---
names:
  full: AWS EC2 Default Security Group does not restrict all traffic
  contextual: Default Security Group does not restrict all traffic
description: "VPC comes with a default security group whose initial settings deny\
  \ all inbound traffic, allow all outbound traffic, and allow all traffic between\
  \ instances assigned to the security group.   If you don't specify a security group\
  \ when you launch an instance, the instance is automatically assigned to this default\
  \ security group. Security groups provide stateful filtering of ingress/egress network\
  \ traffic to AWS resources. It is recommended that the default security group restrict\
  \ all traffic."
type: COMPLIANCE_POLICY
categories:
  - SECURITY
frameworkMappings:
  - "/frameworks/cis-aws-v6.0.0/06/05"
  - "/frameworks/cloudaware/resource-security/network-exposure"
  - "/frameworks/aws-fsbp-v1.0.0/ec2/02"
similarPolicies:
  internal:
    - dec-x-ecd99f88
  cloudConformity:
    - url: https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/EC2/default-security-group-unrestricted.html
      name: Default Security Group Unrestricted