Vulnerability management - Ransomware Risk Management on AWS Using the NIST Cyber Security Framework (CSF)

This whitepaper is for historical reference only. Some content might be outdated and some links might not be available.

Vulnerability management

The Vulnerability Management component capability allows scanning and managing vulnerabilities across the enterprise.

Table 16 — Vulnerability management capability and the associated AWS services

Capability and CSF mapping AWS service AWS service description Function AWS GovCloud (US) available?

Vulnerability Management

ID.RA-1, ID.RA-5, PR.IP-12, DE.CM-8, RS.MI-3

Amazon ECR image scanning

Amazon ECR image scanning helps to identify software vulnerabilities in your container images.

Each container image may be scanned once per 24 hours.

Amazon ECR uses the Common Vulnerabilities and Exposures (CVEs) database from the open-source Clair project and provides a list of scan findings.

Docker image scanning against CVEs. Yes
Amazon Inspector

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.

After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.

These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.

Provides logs from vulnerability scanning. Yes
AWS Security Hub

AWS Security Hub gives you a comprehensive view of your high-priority security alerts and compliance status across AWS accounts.

With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner offerings.

A Security Hub insight is a collection of related findings defined by an aggregation statement and optional filters.

An insight identifies a security area that requires attention and intervention. Security Hub offers several managed (default) insights that you cannot modify or delete.

You can also create custom insights to track security issues that are unique to your AWS environment and usage.

This control gives you a comprehensive view of your high priority security alerts and compliance status across AWS accounts. Yes