_REGION_DENY

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_REGION_DENY

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_REGION_DENY

AWS-GR_RESTRICTED_COMMON_PORTS

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_RESTRICTED_COMMON_PORTS
  • CIS AWS Benchmark 1.4 5.2

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-2

  • NIST 800-53 Rev 5 CM-2(2)

  • NIST 800-53 Rev 5 CM-7

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(5)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_RESTRICTED_COMMON_PORTS

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_RESTRICTED_COMMON_PORTS

AWS-GR_RESTRICTED_SSH

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_RESTRICTED_SSH
  • CIS AWS Benchmark 1.4 5.2

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 CM-7

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(5)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_RESTRICTED_SSH

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_RESTRICTED_SSH

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_RESTRICTED_SSH

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_RESTRICTED_SSH

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_RESTRICTED_SSH

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_RESTRICTED_SSH

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_RESTRICTED_SSH

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_RESTRICTED_SSH

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_RESTRICTED_SSH

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_RESTRICTED_SSH

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_RESTRICTED_SSH

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_RESTRICTED_SSH

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_RESTRICTED_SSH

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_RESTRICTED_SSH

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_RESTRICTED_SSH

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_RESTRICTED_SSH

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_RESTRICTED_SSH

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_RESTRICTED_SSH

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_RESTRICTED_SSH

AWS-GR_RESTRICT_ROOT_USER

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_RESTRICT_ROOT_USER
  • NIST 800-53 Rev 5 AC-2(1)

  • NIST 800-53 Rev 5 AC-3(15)

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 AC-6(10)

  • NIST 800-53 Rev 5 AC-6(2)

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 7.1.1

  • PCI DSS version 3.2.1 7.1.2

  • PCI DSS version 3.2.1 7.2.1

  • PCI DSS version 3.2.1 7.2.2

  • PCI DSS version 3.2.1 8.1.1

  • Enforce least privilege

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_RESTRICT_ROOT_USER

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_RESTRICT_ROOT_USER

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_RESTRICT_ROOT_USER

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_RESTRICT_ROOT_USER

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_RESTRICT_ROOT_USER

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_RESTRICT_ROOT_USER

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_RESTRICT_ROOT_USER

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_RESTRICT_ROOT_USER

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_RESTRICT_ROOT_USER

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_RESTRICT_ROOT_USER

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_RESTRICT_ROOT_USER

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_RESTRICT_ROOT_USER

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_RESTRICT_ROOT_USER

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_RESTRICT_ROOT_USER

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_RESTRICT_ROOT_USER

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_RESTRICT_ROOT_USER

AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS
  • CIS AWS Benchmark 1.4 1.4

  • NIST 800-53 Rev 5 AC-2(1)

  • NIST 800-53 Rev 5 AC-3(15)

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 AC-6(10)

  • NIST 800-53 Rev 5 AC-6(2)

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 7.1.1

  • PCI DSS version 3.2.1 7.1.2

  • PCI DSS version 3.2.1 7.2.1

  • PCI DSS version 3.2.1 7.2.2

  • PCI DSS version 3.2.1 8.1.1

  • Enforce least privilege

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_RESTRICT_ROOT_USER_ACCESS_KEYS

AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION
  • NIST 800-53 Rev 5 CM-2

  • NIST 800-53 Rev 5 CM-2(2)

  • NIST 800-53 Rev 5 CM-3

  • NIST 800-53 Rev 5 CM-3(8)

  • NIST 800-53 Rev 5 SA-8(19)

  • Improve resiliency

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_RESTRICT_S3_CROSS_REGION_REPLICATION

AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA
  • CIS AWS Benchmark 1.4 2.1.3

  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-2

  • NIST 800-53 Rev 5 CM-2(2)

  • NIST 800-53 Rev 5 CM-3

  • NIST 800-53 Rev 5 SC-5(2)

  • NIST 800-53 Rev 5 SI-12

  • PCI DSS version 3.2.1 2.2

  • Protect data integrity

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_RESTRICT_S3_DELETE_WITHOUT_MFA

AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_ROOT_ACCOUNT_MFA_ENABLED
  • CIS AWS Benchmark 1.4 1.5

  • NIST 800-53 Rev 5 AC-2(1)

  • NIST 800-53 Rev 5 AC-3(15)

  • NIST 800-53 Rev 5 IA-2(1)

  • NIST 800-53 Rev 5 IA-2(2)

  • NIST 800-53 Rev 5 IA-2(6)

  • NIST 800-53 Rev 5 IA-2(8)

  • PCI DSS version 3.2.1 2.1

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 8.3.1

  • PCI DSS version 3.2.1 8.3.2

  • Enforce least privilege

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_ROOT_ACCOUNT_MFA_ENABLED

AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC
  • CIS AWS Benchmark 1.4 2.1.5

  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 2.2.2

  • Enforce least privilege

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC

AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED
  • CIS AWS Benchmark 1.4 3.3

  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 2.2.2

  • Enforce least privilege

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_S3_BUCKET_PUBLIC_READ_PROHIBITED

AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED
  • CIS AWS Benchmark 1.4 3.3

  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 2.2.2

  • Enforce least privilege

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

AWS-GR_S3_VERSIONING_ENABLED

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_S3_VERSIONING_ENABLED
  • CIS AWS Benchmark 1.4 2.1.3

  • NIST 800-53 Rev 5 AU-9(2)

  • NIST 800-53 Rev 5 CP-10

  • NIST 800-53 Rev 5 CP-6

  • NIST 800-53 Rev 5 CP-6(1)

  • NIST 800-53 Rev 5 CP-6(2)

  • NIST 800-53 Rev 5 CP-9

  • NIST 800-53 Rev 5 SC-5(2)

  • NIST 800-53 Rev 5 SI-12

  • NIST 800-53 Rev 5 SI-13(5)

  • PCI DSS version 3.2.1 10.5.5

  • Optimize costs

  • Improve availability

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_S3_VERSIONING_ENABLED

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_S3_VERSIONING_ENABLED

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_S3_VERSIONING_ENABLED

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_S3_VERSIONING_ENABLED

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_S3_VERSIONING_ENABLED

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_S3_VERSIONING_ENABLED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_S3_VERSIONING_ENABLED

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_S3_VERSIONING_ENABLED

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_S3_VERSIONING_ENABLED

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_S3_VERSIONING_ENABLED

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_S3_VERSIONING_ENABLED

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_S3_VERSIONING_ENABLED

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_S3_VERSIONING_ENABLED

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_S3_VERSIONING_ENABLED

AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_SSM_DOCUMENT_NOT_PUBLIC
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_SSM_DOCUMENT_NOT_PUBLIC

AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

Control identifier Framework Control objective Control API identifiers, by Region
AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Canada (Central) arn:aws:controltower:ca-central-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Europe (London) arn:aws:controltower:eu-west-2::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/AWS-GR_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED

CT.ACM.PR.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.ACM.PR.1

None

  • Protect configurations

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/CWIZNCRIHXMW

  • US East (Ohio) arn:aws:controltower:us-east-2::control/SOEEZVLQQMBP

  • US West (Oregon) arn:aws:controltower:us-west-2::control/RLCUCIOSPRZN

  • Canada (Central) arn:aws:controltower:ca-central-1::control/CKCKTGLVEKYB

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/OTJFGEEQXKHE

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/JHLOZPXDFZLZ

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/EFGFCKDLGVOR

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/RMPGJNTOZYED

  • Europe (London) arn:aws:controltower:eu-west-2::control/TMHLCRNZFYCN

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/XJPCVFFVVNLH

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/YSLZGQSFAAGK

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/ZYLCIKKLJKLN

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/XFRRFFLMUBDQ

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/DEOJHGUDMVVV

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/MHGHBXOCHYCS

  • US West (N. California) arn:aws:controltower:us-west-1::control/OGGUGDZQUZYR

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/DIUHEHAUSSPQ

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/IYXOFXBXLMGS

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/PFBKTWXIMMIV

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AJYPIRPBHBRU

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/ZELXXBEFAIZK

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/MJAMNXHSTERV

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AIMLPTHSIIAM

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/JSJTOIBKUZXR

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/CDFRPKVAAEBA

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/PUXHXGEXNZWU

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/CDPBPPYWQXFU

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/UTGLXCQDISMW

CT.APIGATEWAY.PR.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.APIGATEWAY.PR.1
  • NIST 800-53 Rev 5 AC-4(26)

  • NIST 800-53 Rev 5 AU-10

  • NIST 800-53 Rev 5 AU-12

  • NIST 800-53 Rev 5 AU-2

  • NIST 800-53 Rev 5 AU-3

  • NIST 800-53 Rev 5 AU-6(3)

  • NIST 800-53 Rev 5 AU-6(4)

  • NIST 800-53 Rev 5 CA-7

  • NIST 800-53 Rev 5 SC-7(9)

  • NIST 800-53 Rev 5 SI-7(8)

  • PCI DSS version 3.2.1 10.1

  • PCI DSS version 3.2.1 10.2.1

  • PCI DSS version 3.2.1 10.2.4

  • PCI DSS version 3.2.1 10.2.7

  • PCI DSS version 3.2.1 10.3.1

  • PCI DSS version 3.2.1 10.3.2

  • PCI DSS version 3.2.1 10.3.3

  • PCI DSS version 3.2.1 10.3.4

  • PCI DSS version 3.2.1 10.3.5

  • PCI DSS version 3.2.1 10.3.6

  • Establish logging and monitoring

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/THVNUTMFZVUS

  • US East (Ohio) arn:aws:controltower:us-east-2::control/XRIIZCMYLTPU

  • US West (Oregon) arn:aws:controltower:us-west-2::control/SKIBWKYUQAAC

  • Canada (Central) arn:aws:controltower:ca-central-1::control/EUYZNAPVCUUS

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/MGCUKHLRUHGP

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/QFZCLBSXXBKM

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/XHEVQAZTSEAZ

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/KBXFFJCCXCCZ

  • Europe (London) arn:aws:controltower:eu-west-2::control/VLFAZTXPNOXB

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/RPLZIVLHUEVE

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/OWNNOAXIDVKF

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/ASAMDCSLJXZV

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/ETKWXIYCRYUF

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/VJLLSIZIUQRW

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/XGXELVOLINOS

  • US West (N. California) arn:aws:controltower:us-west-1::control/ASCJCHWUCXDE

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/HQJNVXOQEKEX

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/CBCSCTURQXDP

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/SQJBDNVUHOVM

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/EKDIMRUQZBUI

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/BRXRBWLDNNXE

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/CKGLZQHZKKZO

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AWEXQRIWWTYU

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/IOPQNYUJZKFP

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/SVYVSCZDWYQP

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/ZKNNHMHVZWCV

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/WSEWTPYUNKIZ

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AOHBBOHVYOXC

CT.APIGATEWAY.PR.2

Control identifier Framework Control objective Control API identifiers, by Region
CT.APIGATEWAY.PR.2
  • NIST 800-53 Rev 5 CA-7

  • PCI DSS version 3.2.1 10.1

  • PCI DSS version 3.2.1 10.2.1

  • PCI DSS version 3.2.1 10.2.4

  • PCI DSS version 3.2.1 10.2.7

  • PCI DSS version 3.2.1 10.3.1

  • PCI DSS version 3.2.1 10.3.2

  • PCI DSS version 3.2.1 10.3.3

  • PCI DSS version 3.2.1 10.3.4

  • PCI DSS version 3.2.1 10.3.5

  • PCI DSS version 3.2.1 10.3.6

  • Establish logging and monitoring

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/EHSOKSSMVFWF

  • US East (Ohio) arn:aws:controltower:us-east-2::control/MQXZJKMXOREU

  • US West (Oregon) arn:aws:controltower:us-west-2::control/XAZHJTQBXMLM

  • Canada (Central) arn:aws:controltower:ca-central-1::control/RPOXLFOSAVOI

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/EAPHSJQRHZUB

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/IFWWBITJQWQO

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/PEIQUNSHAALC

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/WEFXKWWQELZP

  • Europe (London) arn:aws:controltower:eu-west-2::control/EDQVHSOAJDDX

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/JZXXPWRFZLER

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/YVJSVPYRBSBH

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/BMGEYEHCOBBU

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/XSDRGBMLIVBR

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/GUYFEHMSFWNE

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/MQDMDGQZLEEB

  • US West (N. California) arn:aws:controltower:us-west-1::control/WITVQTILCFXZ

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/KAUPNLFAXLZW

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/EGXWMKYDFRSK

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/SXPSZGLUEEZH

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/MWDNBKQDCNCE

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/YCKXUGJPJJVQ

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/BMPTRRAHQMJC

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/BZHXNKANLSRP

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/MRKDCBADGMTL

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/KDXSGIXBAPZU

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/WUVYCWRIERYH

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/IWHRGFEHFWYR

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/CPRJZNHSLXQO

CT.APIGATEWAY.PR.3

Control identifier Framework Control objective Control API identifiers, by Region
CT.APIGATEWAY.PR.3
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SC-7(10)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 3.4

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/FIMWSVKNFANN

  • US East (Ohio) arn:aws:controltower:us-east-2::control/DZDLWPOKGTPI

  • US West (Oregon) arn:aws:controltower:us-west-2::control/ELALMJSUVZGW

  • Canada (Central) arn:aws:controltower:ca-central-1::control/XXKODHBWTZTZ

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/NGDIEPXBGZNX

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/ESHXZMSBZXKE

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/TAYPGUHJACMN

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/DDAUQMQWAFBZ

  • Europe (London) arn:aws:controltower:eu-west-2::control/BBWEHVVZVYOL

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/MQGSDYXVDOAD

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/HEBRXKGJORFL

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/NBLSRDRBDJXO

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/FGGPHPWIRFWB

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/QSKRUWXUNEUH

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/EISQVHJSJDWH

  • US West (N. California) arn:aws:controltower:us-west-1::control/KSZKAGOPPWPH

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/NLXAPQRKPIYU

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/TRNOXUPEBWOO

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/CDPDATWIGGUH

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/KCSNFBWRTAXT

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/ILKACTDDSJMT

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/LJZPLSKCPFIT

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/PEZSUQGJPLXV

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/BRRZGXLVBEXS

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/MYDVOFUAZSBV

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/DNUEOQSFWTRD

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/PTRXVPJHHFKP

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/JSVPQLCSVWLG

CT.APIGATEWAY.PR.4

Control identifier Framework Control objective Control API identifiers, by Region
CT.APIGATEWAY.PR.4
  • NIST 800-53 Rev 5 AC-4(26)

  • NIST 800-53 Rev 5 AU-10

  • NIST 800-53 Rev 5 AU-12

  • NIST 800-53 Rev 5 AU-2

  • NIST 800-53 Rev 5 AU-3

  • NIST 800-53 Rev 5 AU-6(3)

  • NIST 800-53 Rev 5 AU-6(4)

  • NIST 800-53 Rev 5 CA-7

  • NIST 800-53 Rev 5 SC-7(9)

  • NIST 800-53 Rev 5 SI-7(8)

  • PCI DSS version 3.2.1 10.1

  • PCI DSS version 3.2.1 10.2.1

  • PCI DSS version 3.2.1 10.2.4

  • PCI DSS version 3.2.1 10.2.7

  • PCI DSS version 3.2.1 10.3.1

  • PCI DSS version 3.2.1 10.3.2

  • PCI DSS version 3.2.1 10.3.3

  • PCI DSS version 3.2.1 10.3.4

  • PCI DSS version 3.2.1 10.3.5

  • PCI DSS version 3.2.1 10.3.6

  • Establish logging and monitoring

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/CSLQUIKVRGVG

  • US East (Ohio) arn:aws:controltower:us-east-2::control/ZZRGCTUQTBPU

  • US West (Oregon) arn:aws:controltower:us-west-2::control/CQKSRVXTWTEC

  • Canada (Central) arn:aws:controltower:ca-central-1::control/WDEOZRYGKEQK

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/WUQUVNLUXDQU

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/KHGSJQSDYFLH

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/HWAUYOESYCQT

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/VECSKJBMFGMM

  • Europe (London) arn:aws:controltower:eu-west-2::control/FADFVQHALJXO

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/HHQMBNTKLTOG

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/YRNSAXOGSJSY

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/MULDPLOTLRAJ

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/QSCLQQFNJQXE

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/OOIWAZTWKKPE

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/YLMPPINWZYZY

  • US West (N. California) arn:aws:controltower:us-west-1::control/ITPBHOOWRJGI

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/KNVAYHZACOEU

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/BOOKWYPOXMTQ

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/FAGHQEVLPXRL

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/IYMXHZIOFYDY

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/LODJMMSVEOMN

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/KCIFTRLVLAAP

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/LSFQOWIWAFSL

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/PWAHYUHVUMYA

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/XDLQVFGAZWOU

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/VXYNUKKTZXGE

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/WGYBRYLPERPA

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/GDMZARUABRDK

CT.APIGATEWAY.PR.5

Control identifier Framework Control objective Control API identifiers, by Region
CT.APIGATEWAY.PR.5
  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 CM-2

  • NIST 800-53 Rev 5 CM-2(2)

  • PCI DSS version 3.2.1 7.1.1

  • PCI DSS version 3.2.1 7.2.1

  • PCI DSS version 3.2.1 7.2.2

  • Use strong authentication

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/YNAHJMRFSATY

  • US East (Ohio) arn:aws:controltower:us-east-2::control/KRLMXVLLTUAN

  • US West (Oregon) arn:aws:controltower:us-west-2::control/QSEYQKHHJZQO

  • Canada (Central) arn:aws:controltower:ca-central-1::control/NMHBYPLKKHGT

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/RBLHXKSFLKZA

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/FXZEDHLSFKXJ

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/UQCQWSUFRSVB

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AKVOXJCRARVM

  • Europe (London) arn:aws:controltower:eu-west-2::control/YYOCPBGNDCOQ

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/BVSVXEMRTBNG

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/UXJBMYYQDHMX

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/RFIFJOHVLBAB

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/UKYEADDRMENU

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/JNGATIWVCCYS

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/ZHWUFJCAJBDB

  • US West (N. California) arn:aws:controltower:us-west-1::control/YHRHPQEAQQFX

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/EGRYMABJBFUD

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/PAPTPLXSKUJL

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/GVUDUCUXKDLN

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/BROASONAOUZH

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/WSNSTKYGKFUC

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/HLDJVPJJOPEY

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/EFKJPLZIUAII

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/WHSNEETRFEHL

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/ATODWGOMZUCX

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/EOXAVTBQIHIE

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/ILMJIBFINEQK

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/XOIJWVLCCYTU

CT.APIGATEWAY.PR.6

Control identifier Framework Control objective Control API identifiers, by Region
CT.APIGATEWAY.PR.6
  • NIST 800-53 Rev 5 AC-17(2)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 IA-5(1)

  • NIST 800-53 Rev 5 SC-12(3)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-23

  • NIST 800-53 Rev 5 SC-23(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-8

  • NIST 800-53 Rev 5 SC-8(1)

  • NIST 800-53 Rev 5 SC-8(2)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 2.3

  • PCI DSS version 3.2.1 4.1

  • PCI DSS version 3.2.1 8.2.1

  • Encrypt data in transit

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/LEGXJUSWUBYG

  • US East (Ohio) arn:aws:controltower:us-east-2::control/GCVCIFYYIDDI

  • US West (Oregon) arn:aws:controltower:us-west-2::control/ZHTQTRRJWMVV

  • Canada (Central) arn:aws:controltower:ca-central-1::control/OTRRYHQQAPMY

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/NGYIOYBYJLXL

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/HKKDWUFJIPOW

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/ZWRTQAVLHFEX

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/GODRTVCQLFRW

  • Europe (London) arn:aws:controltower:eu-west-2::control/GDUDQJEAZOYB

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/VOAFRPAPOKKZ

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/FYRZEYAUDCMX

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/KUTDOXVOKANL

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/MQYPRRNUCSOT

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/FTMJQQMLWIID

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/PRKHFLPAUJQS

  • US West (N. California) arn:aws:controltower:us-west-1::control/ZBNWFGFGNOLW

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/BOFKPQACPDVG

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/QDOMOGKGWUOB

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/GRMWXCQOGMBQ

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/JMBKFYKXNRRY

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/TVZMDZVNREUD

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/HZBRLLFMKYLT

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/NOWTBXQMFZOI

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/FXSQWOABYYRI

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/HDUPSFYARAKE

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/STHZPVSVPASX

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/MUHJMIOUYMPR

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/ECADNMFRQVPH

CT.APPSYNC.PR.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.APPSYNC.PR.1
  • NIST 800-53 Rev 5 AC-4(26)

  • NIST 800-53 Rev 5 AU-10

  • NIST 800-53 Rev 5 AU-12

  • NIST 800-53 Rev 5 AU-2

  • NIST 800-53 Rev 5 AU-3

  • NIST 800-53 Rev 5 AU-6(3)

  • NIST 800-53 Rev 5 AU-6(4)

  • NIST 800-53 Rev 5 CA-7

  • NIST 800-53 Rev 5 SC-7(9)

  • NIST 800-53 Rev 5 SI-7(8)

  • PCI DSS version 3.2.1 10.1

  • PCI DSS version 3.2.1 10.3.1

  • PCI DSS version 3.2.1 10.3.2

  • PCI DSS version 3.2.1 10.3.3

  • PCI DSS version 3.2.1 10.3.4

  • PCI DSS version 3.2.1 10.3.5

  • PCI DSS version 3.2.1 10.3.6

  • Establish logging and monitoring

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/ECXYQKUETWKC

  • US East (Ohio) arn:aws:controltower:us-east-2::control/BCZEGAHHZSII

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AJBUYRGFMZAE

  • Canada (Central) arn:aws:controltower:ca-central-1::control/KRLWEXIIRJPA

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/VZIWINLZXVMA

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/SZSRSNLXOOXB

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/MTIRJIPWCKMX

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/CXUKMNSNXBOO

  • Europe (London) arn:aws:controltower:eu-west-2::control/RDKAXOQVBPSE

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/DLWGUVABSKGB

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/QHZRCUZCBFVR

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/CXEXLMCYDMPY

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/XRXGFZGEYPMV

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/QUFDDHHUWEED

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/KBRRHKUVKJIV

  • US West (N. California) arn:aws:controltower:us-west-1::control/NYHHSONNHIWM

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/BFEHJBXPOGJN

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/YVQNVHXOXYLS

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/TBPGNZBEDTST

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/WHCWMAHTSOPR

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/SIIOFVZPPRKF

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/ABNGUTRSLNDB

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/ORFYDUQFUMSG

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/VFNPSSMVRVNT

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/VTIFQREJYECJ

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/KHNUYYGINTJK

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/IXVVMUCTNMOM

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/NCDTANKPPSFX

CT.APPSYNC.PR.2

Control identifier Framework Control objective Control API identifiers, by Region
CT.APPSYNC.PR.2
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/YALQWSJIMFVU

  • US East (Ohio) arn:aws:controltower:us-east-2::control/IUACTSJITYIP

  • US West (Oregon) arn:aws:controltower:us-west-2::control/OJCFZINVIMTK

  • Canada (Central) arn:aws:controltower:ca-central-1::control/MDZMFQUIFJSZ

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/EPAPANCGHNLC

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/SQADHLZMBZJN

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/ZFMIUZRFIIDZ

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/KPCUMXFUZQWY

  • Europe (London) arn:aws:controltower:eu-west-2::control/WZDLWQSTOSVK

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/BLRXDIMFGOJQ

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/YZTDFULTHZAI

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/MMIBKBUMAXKX

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/BYDTAFCKTVON

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/KPJYMSGQUONE

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/CORISMGRVTBQ

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWCIAJRPMESS

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/FAZJYQKXZNZD

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/XLMCUHYROLCP

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/YMEIVNTGKVYF

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/JZUYXWPLLCYX

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/WRAJDIMQFJNZ

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/ZRBNZNZKFVSB

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/WGYORDBIOUGK

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/JJINXXJYEFGA

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/BMSDSLXZPINV

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/JXQTZKIXJRCC

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/EVXZSWWFVGMF

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/HJCSACGZAZKN

CT.APPSYNC.PR.3

Control identifier Framework Control objective Control API identifiers, by Region
CT.APPSYNC.PR.3
  • NIST 800-53 Rev 5 AC-2(1)

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(15)

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-6

  • PCI DSS version 3.2.1 7.1.1

  • PCI DSS version 3.2.1 7.2.1

  • PCI DSS version 3.2.1 7.2.2

  • Enforce least privilege

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/CDQLXCUGHCOY

  • US East (Ohio) arn:aws:controltower:us-east-2::control/MMGMSISTUNPH

  • US West (Oregon) arn:aws:controltower:us-west-2::control/MTXEWCQXZRSJ

  • Canada (Central) arn:aws:controltower:ca-central-1::control/GQJWEDLMDAWD

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/SZDKCLTUHPDS

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/VNCILGZEFDHS

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/LHJSAZIYQGBQ

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/ZCAGTBPRCATH

  • Europe (London) arn:aws:controltower:eu-west-2::control/SKVDXXAIZXAS

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/JNBFWDSXTTSQ

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/DSCBAAVLXJTA

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/DKAIJLHZEZFI

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/HXVOUTLHLMAS

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/NSUWZXLBBZGU

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/WQRXWMANRGTV

  • US West (N. California) arn:aws:controltower:us-west-1::control/PDCBBSRBGWCU

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/PARBBQZHXMYG

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/FRBNCATEBZVB

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/OCFAARZLCVUW

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/GEZDAESWIHAV

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/XXAMXNJJHIZX

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/VQTAYSFTYZWE

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/FXLRULXUOQOB

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/JBDXGSHRENLT

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/EQEGUFUDDQHJ

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/IKYKQMGGAKTZ

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/IDFSZUUIHHNO

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/TUDPSRDPJIPG

CT.APPSYNC.PR.4

Control identifier Framework Control objective Control API identifiers, by Region
CT.APPSYNC.PR.4
  • NIST 800-53 Rev 5 AC-17(2)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 IA-5(1)

  • NIST 800-53 Rev 5 SC-12(3)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-23

  • NIST 800-53 Rev 5 SC-23(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-8

  • NIST 800-53 Rev 5 SC-8(1)

  • NIST 800-53 Rev 5 SC-8(2)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 2.3

  • PCI DSS version 3.2.1 4.1

  • PCI DSS version 3.2.1 8.2.1

  • Encrypt data in transit

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/KXQLGHLTDUKA

  • US East (Ohio) arn:aws:controltower:us-east-2::control/PEPMJSRRAZXC

  • US West (Oregon) arn:aws:controltower:us-west-2::control/KPAZGUODKWRH

  • Canada (Central) arn:aws:controltower:ca-central-1::control/NAGLSYFOFCUE

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/QMIISENUKIZB

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/MSRCCHVLERDN

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/UPRFZBBAREAM

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/JEWJGQYDTBBV

  • Europe (London) arn:aws:controltower:eu-west-2::control/SAUCBCNEYIBQ

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/TITPSTZOQJEA

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/YBIIYQMKPBJC

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/IZCXFCDNHOEL

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/SKJIDSWEEBBR

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/VYCGKMZTLQBB

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/OWXHGWEYHXGT

  • US West (N. California) arn:aws:controltower:us-west-1::control/ZHBAGUQQVLKG

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/ADBIOOHVWILY

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/GZLYQHADQMAH

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/SLXXVXFLDWNV

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/IZKKJIXCHNGE

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/HXPDFHUHEAGX

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/NJNPPEGGGHUH

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/XCLYSHBAFVLP

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/AAQCADCUGNNZ

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/PBWZKZJTUYPE

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/CDKXWSFZGMII

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/JNWFIEANKNDM

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/KQAFEIDTVWYB

CT.APPSYNC.PR.5

Control identifier Framework Control objective Control API identifiers, by Region
CT.APPSYNC.PR.5
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SC-7(10)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 3.4

  • PCI DSS version 3.2.1 8.2.1

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/JSKWYPYNUFBV

  • US East (Ohio) arn:aws:controltower:us-east-2::control/RGSLGMUEQOXS

  • US West (Oregon) arn:aws:controltower:us-west-2::control/SNXQHRNUFTVT

  • Canada (Central) arn:aws:controltower:ca-central-1::control/FGRIEMDEJJCD

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/DUHLLHOUMSWK

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/MGQZMYVDXKJS

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/QBIHQJYGYUJQ

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/NNNDVOOEOQGB

  • Europe (London) arn:aws:controltower:eu-west-2::control/YHZYLRZMFPHO

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/JCAXXRBFBPDQ

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/LLJEFWBUEEMA

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/CXBGWZGMPXHM

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/JYPEKUMPXCUA

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/FHCEXHBWDKID

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/YKVSQPMKRYXL

  • US West (N. California) arn:aws:controltower:us-west-1::control/TWYHQJHYOHHK

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/PVJJZFMQQSPF

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/HBAZXGAUBONS

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/LWZZOXDNXPAK

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/PBFQTTVIAQLU

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/VQCMTFWZFESX

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/GUKFISUDEUYY

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/YQQNPDLXEBEC

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/MGKBZFZSNASR

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/BFVDRTHKJLKL

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/DLCUIJBZAGXG

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/QVSLVDIFAEBE

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/UWWOREONBQQJ

CT.APPSYNC.PV.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.APPSYNC.PV.1
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/GDWPOPDDUXNQ

  • US East (Ohio) arn:aws:controltower:us-east-2::control/CLWUEYFLOCEQ

  • US West (Oregon) arn:aws:controltower:us-west-2::control/QLTPISPJRIPE

  • Canada (Central) arn:aws:controltower:ca-central-1::control/XNSSRZIDASBO

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/GIEDWCIRISTE

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AXUBGPDVHUEE

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/NNVLEIVTNFHB

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/HJUTBNSBLFBB

  • Europe (London) arn:aws:controltower:eu-west-2::control/QTKUHWDNZXGO

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/XYERPUKVVRQX

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/OAYEUAAFUDDQ

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/ZVMZWNPPTITL

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/YNSQAMIIRMGX

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/FSUFJSWNSEOR

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/BVZNWLXUCMHK

  • US West (N. California) arn:aws:controltower:us-west-1::control/TMSFTWZRWSKG

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/JUWGYFFVXBGQ

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/DYSCGAATRAXF

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/RRJRZTMNIMKB

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/DSFMITDCAMSZ

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/VNLZALRQBJHO

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/VQLWSAXZPUIE

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/UROPEMZXDRTR

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/WRZPZVPZIXTG

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AMGWCNEXGLWL

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/XUCEXYLCFRYY

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/CAVGFRMHJJHO

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/YQEEAIPKXPEI

  • Canada West (Calgary) arn:aws:controltower:ca-west-1::control/TEYGHRDJVBWB

CT.ATHENA.PR.2

Control identifier Framework Control objective Control API identifiers, by Region
CT.ATHENA.PR.2
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SC-7(10)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 3.4

  • PCI DSS version 3.2.1 8.2.1

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/LNAASCWIYQWF

  • US East (Ohio) arn:aws:controltower:us-east-2::control/BNBFJQSJJIFX

  • US West (Oregon) arn:aws:controltower:us-west-2::control/FKFIKKLBQLRU

  • Canada (Central) arn:aws:controltower:ca-central-1::control/IAMMTTGPSEKX

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/UICXTPHIPSTT

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/XMSFGWXQSOWH

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/EADNJFRAYKUJ

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AZHMIHHETZDO

  • Europe (London) arn:aws:controltower:eu-west-2::control/PUSAPFIQCZNX

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/MPGNZBGWNFVS

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/XZSYTUYWCXPR

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/JPLEOSQGPVEV

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/KPLQRIMZGQFV

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/XXXDCQWYZWYF

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/ZETBPDEAOPXT

  • US West (N. California) arn:aws:controltower:us-west-1::control/VQPTJGDPPKXK

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/FSUYBVWAVPGK

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/ORRXHOXQUYOA

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/SVHRKRGSQYKT

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/REDTAGETRZSC

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/GXLVUGZWGPTI

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/DQSSCZSZUYSW

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/CBHKJDCZWOWR

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/UCHRTODUKKUV

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/URPFISNFLYYG

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/WPKKGXFEUSGM

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/CMPWKYVHAJYB

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/LBESPKJSMPZT

CT.AUTOSCALING.PR.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.AUTOSCALING.PR.1
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-2

  • NIST 800-53 Rev 5 CM-2(2)

  • NIST 800-53 Rev 5 CP-10

  • NIST 800-53 Rev 5 CP-2(2)

  • NIST 800-53 Rev 5 CP-6(2)

  • NIST 800-53 Rev 5 SC-36

  • NIST 800-53 Rev 5 SC-5(2)

  • NIST 800-53 Rev 5 SI-13(5)

  • PCI DSS version 3.2.1 2.2

  • Improve availability

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/LHUKYNEKRWTH

  • US East (Ohio) arn:aws:controltower:us-east-2::control/IBUFUPGANKZJ

  • US West (Oregon) arn:aws:controltower:us-west-2::control/KFRLNAHWVNDQ

  • Canada (Central) arn:aws:controltower:ca-central-1::control/SDBNXVSDHXFD

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/GUKAWPWOAMGJ

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/QYEYJCSWQXXD

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/LQQDNIWFNOQQ

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/MOLUIXBLTNNW

  • Europe (London) arn:aws:controltower:eu-west-2::control/YJQLIPRDBJSM

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/POOFLSRCMVHC

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/UWTJAKCQQDQS

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/FSXLENXSGMGD

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/UYJOBTDPHAIM

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/LURITYKMZLDH

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/DTNVACZLNIPM

  • US West (N. California) arn:aws:controltower:us-west-1::control/NCYEGHVMTPXX

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/EUMJCOCOQPZV

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/BXWJNMFCDYNN

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/MOPBPKZRKDTC

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/HDSPPVQSLZUA

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/LPDQXNXJOCUG

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/RFZEANHEBLOT

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/ISDBSSNARIHR

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/YUDNGTLYTVYU

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/BPGHYVYPPDUM

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/PMSUPKWKNJRZ

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/ZIIKRKCQBGWF

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/XQUOYYWUREYF

CT.AUTOSCALING.PR.10

Control identifier Framework Control objective Control API identifiers, by Region
CT.AUTOSCALING.PR.10
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-2

  • NIST 800-53 Rev 5 CM-2(2)

  • PCI DSS version 3.2.1 2.2

  • Protect data integrity

  • Enforce least privilege

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/MVJMDOPCHBBJ

  • US East (Ohio) arn:aws:controltower:us-east-2::control/DUYNJIVJYYES

  • US West (Oregon) arn:aws:controltower:us-west-2::control/KCPRFSJWXOGM

  • Canada (Central) arn:aws:controltower:ca-central-1::control/SNIFZDSHBSEQ

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/OISPUYEMXWDM

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/XHGVMBLNPPWK

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/NKCXAQTTDOFG

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/HMVEFWNHHUTX

  • Europe (London) arn:aws:controltower:eu-west-2::control/EETUIZAQWGAA

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/CYWGZFXYCWBH

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/LGTYDBJHKRWY

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/ZQNRMCZKOUAT

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/RBQYQGMSHNLF

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/XUXCKEHNSBOG

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/EVOJXTEIPZKN

  • US West (N. California) arn:aws:controltower:us-west-1::control/YTLCCWECZXYU

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/XIANJOZOITXH

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/HRADZAJMASBP

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/ZXFBYRTFQSEF

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/JKBGUGUPUXOH

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/XPMJUVGQRZQP

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/UEWBEZWBAFAT

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/QNSBUMGSEKRJ

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/SJHFPGSBNCCP

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/SVBZRUZEGMYE

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/XUABKDYXZWKI

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/SLDGWHPFIJKK

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/FXROTUVAFTOK

CT.AUTOSCALING.PR.11

Control identifier Framework Control objective Control API identifiers, by Region
CT.AUTOSCALING.PR.11
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-2

  • NIST 800-53 Rev 5 CM-2(2)

  • PCI DSS version 3.2.1 2.2

  • Encrypt data in transit

  • Protect data integrity

  • Enforce least privilege

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/OLRACLXUGWDA

  • US East (Ohio) arn:aws:controltower:us-east-2::control/DUAMDOAQRDMU

  • US West (Oregon) arn:aws:controltower:us-west-2::control/MPAFQHWVRUYV

  • Canada (Central) arn:aws:controltower:ca-central-1::control/CQVXMPTKZZLD

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/GRJULAQNDWZL

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/LTEZJRQBQQYX

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/RUTQHWVKEXOQ

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/CHBXZVZCTIBQ

  • Europe (London) arn:aws:controltower:eu-west-2::control/QKJIOLFNDGMR

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/QVZFLXUEKXMC

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/RZLFQWHTFKLX

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/BPRUTBOPITBZ

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/SBSPOYCVUQFI

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/HNIZWLRFKMZJ

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/YTWQBJWKZDXS

  • US West (N. California) arn:aws:controltower:us-west-1::control/ENFCDXVLDJME

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/NUZQYTYKBLMD

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/AIVKYADIWIXE

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/WVMBATXXQYGH

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/BYNSJFXOHCOC

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/ZJUKULWWSHEE

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/BHETJYCYYMGR

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/OFDKFLDYRGUH

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/PIJJPHEAASZC

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/LGAMIVPBSHQS

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/DMKZTXZXOCDV

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/JPXNUWHGCQAF

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/MCUARPNYQNRM

CT.AUTOSCALING.PR.2

Control identifier Framework Control objective Control API identifiers, by Region
CT.AUTOSCALING.PR.2
  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(15)

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-2

  • PCI DSS version 3.2.1 7.1.1

  • PCI DSS version 3.2.1 7.2.1

  • PCI DSS version 3.2.1 7.2.2

  • Protect configurations

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/GZBGBNOSJNHE

  • US East (Ohio) arn:aws:controltower:us-east-2::control/FIAZHJHSVVLM

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AJUNDFQNUTWW

  • Canada (Central) arn:aws:controltower:ca-central-1::control/ZRMHGMLRJGDN

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/FWWWWDZRSYOB

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/WASLCDWKGJBP

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/PKWPQZWUDPMC

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/UBAHWQGSLVPQ

  • Europe (London) arn:aws:controltower:eu-west-2::control/JZYHTBOMKDXG

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/WYHXVTOLLLXU

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/ZSFUPIZUKOLS

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/TBBXRAYTVDEK

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/DUPFUTISTCKO

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/RIBMFYNUIJWG

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/IJFUBJAPHSUS

  • US West (N. California) arn:aws:controltower:us-west-1::control/INKEXBGBWVPF

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/MREILTLELYSG

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/OKTFVJFNOEGH

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/EPLQWROCHULU

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/XEJSBBJIGSRI

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/PCOGZFZUZXPX

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/JATCUEWOCJQZ

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/NPETPABQDTNO

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/OCWPOVIYYTSL

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/XGADYEWUCJUE

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/PCDFZDMSEJKW

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/PYCZYCNDAYHZ

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/VAHIVVEVBWHB

CT.AUTOSCALING.PR.4

Control identifier Framework Control objective Control API identifiers, by Region
CT.AUTOSCALING.PR.4
  • NIST 800-53 Rev 5 CA-7

  • NIST 800-53 Rev 5 CP-2(2)

  • NIST 800-53 Rev 5 SI-2

  • PCI DSS version 3.2.1 2.2

  • Improve availability

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/UKYGXEVHJUTL

  • US East (Ohio) arn:aws:controltower:us-east-2::control/WMWBOCEROGJK

  • US West (Oregon) arn:aws:controltower:us-west-2::control/UEEYNVTGUBLF

  • Canada (Central) arn:aws:controltower:ca-central-1::control/VCDSRAZXDLZP

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/DIXWASPFNOFQ

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/WAVCCMIDCEXH

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/POLAIJLNEGQU

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/IYKSVEZZLTNF

  • Europe (London) arn:aws:controltower:eu-west-2::control/TJGWWGICHSES

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/NVNXTLBWMDUW

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/SOTBXAWRFPZB

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/ZFEOJGAMVVZT

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/WWETVQMUSGFB

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/HHTBCTOYPGHZ

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/MIHQDSUSOAVN

  • US West (N. California) arn:aws:controltower:us-west-1::control/ODABNVXWCCWN

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/XJPQIYKNHPPF

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/XVBYPLVRQXBC

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/ANKICWWVQKYV

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/BDAQOQKWQVIX

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/ZNILUGCQAIUQ

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/XCWLRKVTYWNJ

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/LCGLUULINWMJ

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/KPACOOSYZFZJ

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/EEEUVWSLNVLL

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/LPLVNKCQLVJF

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/CFRAAHZMNZLB

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/OJSMBFTLWYYY

CT.AUTOSCALING.PR.5

Control identifier Framework Control objective Control API identifiers, by Region
CT.AUTOSCALING.PR.5
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/GXOHAMKZZBEH

  • US East (Ohio) arn:aws:controltower:us-east-2::control/RHEYJDCZKXSD

  • US West (Oregon) arn:aws:controltower:us-west-2::control/IKGGRITHSTQX

  • Canada (Central) arn:aws:controltower:ca-central-1::control/CXHVXOATJHPY

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AQIXLPCCRQHS

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/THTGVEGTGXBO

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/GDYUPFOPBKQP

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/KICFAVQBOREF

  • Europe (London) arn:aws:controltower:eu-west-2::control/UPTNYPJYCVOW

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/CZLFMLNISVYS

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/YWRLTVCFEEXT

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/MOWUHFAOJRJY

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/RJDSVNZODQNV

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/IHWPSXMEXIFN

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/NPDLNLLZAFAC

  • US West (N. California) arn:aws:controltower:us-west-1::control/PKLTQMQWOKPC

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/ESHYEDTXWSUW

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/MFBWYIYZRDWU

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/FOSLERMMWGCQ

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/LZHHRTKSKBYG

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/YIJBLHBBQZVZ

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/HWYCVNKQJITZ

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/DZZROKPAXCYC

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/YJUEUNVOJKAO

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/HBCLYPOQKNIW

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/TQETCIZKIMIU

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/OGJVZSSMIDLA

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/IDGOEBRSQBUY

CT.AUTOSCALING.PR.6

Control identifier Framework Control objective Control API identifiers, by Region
CT.AUTOSCALING.PR.6
  • NIST 800-53 Rev 5 CP-10

  • NIST 800-53 Rev 5 CP-2(2)

  • NIST 800-53 Rev 5 CP-6(2)

  • NIST 800-53 Rev 5 SC-36

  • NIST 800-53 Rev 5 SC-5(2)

  • NIST 800-53 Rev 5 SI-13(5)

  • Improve availability

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/IMJNNSRJLUDS

  • US East (Ohio) arn:aws:controltower:us-east-2::control/SBFDHQUFTINU

  • US West (Oregon) arn:aws:controltower:us-west-2::control/XMQUOEMIYMAQ

  • Canada (Central) arn:aws:controltower:ca-central-1::control/KNWXLCUZBJPR

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/HYEMAFKYGEOG

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/JBGGLEZGYNNY

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/PFKPZDJXQARN

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/WMTUSTWLRDZO

  • Europe (London) arn:aws:controltower:eu-west-2::control/ZPCRFNLDIVTB

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/EQRHGKGNQNGX

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/OLNBKFLLQMBM

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/PALLYLIKPDOO

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/RIHZBJGCQNZN

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/VVHBDVAENCXM

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/RRGVMSFSHYVI

  • US West (N. California) arn:aws:controltower:us-west-1::control/VULHVTLCFHLY

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/EVLGNFFONEDR

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/RIAGHUSPABQY

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/BSHZJGOWIYAN

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/WTWCPKFEWPYK

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/NCNVPQRRQZRO

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/DWSDKOZNKSIN

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/QAQRWYEEZZGK

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/UGALPVVXQVQC

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/LEMBCAXJDJXF

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/NCSOESJIZPDJ

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/HLLQBYJSJHOV

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/EWEADHPWKAQO

CT.AUTOSCALING.PR.8

Control identifier Framework Control objective Control API identifiers, by Region
CT.AUTOSCALING.PR.8
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-2

  • NIST 800-53 Rev 5 CM-2(2)

  • PCI DSS version 3.2.1 2.2

  • Manage vulnerabilities

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/JAZMSKNXGBDD

  • US East (Ohio) arn:aws:controltower:us-east-2::control/CBEYLWICUQCE

  • US West (Oregon) arn:aws:controltower:us-west-2::control/PKAHSCIYKNJT

  • Canada (Central) arn:aws:controltower:ca-central-1::control/SUQITVFXSNAS

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/ZBBMSBCWHDJT

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/CTWWGOPBJZZV

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/USQMZZGHDRYN

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/YBNNIYMRBIYN

  • Europe (London) arn:aws:controltower:eu-west-2::control/ZYAHAGQKQTAU

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/JHZVIDCOFKWQ

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/JUIBGGNJBHVD

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/YZYBKZLRYPLJ

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/LIFOKTEDIUJG

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/DQVZDZGYRISN

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/GVXMKGJZQXQZ

  • US West (N. California) arn:aws:controltower:us-west-1::control/PISDHZLSRYXL

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/LMMGXHIXUJYZ

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/HFDQZKOIUTPA

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/UBFEQJTBFABY

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/YTPNKYLIYKVY

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/YVPFFBYVWOYU

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AEHEFPZQXLUW

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/SACRRCECVZND

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/QIRLBHLADKAB

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/PSRDUBINGKQS

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/DKHBSPQGATGW

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/FJYUYTKCFRPF

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/CVLVWHPNFDHV

CT.AUTOSCALING.PR.9

Control identifier Framework Control objective Control API identifiers, by Region
CT.AUTOSCALING.PR.9
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SC-7(10)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 3.4

  • PCI DSS version 3.2.1 8.2.1

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/RROOJIJVZTCD

  • US East (Ohio) arn:aws:controltower:us-east-2::control/ITCMHPPHFUUS

  • US West (Oregon) arn:aws:controltower:us-west-2::control/XAJKDEPPKMLS

  • Canada (Central) arn:aws:controltower:ca-central-1::control/GJMTGWEQYCFK

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/XCDSJCZAJAGY

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/MMTQYBWWZFEN

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/JQQDQQJXOGNO

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/XEPRSGZCLSZI

  • Europe (London) arn:aws:controltower:eu-west-2::control/UIHDQDEKPNFW

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/RUZQHTXLDRVI

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/PLFOJFSZJQRR

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/TXADDEAXHQJO

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/VNUBXQIEBAGA

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/EXRJITRPLSJJ

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/XOIVXLXSTMHC

  • US West (N. California) arn:aws:controltower:us-west-1::control/SHEBBMZWBBUF

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/XHMWNRXPSSEC

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/CRAVIZGSUZNW

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/SDWSYCVWCGEH

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/GMSBKMGNTIRU

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/PJFBBOZDWVXS

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/EPWSVXENIYJF

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/TGPNJGPMKKAF

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/VMYTQLGGELGN

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/HXLTCQISFQBE

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/PVJJTCCPQERK

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/SKRIPSOLCETA

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/YTUQPNAGTVUD

CT.CLOUDFORMATION.PR.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDFORMATION.PR.1

None

  • Protect configurations

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/WTDSMKDKDNLE

  • US East (Ohio) arn:aws:controltower:us-east-2::control/FMBVJTKQAEAE

  • US West (Oregon) arn:aws:controltower:us-west-2::control/DKKMAWVORGDV

  • Canada (Central) arn:aws:controltower:ca-central-1::control/OMCTIJOASMIZ

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/UHAFTVUQLBJQ

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/VQJENYWQLIKN

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/IEBSHSUWVLNW

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/XLSIRLRDKWVQ

  • Europe (London) arn:aws:controltower:eu-west-2::control/CPQMWUWNTTQN

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/RTHCFFNNCBIC

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/ZNYKRMJOMGMD

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/AZAYRJYXCXZR

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/TUJJPJIYTMNX

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/PXUHPQAIVTCU

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/QZWDNTRQVJKO

  • US West (N. California) arn:aws:controltower:us-west-1::control/KDYIRULEPEVX

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/TRDTWMRSUZAV

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/FZACIPKYOZWJ

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/BKGHDLNFOLGZ

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/QVSBUPSGUHVS

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/OBRUJGFHLWTL

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/RBUIYPEKFWAQ

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/XWTPZYNDKZAN

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/ZYKOUZYVAXVL

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/SUZUXRSEELFT

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/RTJYHAXOEEDY

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/YKZGVTHBPBQF

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/KCDBCIAYUXWT

CT.CLOUDFRONT.PR.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDFRONT.PR.1
  • NIST 800-53 Rev 5 AC-17(2)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 IA-5(1)

  • NIST 800-53 Rev 5 SC-12(3)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-23

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-8

  • NIST 800-53 Rev 5 SC-8(1)

  • NIST 800-53 Rev 5 SC-8(2)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.7

  • PCI DSS version 3.2.1 4.1

  • Protect configurations

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/XDNLXQXCMXXF

  • US East (Ohio) arn:aws:controltower:us-east-2::control/IQSRCUCSGFPK

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AVEFYTUYGGCS

  • Canada (Central) arn:aws:controltower:ca-central-1::control/TQHOWLDDEHMD

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/HGEUZPXSVDOS

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/PHMWMCANHKSW

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/ZWIHYGTQCIQA

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/UAUKDTHXFEXN

  • Europe (London) arn:aws:controltower:eu-west-2::control/KRZLJNJUOPAE

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/MYOOHWLVKUVG

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/JURDJLNESWGR

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/VBJDOHQSIIAX

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/XPNZKJLGPXQA

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/ITCBSOQOBUDP

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/XOWFTDERUYHD

  • US West (N. California) arn:aws:controltower:us-west-1::control/IWQIWQREBLHB

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/MKJZCQJTJTUU

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/TOOGKXNIZTGI

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/KFBJHZDCITRT

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/MLFOFPIEQPDK

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/ZKNGGEQJFJEW

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/RUGAOBODEZXQ

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/WWAUIVWORXWH

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/JSTHUABMXZDZ

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/WUYNTGJJUKNP

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/HATHJJWTNRTE

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/VQHIYFLOJLMC

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/AZRIXJRPZEGB

CT.CLOUDFRONT.PR.10

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDFRONT.PR.10
  • NIST 800-53 Rev 5 SC-7(11)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • Enforce least privilege

  • Protect configurations

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/MKKANNMZZHNU

  • US East (Ohio) arn:aws:controltower:us-east-2::control/WCTTAHVMYDLS

  • US West (Oregon) arn:aws:controltower:us-west-2::control/IJBYZPYEBBPL

  • Canada (Central) arn:aws:controltower:ca-central-1::control/EMBBJBOEZUXI

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/XSFJGHXKKXJQ

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/TJJCFOZERMMU

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/DPTTYLBMYLES

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/COJLJAOYFIIY

  • Europe (London) arn:aws:controltower:eu-west-2::control/EDDBQAMFSHML

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/KEBVYBUGDCJL

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/DPDNFOCWKPXR

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/YBHTLDHKEKFZ

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/RFCFGQXJZARA

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/JSCPKFBPTUFX

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/XHRXFSGXWPKZ

  • US West (N. California) arn:aws:controltower:us-west-1::control/GQNIWWFCXLMC

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/RMFPWFTBHEUW

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/RNEBJBKTWYNP

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/HPIJWRRRNZWV

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/ZSTTBVOTUCTJ

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/QOUFOYZMAHTP

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/CRMMYILUZFQR

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/KKJWKODDJAJZ

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/RIZVPUMYJKMF

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/UTNKPVFYDNWY

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/NCQFJEHLNVOL

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/NREUZZCXLORX

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/QLWFWMZSHUPD

CT.CLOUDFRONT.PR.11

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDFRONT.PR.11
  • NIST 800-53 Rev 5 AC-17(2)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 IA-5(1)

  • NIST 800-53 Rev 5 SC-12(3)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-23

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-8

  • NIST 800-53 Rev 5 SC-8(1)

  • NIST 800-53 Rev 5 SC-8(2)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 4.1

  • Manage vulnerabilities

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/JKSWKPYLWXBN

  • US East (Ohio) arn:aws:controltower:us-east-2::control/FRBHAAKLXVJQ

  • US West (Oregon) arn:aws:controltower:us-west-2::control/YXRLGXTHKYTZ

  • Canada (Central) arn:aws:controltower:ca-central-1::control/ROXOJWPKIJGJ

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/OLKKBIYGTTTV

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/PWKKNYCLONTW

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/OOIGLWNRDLBR

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/IAUDCMRWXWEY

  • Europe (London) arn:aws:controltower:eu-west-2::control/INVLKWIIXCUX

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/OEQBOVEXMMKR

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/LATRCFDQWVIN

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/ICESDVDPQUJI

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/HFHBNWIGHFMY

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/HAPUSNWOPEXI

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/RAYNZKHYBPAZ

  • US West (N. California) arn:aws:controltower:us-west-1::control/VDNOLOGKWONY

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/RKEOFHWPSMRG

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/EBMFFONQCPFD

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/VZFSUGKCIKSL

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/ACOALEKSQBVA

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/HYEDNWKAQEGW

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/MIPXRQLYILUE

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/FVQEUPCJHDGB

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/PDSOEASQXLDH

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/CAMAUZYMJOPH

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/MFLJBHYHDJZA

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/FTGLJNMLYHZT

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/CQEDLAWQDAEX

CT.CLOUDFRONT.PR.2

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDFRONT.PR.2
  • NIST 800-53 Rev 5 SC-7(11)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • Protect configurations

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/WPBVZXCJPXBZ

  • US East (Ohio) arn:aws:controltower:us-east-2::control/MLHMBKFPSZQT

  • US West (Oregon) arn:aws:controltower:us-west-2::control/UIWBDZNONLUD

  • Canada (Central) arn:aws:controltower:ca-central-1::control/RUMPJMCCNCJW

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/NMGEPJROACOH

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/JPIDQBIFWBWL

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/YIXCHURUJDBK

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/SPJYDXWVBVHQ

  • Europe (London) arn:aws:controltower:eu-west-2::control/TZHFMCSVNUQB

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AKXTQWFSQTVQ

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/SDPQNYINEQRA

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/IOOJYJOANCXR

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/BMFRHKRDLPYE

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/VTSPOJEHAKZN

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/PGPGHMEKOYTP

  • US West (N. California) arn:aws:controltower:us-west-1::control/SBRPUJEJCGTL

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/JYTOHOYSNLMB

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/SLGAANKAFEYA

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/HVMWXRCNFRDO

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/TOJRWDYHNNXG

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/JTUVGABKLAFE

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/SEODAVXUYYKF

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/ENWFNBADPKGV

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/XKAFLKSMRCTZ

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/HPURLNWRKJWL

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/KPXXRYKIBWCP

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/FIYDPNSPFBYH

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/HAXVFQCZVWMZ

CT.CLOUDFRONT.PR.3

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDFRONT.PR.3
  • NIST 800-53 Rev 5 AC-17(2)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 IA-5(1)

  • NIST 800-53 Rev 5 SC-12(3)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-23

  • NIST 800-53 Rev 5 SC-23(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-8

  • NIST 800-53 Rev 5 SC-8(1)

  • NIST 800-53 Rev 5 SC-8(2)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 4.1

  • Encrypt data in transit

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/KSCPLCGJKGHW

  • US East (Ohio) arn:aws:controltower:us-east-2::control/RFNNWXVMUBPQ

  • US West (Oregon) arn:aws:controltower:us-west-2::control/LHFZBEUHUBMH

  • Canada (Central) arn:aws:controltower:ca-central-1::control/YXRNFYZICBAZ

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/MCQETJVLFUOU

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/JLXONOZWHECI

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/OIWLNKZULIHF

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/AGJSNVMSVMZW

  • Europe (London) arn:aws:controltower:eu-west-2::control/GZSHUDGCTKTD

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/KFVEGDRDKNYI

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/OCRRDMBCTTPP

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/MKLFHIWIEWWR

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/TMYDUSKTAKBS

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/YDQTLQWZBPXO

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/LJBMFILEKDJH

  • US West (N. California) arn:aws:controltower:us-west-1::control/QSWVHIUPCHAN

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/DDVLBNVHGDUB

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/ISFZIBFIGEYE

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/YQYFXRCGOJVL

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/HPKHJFQXJAEV

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/EOVQXRLMTYED

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/SQZNZFSSBJQD

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AFQUJTLNZOZD

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/LRZZVKQUSKFK

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/CVMBTUQQJQVF

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/NJQTYERBVBJI

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/HICXKNXMCXCZ

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/TYWUXNEGBHGC

CT.CLOUDFRONT.PR.4

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDFRONT.PR.4
  • NIST 800-53 Rev 5 CP-10

  • NIST 800-53 Rev 5 SC-36

  • NIST 800-53 Rev 5 SC-5(2)

  • NIST 800-53 Rev 5 SI-13(5)

  • Improve availability

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/TTGXTDSTFUVR

  • US East (Ohio) arn:aws:controltower:us-east-2::control/BCDVICOTHADR

  • US West (Oregon) arn:aws:controltower:us-west-2::control/RFYXXYNURHWK

  • Canada (Central) arn:aws:controltower:ca-central-1::control/CXLHFJBBESPG

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/ELYJMXPJVKEI

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/RADLRUNIIXJV

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/PPDPQYKYCVQV

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/WJKMTILNPQPE

  • Europe (London) arn:aws:controltower:eu-west-2::control/LEHRPQBGFKSI

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/KLXWEEBCGMDJ

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/HPOIOKYDFMZE

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/GFFYUYUVPDKU

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/VOOZHGULFVBG

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/GWBOIBMAAVZC

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/LULEEVQWEQRC

  • US West (N. California) arn:aws:controltower:us-west-1::control/IUIGCLTOJBUC

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/WJKRCBQFHZMZ

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/IPCYTHQFAFNW

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/DOTFJQVJFLRM

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/OEGLEOAAPISR

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/VXRYQOGVHSUW

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/BSHPWYCFNNBE

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/LLUWIDQCLSLL

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/OMEWBMVICXJG

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/LEXJMWZMLIVI

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/WQIZCKKCSRXT

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/AGTDHGABOXNI

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/MVVSTRHVZWSC

CT.CLOUDFRONT.PR.5

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDFRONT.PR.5
  • NIST 800-53 Rev 5 AC-2(4)

  • NIST 800-53 Rev 5 AC-4(26)

  • NIST 800-53 Rev 5 AC-6(9)

  • NIST 800-53 Rev 5 AU-10

  • NIST 800-53 Rev 5 AU-12

  • NIST 800-53 Rev 5 AU-2

  • NIST 800-53 Rev 5 AU-3

  • NIST 800-53 Rev 5 AU-6(3)

  • NIST 800-53 Rev 5 AU-6(4)

  • NIST 800-53 Rev 5 CA-7

  • NIST 800-53 Rev 5 SC-7(9)

  • NIST 800-53 Rev 5 SI-3(8)

  • NIST 800-53 Rev 5 SI-4(20)

  • NIST 800-53 Rev 5 SI-7(8)

  • PCI DSS version 3.2.1 10.1

  • PCI DSS version 3.2.1 10.2.1

  • PCI DSS version 3.2.1 10.2.4

  • PCI DSS version 3.2.1 10.3.1

  • PCI DSS version 3.2.1 10.3.2

  • PCI DSS version 3.2.1 10.3.3

  • PCI DSS version 3.2.1 10.3.4

  • PCI DSS version 3.2.1 10.3.5

  • PCI DSS version 3.2.1 10.3.6

  • Establish logging and monitoring

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/RSBKBJHVWOCY

  • US East (Ohio) arn:aws:controltower:us-east-2::control/EMCHZAZDZNVL

  • US West (Oregon) arn:aws:controltower:us-west-2::control/MAPJFIKMJJKD

  • Canada (Central) arn:aws:controltower:ca-central-1::control/ZYDBRRMVVTZV

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/COFQNFPVILDJ

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/RHBUCASOCZAV

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/XZRMWOAQCCXL

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/RSSXGIZAPHTX

  • Europe (London) arn:aws:controltower:eu-west-2::control/NWKZMIUZNFKT

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/JNBLGPSROEFQ

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/QDMUYVEFHYOR

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/CGZWLZPDWIMX

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/EDSGIRTYZHTA

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/CZAGHRZSABRN

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/RXASZFBDCWEX

  • US West (N. California) arn:aws:controltower:us-west-1::control/TBJTNHJFQFRV

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/HGFGDWIJHIUM

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/XRYUQXKTPXYZ

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/NRRJRTUJBKRO

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/LHGULLYNLWNF

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/HZEAIHLPXGDG

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/PBAOGWJQTIKW

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/IDPOYYEWDDAK

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/DAAOJZCWCNLC

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/PTDUOCAXIHAE

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/JPFMNYTBXSIX

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/QDFYIJJARBVP

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/BPRDZIZNWYBS

CT.CLOUDFRONT.PR.6

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDFRONT.PR.6
  • NIST 800-53 Rev 5 AC-17(2)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 IA-5(1)

  • NIST 800-53 Rev 5 SC-12(3)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-23

  • NIST 800-53 Rev 5 SC-23(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-8

  • NIST 800-53 Rev 5 SC-8(1)

  • NIST 800-53 Rev 5 SC-8(2)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 4.1

  • Encrypt data in transit

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/QFQNQHNDSHBP

  • US East (Ohio) arn:aws:controltower:us-east-2::control/LQDIOWJWUTSM

  • US West (Oregon) arn:aws:controltower:us-west-2::control/EOUIZKHISXPN

  • Canada (Central) arn:aws:controltower:ca-central-1::control/LLIUTEJBMGHE

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/IYBPCXPFECFI

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/TUIUKMPMAEUD

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/MAELDXBVMXCM

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/OBRSKEKWVRVB

  • Europe (London) arn:aws:controltower:eu-west-2::control/NJKKCOAWJJJM

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/LOAXFPPQRMCF

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/SWGZZGILWLWS

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/MCPECPGYYPPZ

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/YFRQGLAWSBZU

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/APQPRHGKFWYO

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/WMHKGFLJAWPI

  • US West (N. California) arn:aws:controltower:us-west-1::control/HYJHVPFFKHDY

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/LEONXWJLQTYM

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/SAEWMKRDHMRO

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/WBMVRQPRAOQX

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/HYECMJHMDQAO

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/MEVRAVQYQCBD

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/QWHDDIDDVRIX

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/RLNLTYXPMQNQ

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/LTKLSWPOPLNR

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/GKTDSYXJRURB

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/EWCULHXPMCBD

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/CGQNUYCOSGYR

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/BHNUHFPPNUTC

CT.CLOUDFRONT.PR.7

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDFRONT.PR.7
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-2

  • PCI DSS version 3.2.1 4.1

  • Encrypt data in transit

  • Improve availability

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/SFIAOWRGHFHB

  • US East (Ohio) arn:aws:controltower:us-east-2::control/ZQXCMIVMKIAA

  • US West (Oregon) arn:aws:controltower:us-west-2::control/SUXMGZJXERLV

  • Canada (Central) arn:aws:controltower:ca-central-1::control/EYUKXNOQHBVC

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AQDUDHILVQNE

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/XFODQONNCMNG

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/FLFNIUITMQCJ

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/PJOCVKGBLJJL

  • Europe (London) arn:aws:controltower:eu-west-2::control/HVCNXRUCMQUQ

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/AMBUPGBVMSRB

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/BYQGXIDVQDFM

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/KYIFISGDQAHH

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/PVAWACSEUZOC

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/VKCENIKDHWLI

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/TKNLPUTAFIBQ

  • US West (N. California) arn:aws:controltower:us-west-1::control/XDXYMIJWXNMH

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/FOMSSEIEPEIR

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/FEOXIQQBHYQN

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/UHYZMCZNNITK

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/LANXJNMROUBG

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/OIQLPXBBDAEF

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/JDWMKBYCFRRZ

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/VQBHQOYFACWB

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/UETNVSJMZFSB

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/CUEQJGENOTAN

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/UPTABJLZLULD

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/RANNJKPZMAWZ

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/XZFLLXIQYNUD

CT.CLOUDFRONT.PR.8

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDFRONT.PR.8
  • NIST 800-53 Rev 5 AC-17(2)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 IA-5(1)

  • NIST 800-53 Rev 5 SC-12(3)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-23

  • NIST 800-53 Rev 5 SC-23(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-8

  • NIST 800-53 Rev 5 SC-8(1)

  • NIST 800-53 Rev 5 SC-8(2)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 4.1

  • Encrypt data in transit

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/YPZYCTALWZLK

  • US East (Ohio) arn:aws:controltower:us-east-2::control/KQTKKFCMSTJR

  • US West (Oregon) arn:aws:controltower:us-west-2::control/DIFDZPKTUXZR

  • Canada (Central) arn:aws:controltower:ca-central-1::control/FZHDAFBJJMXP

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/FWXCSWFYXMCI

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/XKYWAPJWATKR

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/VCVFZRIJCQUZ

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/CNNZUYODKIDH

  • Europe (London) arn:aws:controltower:eu-west-2::control/YPHHSQJLYWOQ

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/HLXSOZZDWMJN

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/CFFXQUJBTGPR

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/DNSOBLSOWZBO

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/VSBTGOOGYBBH

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/ONPPIEAALZUC

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/APWMSFWSKMFJ

  • US West (N. California) arn:aws:controltower:us-west-1::control/WIVHPNTBEMAA

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/RTJQECKEXLQP

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/UCOWSXPWKCCI

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/FFUABXMEWYYC

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/JLXINGWIDTUJ

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/ROHXSITDLDWI

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/XBLMALRLBRNO

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/CYVPKLRVWMSA

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/DCSIOMFMHOTM

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/ZVQCJXIKMXIC

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/DWTWKHVWMSMS

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/JMUEZJBIBXOG

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/ADCTWWSZWZTS

CT.CLOUDFRONT.PR.9

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDFRONT.PR.9
  • NIST 800-53 Rev 5 AC-17(2)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 IA-5(1)

  • NIST 800-53 Rev 5 SC-12(3)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-23

  • NIST 800-53 Rev 5 SC-23(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-8

  • NIST 800-53 Rev 5 SC-8(1)

  • NIST 800-53 Rev 5 SC-8(2)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 4.1

  • Manage vulnerabilities

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/XCQMSOOMOOKF

  • US East (Ohio) arn:aws:controltower:us-east-2::control/HXXCDBIITXOE

  • US West (Oregon) arn:aws:controltower:us-west-2::control/DOQSQVALBFCM

  • Canada (Central) arn:aws:controltower:ca-central-1::control/OJPYIMZXKWMN

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/MRNNWKOBUPWW

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/ORPMLBIMJEYI

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/DVCICCSXHKOE

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/ADCFMZEXRPWH

  • Europe (London) arn:aws:controltower:eu-west-2::control/BJDRLQQZJKZL

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/IZKULFXRTZNU

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/NBUGVULZANXD

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/PZBIGNJZQZWK

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/GITAQKSEJDXV

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/EUOWQLXWFGNQ

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AHXYZHBAZBFH

  • US West (N. California) arn:aws:controltower:us-west-1::control/HXNZJSDBYUQE

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/KYETOGMXUJPF

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/VFZMJZENUMGT

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/LFPEMXYIZGOG

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/HYDVIHSHNUJK

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/UMSUKOODJGNE

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/MSBIHIZOYSWP

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/LCDMMMAPSTOM

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/YMJHSAINUZQL

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/MVBZHLFJEXGH

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/HJIQHQJZMQZI

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/YTPDUMSIBEBO

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/RBADPCHOYCIE

CT.CLOUDTRAIL.PR.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDTRAIL.PR.1
  • CIS AWS Benchmark 1.4 3.7

  • NIST 800-53 Rev 5 AU-9

  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SC-7(10)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 10.5

  • PCI DSS version 3.2.1 10.5.2

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 3.4

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/EPNCREENAXLY

  • US East (Ohio) arn:aws:controltower:us-east-2::control/CTXDBBKXWFYM

  • US West (Oregon) arn:aws:controltower:us-west-2::control/RBOKYZWNIEEH

  • Canada (Central) arn:aws:controltower:ca-central-1::control/LADQHOPWFDQE

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/MQTVMQFRAQQV

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/LDWQNCXTIACQ

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/QHBXOKOYNIQV

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/GNPFAAZFPLUN

  • Europe (London) arn:aws:controltower:eu-west-2::control/ZWQEGGDWHBMQ

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/FRHFJVRAPTRV

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/YVIVTCSBKNZW

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/IYMKUWMIFVNY

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/VFEZPSFUCMNK

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/KDFZJGDKJDXF

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/AZGUTSGKCXJA

  • US West (N. California) arn:aws:controltower:us-west-1::control/CJBDBOPJYMYK

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/JLCBXYFLJKYT

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/JQROQRCXWACD

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/XXBNGWACEEJO

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/JHSHFWNLVDKX

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/CAZMRVABVNVZ

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/VFHCZZBNLJYD

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/LGMUXCEBWVNU

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/IWXMEFRDIIKX

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/YZFALBBJBHJW

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/KFVUHHOBQFSH

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/PHFHRPTBFXEU

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/RAAHJHHQSMWP

CT.CLOUDTRAIL.PR.2

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDTRAIL.PR.2
  • CIS AWS Benchmark 1.4 3.2

  • NIST 800-53 Rev 5 AU-9

  • NIST 800-53 Rev 5 SI-4

  • NIST 800-53 Rev 5 SI-7(1)

  • NIST 800-53 Rev 5 SI-7(3)

  • NIST 800-53 Rev 5 SI-7(7)

  • PCI DSS version 3.2.1 10.5.5

  • PCI DSS version 3.2.1 11.5

  • PCI DSS version 3.2.1 2.2

  • Protect data integrity

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/ZOBWKZJTOUFY

  • US East (Ohio) arn:aws:controltower:us-east-2::control/XFIDQGGGOMTT

  • US West (Oregon) arn:aws:controltower:us-west-2::control/SPIMIJLBSCTG

  • Canada (Central) arn:aws:controltower:ca-central-1::control/KAEEWMVGTQBG

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/DTIKKBFJWTRD

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/VLNMMTWXFFIR

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/RJSEMBTEORTH

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/ZBAVTAQOIBMN

  • Europe (London) arn:aws:controltower:eu-west-2::control/ZMDJHYXAERWW

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/YAJIWBETKSKD

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/XOLQDYEYNFBA

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/MXWILHEXRJPT

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/PNBCQSCEGUYV

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/QCMJJOGTGECG

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/GDFPFDOIRPAG

  • US West (N. California) arn:aws:controltower:us-west-1::control/KFQRNLMNZDUB

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/IEIDAMYBJTSE

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/VLSEDZSWLNNN

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/BQOOBSDUDOJY

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/OBWFNAETCXTZ

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/ARRMQAOWVILW

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/DWLSTPHLZRRX

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/JYFTEXMMRZCC

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/XYVNASPEROZE

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/GDQDYHIWOYJV

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/QFCAJQOMWRYU

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/ORGHRUEAQHKT

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/FSLGMXBTMEMG

CT.CLOUDTRAIL.PR.3

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDTRAIL.PR.3
  • CIS AWS Benchmark 1.4 3.4

  • NIST 800-53 Rev 5 AC-2(4)

  • NIST 800-53 Rev 5 AC-4(26)

  • NIST 800-53 Rev 5 AC-6(9)

  • NIST 800-53 Rev 5 AU-10

  • NIST 800-53 Rev 5 AU-12

  • NIST 800-53 Rev 5 AU-2

  • NIST 800-53 Rev 5 AU-3

  • NIST 800-53 Rev 5 AU-6(1)

  • NIST 800-53 Rev 5 AU-6(3)

  • NIST 800-53 Rev 5 AU-6(4)

  • NIST 800-53 Rev 5 AU-6(5)

  • NIST 800-53 Rev 5 AU-7(1)

  • NIST 800-53 Rev 5 AU-9(7)

  • NIST 800-53 Rev 5 CA-7

  • NIST 800-53 Rev 5 SC-7(9)

  • NIST 800-53 Rev 5 SI-20

  • NIST 800-53 Rev 5 SI-3(8)

  • NIST 800-53 Rev 5 SI-4(20)

  • NIST 800-53 Rev 5 SI-4(5)

  • NIST 800-53 Rev 5 SI-7(8)

  • PCI DSS version 3.2.1 10.5.3

  • PCI DSS version 3.2.1 10.5.4

  • PCI DSS version 3.2.1 2.2

  • Establish logging and monitoring

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/DZJUTMXLWLMF

  • US East (Ohio) arn:aws:controltower:us-east-2::control/NKNKEKYMHFHH

  • US West (Oregon) arn:aws:controltower:us-west-2::control/XAFEOVTQSTJA

  • Canada (Central) arn:aws:controltower:ca-central-1::control/GKZHBZWQTGXQ

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/AKRKBPXLHCRO

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/ENOFMWZNYKBC

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/DGZZTHPBWAJX

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/BEFMOHIMGMYG

  • Europe (London) arn:aws:controltower:eu-west-2::control/EMTYLMYRYEDC

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/MFOJTUROQZPI

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/AFDQMHYCXZPG

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/QUBSRGSNRUTO

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/GUMXCBJWOVUY

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/BBEODOCLACOK

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/HXNJHOVBCEQW

  • US West (N. California) arn:aws:controltower:us-west-1::control/TZTITSLDPMHU

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/BCJQMHEYTIGX

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/RIRMCQIOIAWT

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/NDEJIGGFJKIR

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/HDBBNLSSWFJN

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/RHLOQRXGMGBQ

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/BPYRAXQYLBFP

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/KGZPEYILUFXN

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/ALHFFPPGDKFH

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/GCVIUCRKRZJR

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/YCGKIQTAMTUJ

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/CFMFGTPDDQMP

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/KWEXXNTLEAVB

CT.CLOUDTRAIL.PR.4

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDTRAIL.PR.4
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SC-7(10)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 10.5

  • PCI DSS version 3.2.1 10.5.2

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 3.4

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/AUDOYQMVIFSG

  • US East (Ohio) arn:aws:controltower:us-east-2::control/OOPJJACQOFUS

  • US West (Oregon) arn:aws:controltower:us-west-2::control/MIAFWDCLTQFG

  • Canada (Central) arn:aws:controltower:ca-central-1::control/QDLDUFIKRTAF

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/CTOCGYRSDLYB

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/NCGCPHKAILMF

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/WGWYSUAMMWWN

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/BIDXZLOVTAPH

  • Europe (London) arn:aws:controltower:eu-west-2::control/YRILAMGJGTFS

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/GUOVVFIECKHB

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/UQXTLQQUVMRO

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/RFBRGAFCHGRH

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/DJVAKGGZOBGG

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/HDTLDOKSVHCS

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/NOFOPVIFERIB

  • US West (N. California) arn:aws:controltower:us-west-1::control/ARZVFSOFFRNH

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/CFOQQBAUVZYH

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/GBLIBFBFWEWJ

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/PRBKENAXOJXR

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/CQIIWIZRIDXD

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/HLHWSRJCEYDM

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/UQUAZOGJVRPA

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/KVTMFVMCHBSK

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/YRWHYIEUGKWK

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/EQJLPBKNWCEW

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/AWBLELLPBPBZ

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/YDPEPIRVMRSF

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/FDRWVVLULZAD

CT.CLOUDWATCH.PR.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDWATCH.PR.1
  • NIST 800-53 Rev 5 AU-6(1)

  • NIST 800-53 Rev 5 AU-6(5)

  • NIST 800-53 Rev 5 CA-7

  • NIST 800-53 Rev 5 IR-4(1)

  • NIST 800-53 Rev 5 IR-4(5)

  • NIST 800-53 Rev 5 SI-2

  • NIST 800-53 Rev 5 SI-20

  • NIST 800-53 Rev 5 SI-4(12)

  • NIST 800-53 Rev 5 SI-4(5)

  • Establish logging and monitoring

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/SSXFCVHAAYDY

  • US East (Ohio) arn:aws:controltower:us-east-2::control/RAMYQIPCOQPV

  • US West (Oregon) arn:aws:controltower:us-west-2::control/TKCJNPHIDFHI

  • Canada (Central) arn:aws:controltower:ca-central-1::control/VQRWIUPQXDNG

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/MOWBJMXOIHSB

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/EFYIPKXIMWCM

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/OBZIVWNWNIFK

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/YPSCUERHMDGL

  • Europe (London) arn:aws:controltower:eu-west-2::control/EDZSIQLZSHQT

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/SFQHEJLEUAUE

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/VZQEAYLRUVEW

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/JWZXOWQPDALC

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/DZZBWHYOVWZH

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/GVINKYTHSTYG

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/YKLBLDSNIPAT

  • US West (N. California) arn:aws:controltower:us-west-1::control/YSCEYMWJPDXX

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/JASXXRCJAGRM

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/EHGRDSWJBZRD

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/XFTUWPJDDHWR

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/FQUBDDOCHVXV

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/NSZIACKXCZWU

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/AMVXVAUISMIH

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/UNHKBRUEDJVG

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/IGPKWKCRTQSA

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/IYZCFYKTLOEZ

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/XSCOQUSBVAKH

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/CNMHXHONGEWR

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/FCCVJPUNPVXQ

CT.CLOUDWATCH.PR.2

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDWATCH.PR.2
  • NIST 800-53 Rev 5 AU-10

  • NIST 800-53 Rev 5 AU-11

  • NIST 800-53 Rev 5 AU-6(3)

  • NIST 800-53 Rev 5 AU-6(4)

  • NIST 800-53 Rev 5 CA-7

  • NIST 800-53 Rev 5 SI-12

  • PCI DSS version 3.2.1 10.7

  • PCI DSS version 3.2.1 3.1

  • Establish logging and monitoring

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/HTUKCDNXPVWK

  • US East (Ohio) arn:aws:controltower:us-east-2::control/KZLHFSHUXRWF

  • US West (Oregon) arn:aws:controltower:us-west-2::control/ZOBNLPQHKPDK

  • Canada (Central) arn:aws:controltower:ca-central-1::control/VPXBCTGURFRG

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/HEBNGALBPYXJ

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/QUYKUYVNWSZV

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/URQEHVTSKLLB

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/TBWHZGGFAGCX

  • Europe (London) arn:aws:controltower:eu-west-2::control/DNHPGCXFAJST

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/DSVHTVHFNRSE

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/JPDUOXRODBEG

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/TYKALNIDLUXK

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/SBTRQDFYDCOK

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/QCSZCQYGUUVZ

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/ACYWMNWHXDKN

  • US West (N. California) arn:aws:controltower:us-west-1::control/ZWPLHRTNEWRN

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/FBRQUVHBOZPB

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/VNUHTQRCTWLU

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/UZOKBNYSYIZW

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/OZCLFSHTISCQ

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/MDSOCYVCVKCT

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/VEWMILFDETBA

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/EFOQUCOHCADL

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/DAUDMKIGRGOZ

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/DPZXYQALXSBJ

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/UEJEPFFSZUBW

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/PLDXKXQWHHCV

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/JLVKWJATWUTV

CT.CLOUDWATCH.PR.3

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDWATCH.PR.3
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-12(2)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SC-7(10)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 3.4

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/ZHZBTTZMZYST

  • US East (Ohio) arn:aws:controltower:us-east-2::control/UEXYNAIAHTWI

  • US West (Oregon) arn:aws:controltower:us-west-2::control/RVGRWIMSJKPB

  • Canada (Central) arn:aws:controltower:ca-central-1::control/RZUDTGNQSLRG

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/YHKYBCWCRLJJ

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/AHEQLQIVIOWD

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/GSZUCKWWMLZM

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/GVVBWCAAOCTC

  • Europe (London) arn:aws:controltower:eu-west-2::control/ZSQDFIHSSAOD

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/VZXNAZZKVVEJ

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/OTGQBKNMWNKV

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/CWBBUWULYLOW

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/WYEDDRSFQTDY

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/WQCLCWXDFYLS

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/CYXHPOXPXBWZ

  • US West (N. California) arn:aws:controltower:us-west-1::control/CZEVEPANZGQK

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/QAJHRGEGPDMX

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/TGZQHFRKWOCF

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AZANGKXVSQGH

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/ORYXUPSLDOOT

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/OLDFVUGRRHUK

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/ELINFWHYRXRZ

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/GMIMEPVNIBZZ

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/TMUERIGFSBVJ

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/SYOYMUBLETAN

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/DEJFOZEGERQP

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/JBRCQFIIYNSH

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/RFQBNRCCEIKA

CT.CLOUDWATCH.PR.4

Control identifier Framework Control objective Control API identifiers, by Region
CT.CLOUDWATCH.PR.4
  • NIST 800-53 Rev 5 AU-6(1)

  • NIST 800-53 Rev 5 AU-6(5)

  • NIST 800-53 Rev 5 CA-7

  • NIST 800-53 Rev 5 SI-2

  • NIST 800-53 Rev 5 SI-4(12)

  • Establish logging and monitoring

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/UUBJSMHHQBTE

  • US East (Ohio) arn:aws:controltower:us-east-2::control/XFOXFWKOUFVI

  • US West (Oregon) arn:aws:controltower:us-west-2::control/LLRWYTMFYUFL

  • Canada (Central) arn:aws:controltower:ca-central-1::control/IOQUGWNHEDSO

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/CLDCBWOSIAUL

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/ISMLVCTXZGYF

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/OOGEPDLGDWEM

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/APPYZPTNBLGO

  • Europe (London) arn:aws:controltower:eu-west-2::control/XRRBPVFHMAFT

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/FKOIMKGDPJBQ

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/IHHAKHDRLOGU

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/CFAQBJOYCLFH

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/AEHEUFZDKJQD

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/HPAIEIOARUEQ

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/VCHSALJJXEQI

  • US West (N. California) arn:aws:controltower:us-west-1::control/UQPZKKDGYZCH

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/TIHAFDHKOGZJ

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/VKHCXDMGUOOK

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/YHLIYCNCGUAA

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/JULHFFNMMHXU

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/EKMHYJGVZCHG

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/YCKCTTEXWPSW

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/OGCHPVUOWVJB

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/UHOAJRVIPLHA

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/SBRKWJRBLSDV

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/TRQTFJOZZEOF

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/NNVSJITSDKOJ

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/HYRUNFPDZNHR

CT.CODEBUILD.PR.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.CODEBUILD.PR.1
  • NIST 800-53 Rev 5 SA-3

  • PCI DSS version 3.2.1 6.4.4

  • PCI DSS version 3.2.1 8.2.1

  • Use strong authentication

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/JIMFDEAQDWCK

  • US East (Ohio) arn:aws:controltower:us-east-2::control/XMPGGVRADHWF

  • US West (Oregon) arn:aws:controltower:us-west-2::control/DWTOSZTSQXGA

  • Canada (Central) arn:aws:controltower:ca-central-1::control/RSYHHWKEXHCO

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/SCDVMCSBZZBP

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/RDSUWXNODESZ

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/OZCLPKRVOVHV

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/NCDYZQYYXIMF

  • Europe (London) arn:aws:controltower:eu-west-2::control/CZYKFOXDXOAE

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/LAPQRZRTCBBL

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/PMZEKQNVBRKZ

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/XWOSMSCORYXY

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/EUUKRLJQRWDI

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/LFQQPETWUEWP

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/PMRWCRVSHCSO

  • US West (N. California) arn:aws:controltower:us-west-1::control/EHWDQPAGOQVY

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/EJMERDNUJBQJ

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/LBGGSSRBSGUS

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/QVLWIFOPPDEP

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/MKNRUEOIFDIO

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/WVYQZRGTLWHG

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/POTJCWBCWTKI

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/ODCFYBUSVHPI

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/JPCHEZJSIYJY

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/TLIZGYOSLXID

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/BGONJAEQQODC

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/YSLFINUPIWAR

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/LXVUSLOKWAYD

CT.CODEBUILD.PR.2

Control identifier Framework Control objective Control API identifiers, by Region
CT.CODEBUILD.PR.2
  • NIST 800-53 Rev 5 IA-5(7)

  • NIST 800-53 Rev 5 SA-3

  • PCI DSS version 3.2.1 8.2.1

  • Use strong authentication

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/EJNHNFZRAMFG

  • US East (Ohio) arn:aws:controltower:us-east-2::control/QFRBXZNMGMLD

  • US West (Oregon) arn:aws:controltower:us-west-2::control/WWHTDFQNALJW

  • Canada (Central) arn:aws:controltower:ca-central-1::control/SCRYBKUZHBYQ

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/CDUPZGSWHYDK

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/FTDDOMZPCICH

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/DDVQLINSURBW

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/WEYMGAQEESOZ

  • Europe (London) arn:aws:controltower:eu-west-2::control/QZKDWOTRWSLC

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/NACQKIAXFRVP

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/MVSGVYHINMLZ

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/EOOPASTMJSET

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/DCWLYNEJULNR

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/FHZHYYESCQDF

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/SIANVCWRXGWJ

  • US West (N. California) arn:aws:controltower:us-west-1::control/WTHWLRJZZOOW

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/VYDLJEUYORHK

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/JTEUUIMXIUPM

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/YPIAEPNIJNQG

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/JEUDKXERRMYB

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/GCSGHXXWTIVO

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/BNEGCEZBVNSJ

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/MBMBIGGAVEJN

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/QGKVBMJEDJEW

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/WZHIVERTKNMT

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/ZQLUVNOAMURG

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/BXMYBACIZYGC

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/TYKATGNYMSLJ

CT.CODEBUILD.PR.3

Control identifier Framework Control objective Control API identifiers, by Region
CT.CODEBUILD.PR.3
  • NIST 800-53 Rev 5 AC-2(12)

  • NIST 800-53 Rev 5 AC-2(4)

  • NIST 800-53 Rev 5 AC-4(26)

  • NIST 800-53 Rev 5 AC-6(9)

  • NIST 800-53 Rev 5 AU-10

  • NIST 800-53 Rev 5 AU-12

  • NIST 800-53 Rev 5 AU-2

  • NIST 800-53 Rev 5 AU-3

  • NIST 800-53 Rev 5 AU-6(3)

  • NIST 800-53 Rev 5 AU-6(4)

  • NIST 800-53 Rev 5 AU-9(7)

  • NIST 800-53 Rev 5 CA-7

  • NIST 800-53 Rev 5 SC-7(9)

  • NIST 800-53 Rev 5 SI-3(8)

  • NIST 800-53 Rev 5 SI-4

  • NIST 800-53 Rev 5 SI-4(20)

  • NIST 800-53 Rev 5 SI-7(8)

  • PCI DSS version 3.2.1 10.1

  • PCI DSS version 3.2.1 10.2.1

  • PCI DSS version 3.2.1 10.2.2

  • PCI DSS version 3.2.1 10.2.3

  • PCI DSS version 3.2.1 10.2.4

  • PCI DSS version 3.2.1 10.2.5

  • PCI DSS version 3.2.1 10.3.1

  • PCI DSS version 3.2.1 10.3.2

  • PCI DSS version 3.2.1 10.3.3

  • PCI DSS version 3.2.1 10.3.4

  • PCI DSS version 3.2.1 10.3.5

  • PCI DSS version 3.2.1 10.3.6

  • Establish logging and monitoring

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/YEHYWYAUIQHZ

  • US East (Ohio) arn:aws:controltower:us-east-2::control/UCDPZLBJEGBZ

  • US West (Oregon) arn:aws:controltower:us-west-2::control/MJRSPBWBBIWW

  • Canada (Central) arn:aws:controltower:ca-central-1::control/ZNXNBMZCHFPQ

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/QYCIHTAXYLTZ

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/VBDUMCPMLQTK

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/UTFBCSBSISVW

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/EBCCRSBQVOEK

  • Europe (London) arn:aws:controltower:eu-west-2::control/LTEOHIIZTPFH

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/BGMCKUYVIAXA

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/OWJXWKPQUCWT

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/BYCXOWCVCFOP

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/YFGOVOOKMXZQ

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/QNQUMYVIDFEX

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/KQRSGHFYHVUK

  • US West (N. California) arn:aws:controltower:us-west-1::control/VEHXVCDHACPS

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/KOZNXUGUJOXA

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/WKTXNANZYYLB

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/MRUGSCUAOCAC

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AQXBHQXXZESG

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/DMZLXFFHATNX

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/VUBGTNAZWXKR

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/GIFAWZCWRHNS

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/CMIJYJCFEKWD

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/DGQLWMRIBAOA

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/KEFQCWMQBGJR

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/CKDSLYLCJQRL

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/JEZZFRMLKWFS

CT.CODEBUILD.PR.5

Control identifier Framework Control objective Control API identifiers, by Region
CT.CODEBUILD.PR.5
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 2.2

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/OJSTETVYFKHE

  • US East (Ohio) arn:aws:controltower:us-east-2::control/XELBXZJFBGYK

  • US West (Oregon) arn:aws:controltower:us-west-2::control/NTHPULVMAKSY

  • Canada (Central) arn:aws:controltower:ca-central-1::control/KJEOAYEPVAWT

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/YKADOBILMOXE

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/BRCVOCSEPXIQ

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/FPCUVSCXOALO

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/HSYKYLVTHMSC

  • Europe (London) arn:aws:controltower:eu-west-2::control/WLFHTAHNSJRK

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/KSTOQHLUUMAB

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/ZUBAPDKBHPEE

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/JIRHXXYRRCPU

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/QMYRAUAAQSPG

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/CUBUEWNCWWLE

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/EOQMRPVCYIVQ

  • US West (N. California) arn:aws:controltower:us-west-1::control/GMPADQDKOOSS

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/XOOYSBYTMVEE

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/IIQOEVFKXQUA

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/BILMNUNVKGQU

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/XIPONLRXVTLM

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/EWFVDYKGEDQM

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/YZAEAAYHVZTZ

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/RFRJCMVGRGLK

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/PVMESLBTIORK

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/EZEDZUYHEOZT

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/ETTGKYPZHDWE

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/IKWSXRBWZGLC

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/RWIXRMHPKSME

CT.CODEBUILD.PR.6

Control identifier Framework Control objective Control API identifiers, by Region
CT.CODEBUILD.PR.6
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 10.5

  • PCI DSS version 3.2.1 10.5.2

  • PCI DSS version 3.2.1 2.2

  • PCI DSS version 3.2.1 3.4

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/WEEZOKNMKWFK

  • US East (Ohio) arn:aws:controltower:us-east-2::control/ARXGHZDJMVEV

  • US West (Oregon) arn:aws:controltower:us-west-2::control/ZYXLXAIYZXWK

  • Canada (Central) arn:aws:controltower:ca-central-1::control/LWZACZNXEWFR

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/BKDGPCXEHUYM

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/LJAFCKIMTDGT

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/LJXNLOULCHOC

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/RRRKAZCWMWYC

  • Europe (London) arn:aws:controltower:eu-west-2::control/TUDOZOFBNLBJ

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/NKXXSZNQJNAG

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/XFEBDNHXUVOK

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/MFNMFPARKBBF

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/RXRLKZGUXBFQ

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/YLCNQJWSXLBS

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/UFNUWPKHJXLL

  • US West (N. California) arn:aws:controltower:us-west-1::control/AWLHICDELWPN

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/DQVTQLQFTTBT

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/RCUQGUPBRITK

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/BJZEVENBVKMT

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/LKLEVOQIMCUV

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/LXQDTRHEMKEN

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/PKBWTCMWQOAH

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/AGOYHKVDQPPM

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/SDLNCTLECQXF

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/NKSJVWJEWECR

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/SRRAJIIMEVGE

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/MCFLNKWOTMGG

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/BBRKFCWFUGLH

CT.DAX.PR.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.DAX.PR.1
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SC-7(10)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 3.4

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/EMIZNBUBWZST

  • US East (Ohio) arn:aws:controltower:us-east-2::control/PWENJMKYDFLI

  • US West (Oregon) arn:aws:controltower:us-west-2::control/LIDITLCMTBXF

  • Canada (Central) arn:aws:controltower:ca-central-1::control/NBKPOCFUAYKO

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/WQDLGHQPLUEZ

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/QWQALHIYPODD

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/USAYUGMVGVCZ

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/HPQCLFNNHNVS

  • Europe (London) arn:aws:controltower:eu-west-2::control/YQFMNRBYQZUH

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/QRIOKXQBWHTR

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/IPCTFYGTPJQK

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/GKKAWAPRNSLP

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/YJPSKRTFOVNI

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/PBMMRKGQLQSP

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/XUCCOZBWAWDU

  • US West (N. California) arn:aws:controltower:us-west-1::control/OQJDQHXHVHYQ

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/YERSBEZNALIC

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/MAULWZOVBHAG

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/AVRDIKUBVIEL

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AHWDGTQANTPZ

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/RKQETEUGOLZT

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/TJAYEVJIIWMC

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/MEQGYHFODNJQ

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/WERBGVNLRWCP

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/XTNHYZREDREV

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/HDSPSOQHQADH

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/DNVHZNVNIVFL

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/RYLGGCGVEELG

CT.DAX.PR.2

Control identifier Framework Control objective Control API identifiers, by Region
CT.DAX.PR.2
  • NIST 800-53 Rev 5 CP-10

  • NIST 800-53 Rev 5 CP-2(2)

  • NIST 800-53 Rev 5 CP-6(2)

  • NIST 800-53 Rev 5 SC-36

  • NIST 800-53 Rev 5 SC-5(2)

  • NIST 800-53 Rev 5 SI-13(5)

  • Improve resiliency

  • Improve availability

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/SBKTBSUWMKEK

  • US East (Ohio) arn:aws:controltower:us-east-2::control/XOLXWDXOTSDS

  • US West (Oregon) arn:aws:controltower:us-west-2::control/BXXBFHSEQZVC

  • Canada (Central) arn:aws:controltower:ca-central-1::control/JUNTGFKWFFJA

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/YLPPVNACLIDZ

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/LSYCOPMQSAQK

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/WYPOTMKGGRTF

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/GTNFGAXVMTIY

  • Europe (London) arn:aws:controltower:eu-west-2::control/UDVRXZWEHJLQ

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/LKWSOIJNZRRT

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/KIADSEVTATNK

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/MCGGZQJDQSEG

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/KCZJTMRTLPZH

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/RDIXQORVUYTX

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/WKKCRCZYVOYA

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/GPIACDHSJUVO

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/SDXGBJAMZIPN

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/HGXHJVIRQSTJ

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/UNTRGVLZHGWC

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/SILHLNRKXURR

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/QVZKAJFUMHFI

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/GHAECZAUNGWM

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/SGSXAYLHNUSK

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/RQKTASYXHVYU

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/RDUKUALNEVNU

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/RYEAAPJMVRTI

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/DNCWSEOZINHL

CT.DAX.PR.3

Control identifier Framework Control objective Control API identifiers, by Region
CT.DAX.PR.3
  • NIST 800-53 Rev 5 AC-17(2)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 IA-5(1)

  • NIST 800-53 Rev 5 SC-12(3)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-23

  • NIST 800-53 Rev 5 SC-23(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-8

  • NIST 800-53 Rev 5 SC-8(1)

  • NIST 800-53 Rev 5 SC-8(2)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 2.3

  • PCI DSS version 3.2.1 4.1

  • PCI DSS version 3.2.1 8.2.1

  • Encrypt data in transit

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/JSRQEOOLHCHQ

  • US East (Ohio) arn:aws:controltower:us-east-2::control/OUEBONYIBDEN

  • US West (Oregon) arn:aws:controltower:us-west-2::control/KJQULRXQPSVI

  • Canada (Central) arn:aws:controltower:ca-central-1::control/BYNSAWVHNTAJ

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/JCLDTMNDGRTR

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/VNHVFUCLAKSX

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/XRLXMRYIIGWI

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/ZDNATWERTBBL

  • Europe (London) arn:aws:controltower:eu-west-2::control/NUXYWFVUJBLH

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/DBOHJEJMYNWG

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/ACWSAQRXMAPJ

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/QSNXKOZMYMFR

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/KANMRMPWOUQV

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/VXDLDZAZJHUP

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/HVXEDWNTFVJA

  • US West (N. California) arn:aws:controltower:us-west-1::control/EFBZVLOIFTYY

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/OWWBUIFRTHWC

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/BHRDSDRZCZYS

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/BBMUTVSRZXPV

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/EXACLWANURZW

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/PWUHXPBZIORO

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/EKWOVFGGQRQF

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/YWBDCWQRVAPI

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/OOLZDMSTRWYG

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/CJQFLUNIGRDW

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/BEFHHEFAMIGJ

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/UYJFPVBTWOWY

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/XTHSONULVJIP

CT.DMS.PR.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.DMS.PR.1
  • NIST 800-53 Rev 5 AC-21

  • NIST 800-53 Rev 5 AC-3

  • NIST 800-53 Rev 5 AC-3(7)

  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 AC-4(21)

  • NIST 800-53 Rev 5 AC-6

  • NIST 800-53 Rev 5 SC-7

  • NIST 800-53 Rev 5 SC-7(11)

  • NIST 800-53 Rev 5 SC-7(16)

  • NIST 800-53 Rev 5 SC-7(20)

  • NIST 800-53 Rev 5 SC-7(21)

  • NIST 800-53 Rev 5 SC-7(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-7(9)

  • PCI DSS version 3.2.1 1.2.1

  • PCI DSS version 3.2.1 1.3

  • PCI DSS version 3.2.1 1.3.1

  • PCI DSS version 3.2.1 1.3.2

  • PCI DSS version 3.2.1 1.3.4

  • PCI DSS version 3.2.1 1.3.6

  • PCI DSS version 3.2.1 2.2.2

  • Limit network access

  • Enforce least privilege

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/TZMIGTNDHQVL

  • US East (Ohio) arn:aws:controltower:us-east-2::control/VSDWQVWSEVHU

  • US West (Oregon) arn:aws:controltower:us-west-2::control/TEUGLLCMRFBE

  • Canada (Central) arn:aws:controltower:ca-central-1::control/XXXIGZQSIPVK

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/ZERDIGHMXMHK

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/FVTCTPBWHDTL

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/OMLKCPQPSJTR

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/YCHPEYBHXVBF

  • Europe (London) arn:aws:controltower:eu-west-2::control/WGOOQPQGGTCC

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/LEXIGWTCMJSA

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/UICXSEVCABSW

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/PMXDPOCYQXVY

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/CTFMRJPUPGCC

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/EOSDYNKIGAWA

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/XOKBSYBQKJOK

  • US West (N. California) arn:aws:controltower:us-west-1::control/TSMFXMFCPLVU

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/QAPCPDZHYEBF

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/CXVEOOHIMNNL

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/CPGOCDMDHGFI

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/OPSWXXYSYUMY

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/UNWEFSWWLQTO

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/ZWSGRHYTXZSN

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/HZSULTIXLIGQ

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/UMVTLBCRRGKV

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/TGGYQCVRRDMF

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/EUCLHHUYDEEC

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/LTSKNULFPUTG

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/ROMIMQWYAGFD

CT.DMS.PR.2

Control identifier Framework Control objective Control API identifiers, by Region
CT.DMS.PR.2
  • NIST 800-53 Rev 5 AC-4

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-23

  • NIST 800-53 Rev 5 SC-23(3)

  • NIST 800-53 Rev 5 SC-7(4)

  • NIST 800-53 Rev 5 SC-8

  • NIST 800-53 Rev 5 SC-8(1)

  • NIST 800-53 Rev 5 SC-8(2)

  • PCI DSS version 3.2.1 2.3

  • PCI DSS version 3.2.1 4.1

  • PCI DSS version 3.2.1 8.2.1

  • Encrypt data in transit

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/ORQVPINRLMOY

  • US East (Ohio) arn:aws:controltower:us-east-2::control/RAJOOXRIMDFG

  • US West (Oregon) arn:aws:controltower:us-west-2::control/AZMPQPEABVJQ

  • Canada (Central) arn:aws:controltower:ca-central-1::control/QOJPATDAWFRO

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/CHWMZWDERDLU

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/WSXHLSUCKDGH

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/JNVVNWEUIOGW

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/LUJEQBWKCVDA

  • Europe (London) arn:aws:controltower:eu-west-2::control/APLZCDFPGPZO

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/YAKMSVKKUHUU

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/TCEDVKZNCHKW

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/WKNUSICBMQOV

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/SQLHUPEXUOKU

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/UFYAUPRMCMWX

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/CRIBTOSVESOT

  • US West (N. California) arn:aws:controltower:us-west-1::control/CKDDWAKTYAFR

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/GLHMEPNCYUSQ

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/ENVXMQEWHFBX

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/WDEREYMNSGMU

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/ZXTHNNMVRRGT

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/FESPIXJAOULK

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/OJGKHKSODWGV

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/NPTLETTIZUMD

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/UJGYUMGMJBEY

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/XGZXZOCUAKPP

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/YRGKYVHVRBSL

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/WOTREEFQIYYS

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/YFAHKVXXOCSX

CT.DOCUMENTDB.PR.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.DOCUMENTDB.PR.1
  • NIST 800-53 Rev 5 CA-9(1)

  • NIST 800-53 Rev 5 CM-3(6)

  • NIST 800-53 Rev 5 SC-13

  • NIST 800-53 Rev 5 SC-28

  • NIST 800-53 Rev 5 SC-28(1)

  • NIST 800-53 Rev 5 SC-7(10)

  • NIST 800-53 Rev 5 SI-7(6)

  • PCI DSS version 3.2.1 3.4

  • PCI DSS version 3.2.1 8.2.1

  • Encrypt data at rest

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/THVIKWXJQCEB

  • US East (Ohio) arn:aws:controltower:us-east-2::control/AGSEOYNXOSRK

  • US West (Oregon) arn:aws:controltower:us-west-2::control/HXVOHNCIJRUC

  • Canada (Central) arn:aws:controltower:ca-central-1::control/CUUSQEVMNYIR

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/LVZGOWHNFFQQ

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/XUVXIHBPXAAM

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/XOBYNMAVPBFP

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/UWYKAUHSRUKZ

  • Europe (London) arn:aws:controltower:eu-west-2::control/CFNPIFZENDEO

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/CMAILYDYAUOY

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/NJTDQSHRSPIM

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/TEZXETAGKYOT

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/EONQZXNXGAPB

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/ACFERMCUQLYD

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/NSSWQWRWJNFM

  • US West (N. California) arn:aws:controltower:us-west-1::control/TRACDDWLKDRI

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/NDCSWMCFZFWK

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/BMNUBLZWWWWA

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/FIHFPXXSWPVR

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/DTKBFEIQNVQL

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/AIQLWAENCEVZ

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/GVXHDHLTISRP

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/ZKHDGAAGCYFF

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/UFMCCFRSISYY

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/AIUTNQWKGFDR

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/ECVIEFMUQJMZ

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/BBACQBVBHSDC

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/KNYFLVIZOIAZ

CT.DOCUMENTDB.PR.2

Control identifier Framework Control objective Control API identifiers, by Region
CT.DOCUMENTDB.PR.2
  • NIST 800-53 Rev 5 SI-12

  • PCI DSS version 3.2.1 3.1

  • Improve resiliency

  • US East (N. Virginia) arn:aws:controltower:us-east-1::control/ARZAKWMXVIVC

  • US East (Ohio) arn:aws:controltower:us-east-2::control/ZIBRJZXDXMYK

  • US West (Oregon) arn:aws:controltower:us-west-2::control/XIHJTNHDRQAF

  • Canada (Central) arn:aws:controltower:ca-central-1::control/NURHQPDKMITF

  • Asia Pacific (Sydney) arn:aws:controltower:ap-southeast-2::control/YDRKNNEUEWMB

  • Asia Pacific (Singapore) arn:aws:controltower:ap-southeast-1::control/UIHMUQNGECFF

  • Europe (Frankfurt) arn:aws:controltower:eu-central-1::control/NDOASXOMEPNB

  • Europe (Ireland) arn:aws:controltower:eu-west-1::control/DVXWRDHUPOPR

  • Europe (London) arn:aws:controltower:eu-west-2::control/HBAHNXQKSECW

  • Europe (Stockholm) arn:aws:controltower:eu-north-1::control/UATWYHSUXSUY

  • Asia Pacific (Mumbai) arn:aws:controltower:ap-south-1::control/XDKECWMGYWQS

  • Asia Pacific (Seoul) arn:aws:controltower:ap-northeast-2::control/CMOMYYELJWTW

  • Asia Pacific (Tokyo) arn:aws:controltower:ap-northeast-1::control/UIXMPMAVSMSO

  • Europe (Paris) arn:aws:controltower:eu-west-3::control/JXPLMTUAETRJ

  • South America (São Paulo) arn:aws:controltower:sa-east-1::control/GCAWCOVVHNPC

  • US West (N. California) arn:aws:controltower:us-west-1::control/VTWYHTWZJXDS

  • Asia Pacific (Hong Kong) arn:aws:controltower:ap-east-1::control/HTINNLWMXRAD

  • Asia Pacific (Jakarta) arn:aws:controltower:ap-southeast-3::control/NTKVAPLDGPIE

  • Asia Pacific (Osaka) arn:aws:controltower:ap-northeast-3::control/TYKSQTKVDRPU

  • Europe (Milan) arn:aws:controltower:eu-south-1::control/AFQCMISIBNZC

  • Africa (Cape Town) arn:aws:controltower:af-south-1::control/XDBAEAOQGFZQ

  • Middle East (Bahrain) arn:aws:controltower:me-south-1::control/LBGOTUKVIBIY

  • Israel (Tel Aviv) arn:aws:controltower:il-central-1::control/TLEHFGYBIPPV

  • Europe (Zurich) arn:aws:controltower:eu-central-2::control/YMMXEICWPZQC

  • Europe (Spain) arn:aws:controltower:eu-south-2::control/NOKRKREQWEPP

  • Asia Pacific (Hyderabad) arn:aws:controltower:ap-south-2::control/WAJSGCIJCGCH

  • Middle East (UAE) arn:aws:controltower:me-central-1::control/ZBVKSKSCLRSO

  • Asia Pacific (Melbourne) arn:aws:controltower:ap-southeast-4::control/KWPVVWPRUBZO

CT.DYNAMODB.PR.1

Control identifier Framework Control objective Control API identifiers, by Region
CT.DYNAMODB.PR.1
  • NIST 800-53 Rev 5 CP-10

  • NIST 800-53 Rev 5 CP-6(2)

  • NIST 800-53 Rev 5 CP-9

  • NIST 800-53 Rev 5 SC-5(2)

  • NIST 800-53 Rev 5 SI-12

  • NIST 800-53 Rev 5 SI-13(5)