Looking for common data sources used for automating evidence collection from AWS? Look no further!
This list is not exhaustive of the possibilities of what can be collected from AWS via the Terraform integration, but hopefully provide a good starting point.
Administrator Access to Application | Provide a system-generated list of administrative users for applications in scope. If uploading a manually created screenshot as evidence, it should include the date/time stamp to be valid. | |
Change Management - Developers | Provide a system-generated list of developers. If uploading a manually created screenshot as evidence, it should include the date/time stamp to be valid. | |
Change Management - Production Access | Provide a system-generated list of internal users who can push changes to production. If uploading a manually created screenshot as evidence, it should include the date/time stamp to be valid. | |
Configuration as Code | Provide evidence from the configuration management tool(s) showing that a standard infrastructure configuration is deployed across all environments. This can show that the tool is enabled or that standard settings are being applied. If uploading a manually created screenshot as evidence, it should include the date/time stamp to be valid. | |
Database Encryption | Provide the settings showing that sensitive data at rest is encrypted on the database or evidence that external database providers employ database encryption (via their SOC 2 or contractual documentation). If uploading a manually created screenshot as evidence, it should include the date/time stamp to be valid. | |
Encryption in Transit | Provide configuration evidencing encryption-in-transit for connections between services (SFTP, VPN). | |
Firewall Rules | Provide the firewall rule configurations for the cloud service network. This can be via a dashboard, the rule settings, or the DMZ, if applicable. If uploading a manually created screenshot as evidence, it should include the date/time stamp to be valid. | |
Intrusion Detection Configuration | Provide the intrusion detection/ intrusion prevention system (IDS/IPS) configurations. If uploading a manually created screenshot as evidence, it should include the date/time stamp to be valid. | |
Intrusion Rules | Provide the intrusion detection system (IDS) alerting rules evidencing what type of activities prompt alerting. If uploading a manually created screenshot as evidence, it should include the date/time stamp to be valid. | |
Malware Alert | Provide the malware alerting configuration settings for the infrastructure. If uploading a manually created screenshot as evidence, it should include the date/time stamp to be valid. | |
Multi Factor Authentication Evidence | Provide the settings that show that multi-factor authentication is turned on and enabled for internal users with access to critical systems. If uploading a manually created screenshot as evidence, it should include the date/time stamp to be valid. | |
Patch Scan | Provide the tool configuration to scan the network for unpatched network devices and machines. If uploading a manually created screenshot as evidence, it should include the date/time stamp to be valid. | |
Separation of Environments | Provide (a) screenshot(s) showing the production and development environments are logically separated from one another. If uploading a manually created screenshot as evidence, it should include the date/time stamp to be valid. | |
Server Scan and Patch | Provide evidence of the most recent patch update following industry standards/updated patch available from vendors. If uploading a manually created screenshot as evidence, it should include the date/time stamp to be valid. |