AWS Guard Rules Registry is an open-source repository of AWS CloudFormation Guard rule files and managed rule sets that help organizations shift left in their Software Development Life Cycle (SDLC) processes.
Leverage the existing AWS Guard Registry Rule Sets currently available:
Contribute to the individual AWS Guard Registry Rules:
good first issue.Create and contribute your own open source AWS Guard Rules Registry custom rule set:
AWS Guard Rules Registry is an open-source repository of rule files and managed rule sets for AWS CloudFormation Guard. The intent of the registry is to give users Guard rules that provide policy as code solutions which complement the AWS Config Managed Rules as well as your Guard rules. Many of the Guard rules supported by AWS are best-effort Guard rule implementations of AWS Config Managed Rules.
Note: Not all AWS Config Managed Rules are present in the AWS Guard Rules Registry. Some of the AWS Config Managed Rules are detective only in nature and are not able to be expressed in infrastructure as code relevant to development practices.
The Guard Rules Registry offers the following value:
One of the intents of AWS Guard Rules Registry is to create modular single file Guard rule files that can be mapped into multiple managed rule sets similar to how AWS Config Conformance Packs work with AWS Config Managed Rules. The AWS Guard Rules Registry contains individual guard rule files associated to a single rule. The rules directory contains multiple sub-directories based on different technologies, providers, and services.
```
rules
├── aws
│ └── apigateway
│ │ ├── apigw_method_auth_type_is_not_none.guard
│ │ └── tests
│ │ └── apigw_method_auth_type_is_not_none_tests.yml
│ └── dynamodb
│ ├── dynamodb_pitr_enabled.guard
│ └── tests
│ └── dynamodb_pitr_is_enabled_tests.yml
├── kubernetes
└── terraform
```
Many of the Guard rules are supported by AWS and correspond or complement associated AWS Config Managed Rules. These rules can be identified by the all-uppercase naming convention which is identical to the AWS Config Managed Rule identifier.
Note: Guard rule names that are in all uppercase are intentionally set this way. The names reflects the AWS Config Managed rule identifier the guard rule is satisfying.
Within each directory that contains Guard rules, there is a tests sub-directory contains unit tests for some of the corner cases we expect Guard rule to PASS/FAIL/SKIP. The test sub-directory contains the corresponding test file for the Guard rule with the suffix _tests and can have the extension of .yml or .json. To learn more, see Guard Rules Dev Guide for more detail on how to create unit tests for your guard rule.
AWS Guard Rules registry contains prebuilt managed rule sets compiled from rule mapping files found in the mappings directory. The following managed Rule Sets are available for use:
Managed Rule Set Rules Set Name Mapping File ABS Cloud Computing Implementation Guide 2.0 - Material Workloads ABS-CCIGv2-Material Link ABS Cloud Computing Implementation Guide 2.0 - Standard Workloads ABS-CCIGv2-Standard Link Australian Cyber Security Centre (ACSC) Essential Eight Maturity Model acsc-essential-8 Link Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) 2020-06 acsc-ism Link Australian Prudential Regulation Authority (APRA) CPG 234 apra-cpg-234 Link Bank Negara Malaysia (BNM) Risk Management in Technology (RMiT) bnm-rmit Link Center for Internet Security (CIS) Amazon Web Services Foundation v1.4 Level 1 cis-aws-benchmark-level-1 Link Center for Internet Security (CIS) Amazon Web Services Foundation v1.4 Level2 cis-aws-benchmark-level-2 Link Center for Internet Security (CIS) Critical Security Controls v8 IG1 cis-critical-security-controls-v8-ig1 Link Center for Internet Security (CIS) Critical Security Controls v8 IG2 cis-critical-security-controls-v8-ig2 Link Center for Internet Security (CIS) Critical Security Controls v8 IG3 cis-critical-security-controls-v8-ig3 Link Center for Internet Security (CIS) Top 20 Critical Security Controls cis-top-20 Link Cybersecurity & Infrastructure Security Agency (CISA) Cyber Essentials (CE) cisa-ce Link Cybersecurity Maturity Model Certification (CMMC) Level 1 cmmc-level-1 Link Cybersecurity Maturity Model Certification (CMMC) Level 2 cmmc-level-2 Link Cybersecurity Maturity Model Certification (CMMC) Level 3 cmmc-level-3 Link Cybersecurity Maturity Model Certification (CMMC) Level 4 cmmc-level-4 Link Cybersecurity Maturity Model Certification (CMMC) Level 5 cmmc-level-5 Link European Union Agency for Cybersecurity (ENISA) Cybersecurity guide for SMEs enisa-cybersecurity-guide-for-smes Link Spain Esquema Nacional de Seguridad (ENS) High framework controls ens-high Link Spain Esquema Nacional de Seguridad (ENS) Low framework controls ens-low Link Spain Esquema Nacional de Seguridad (ENS) Medium framework controls ens-medium Link Title 21 of the Code of Federal Regulations (CFR) Part 11 FDA-21CFR-Part-11 Link Federal Risk and Authorization Management Program (FedRAMP) Moderate fedramp-moderate Link Federal Risk and Authorization Management Program (FedRAMP) Low fedramp-low Link Federal Financial Institutions Examination Council (FFIEC) Cyber Security Assessment Tool domains ffiec Link Health Insurance Portability and Accountability Act (HIPAA) hipaa-security Link Korea – Information Security Management System (ISMS) k-isms Link Monetary Authority of Singapore (MAS) Notice 655 – Cyber Hygiene mas-notice-655 Link Monetary Authority of Singapore (MAS) Technology Risk Management Guidelines (TRMG) January 2021 mas-trmg Link National Bank of Cambodia’s (NBC) Technology Risk Management (TRM) Guidelines framework nbc-trmg Link UK National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) controls ncsc-cafv3 Link UK National Cyber Security Centre (NCSC) Cloud Security Principles ncsc Link North American Electric Reliability Corporation Critical Infrastructure Protection Standards (NERC CIP) for BES Cyber System Information (BCSI), CIP-004-7 & CIP-011-3 nerc Link NIST 1800-25 nist-1800-25 Link NIST 800-171 nist-800-171 Link NIST 800-172 nist-800-172 Link NIST 800-181 nist-800-181 Link NIST 800-53 Revision 4 nist800-53rev4 Link NIST 800-53 Revision 5 nist800-53rev5 Link NIST Cyber Security Framework (CSF) nist-csf Link NIST Privacy Framework nist-privacy-framework Link New Zealand Government Communications Security Bureau (GCSB) Information Security Manual (NZISM) nzism Link Payment Card Industry Data Security Standard (PCI DSS) 3.2.1 PCI-DSS-3-2-1 Link Reserve Bank of India (RBI) Cyber Security Framework for Urban Cooperative Banks (UCBs) rbi-bcsf-ucb Link Reserve Bank of India (RBI) Master Direction – Information Technology Framework rbi-md-itf Link New York State Department Of Financial Services (NYDFS) cybersecurity requirements for financial services companies (23 NYCRR 500) us-nydfs Link Amazon Web Services' Well-Architected Framework Reliability Pillar wa-Reliability-Pillar Link AWS Guard rule set for Amazon Web Services' Well-Architected Framework Security Pillar wa-Security-Pillar LinkSee CONTRIBUTING for more information.
This project is licensed under the Apache-2.0 License.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4