Skip to main content

πŸ“ AWS S3 Bucket Versioning is not enabled 🟒

  • Contextual name: πŸ“ Bucket Versioning is not enabled 🟒
  • ID: /ce/ca/aws/s3/bucket-versioning
  • Located in: πŸ“ AWS S3

Flags​

Our Metadata​

  • Policy Type: COMPLIANCE_POLICY
  • Policy Category:
    • RELIABILITY
    • SECURITY

Similar Policies​

Similar Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-2a9e52551

Logic​

Description​

Open File

Description​

Make sure to enable the Amazon S3 bucket versioning.

Amazon S3 bucket versioning is a feature that enhances the resiliency and security of your data by enabling the storage of multiple versions of objects within the same bucket. This functionality provides a mechanism for preserving, retrieving, and restoring every version of every object stored in the bucket.

Rational​

When enabled, this feature allows you to keep multiple versions of an object in the same S3 bucket. Each version is assigned a unique version ID, providing a robust version control mechanism for your stored data by allowing users to keep track of changes and maintain a history of modifications.

Impact​

By leveraging versioning, users can maintain control over their stored objects, reduce the risk of data loss, and meet various compliance and regulatory requirements.

Disabled S3 bucket versioning can lead to increased risk of data loss. Any accidental deletion or overwrite of an object can result in permanent data loss, as there are no previous versions to recover.

... see more

Remediation​

Open File

Remediation​

From Command Line​

  • Use the following AWS CLI command to enable versioning for your S3 bucket. Replace {{your-bucket-name}} with the actual name of your S3 bucket.

    aws s3api put-bucket-versioning --bucket {{your-bucket-name}} --versioning-configuration Status=Enabled

    This command sends a request to Amazon S3 to enable versioning for the specified bucket.

  • To confirm that versioning has been successfully enabled for your bucket, you can use the following command:

    aws s3api get-bucket-versioning --bucket {{your-bucket-name}}

    The response will include the versioning configuration for your bucket, and you should see "Status": "Enabled".

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό APRA CPG 234 β†’ πŸ’Ό 73f response and recovery which involves a mixture of system restoration (where integrity and availability have been compromised) and managing sensitive data loss where confidentiality has been compromised. This allows for a return to businessas-usual processing;44
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Data Protection and Recovery16
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό System Configuration30
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό CM-2(3) Retention of Previous Configurations (M)(H)11
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό CP-9 System Backup (L)(M)(H)548
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό CP-9 System Backup (L)(M)(H)7
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό CM-2(3) Retention of Previous Configurations (M)(H)1
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό CP-9 System Backup (L)(M)(H)28
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.17.1.2 Implementing information security continuity33
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.17.1.3 Verify, review and evaluate information security continuity11
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed1014
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.BE-4: Dependencies and critical functions for delivery of critical services are established3
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations)33
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers11
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.DS-7: The development and testing environment(s) are separate from the production environment1
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)426
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-4: Backups of information are conducted, maintained, and tested47
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed33
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-10: Response and recovery plans are tested11
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.PT-5: Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations33
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OC-04: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated3
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OC-05: Outcomes, capabilities, and services that the organization depends on are understood and communicated3
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-08: Relevant suppliers and other third parties are included in incident planning, response, and recovery activities1
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-03: Representations of the organization's authorized network communication and internal and external network data flows are maintained45
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties33
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-04: Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved3
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-11: Backups of data are created, protected, maintained, and tested9
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.IR-01: Networks and environments are protected from unauthorized logical access and usage66
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.IR-03: Mechanisms are implemented to achieve resilience requirements in normal and adverse situations11
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό CM-2 BASELINE CONFIGURATION711
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό CM-6 CONFIGURATION SETTINGS411
πŸ’Ό SOC 2 β†’ πŸ’Ό CC6.1-8 Manages Identification and Authentication1824