🛡️ AWS S3 Bucket Versioning is not enabled🟢

• Contextual name: 🛡️ Bucket Versioning is not enabled🟢
• ID: /ce/ca/aws/s3/bucket-versioning
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: RELIABILITY, SECURITY

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 AWS S3 Bucket
  • 🔌 AWS S3 Bucket - object.extracts.yaml
  • 🧪 test-data.json

Similar Policies

• AWS Trusted Advisor: Amazon S3 Bucket Versioning (R365s2Qddf)
• Cloud Conformity: S3 Bucket Versioning Enabled
• Internal: dec-x-2a9e5255

Similar Internal Rules

Rule	Policies	Flags
✉️ dec-x-2a9e5255	1

Description

Open File

Description

Ensure Amazon S3 Bucket versioning is enabled.

Amazon S3 bucket versioning is a feature that enhances the resiliency and security of your data by enabling the storage of multiple versions of objects within the same bucket. This functionality provides a mechanism for preserving, retrieving, and restoring every version of every object stored in the bucket.

Rationale

When enabled, this feature allows you to keep multiple versions of an object in the same S3 bucket. Each version is assigned a unique version ID, providing a robust version control mechanism for your stored data by allowing users to keep track of changes and maintain a history of modifications.

Impact

By leveraging versioning, users can maintain control over their stored objects, reduce the risk of data loss, and meet various compliance and regulatory requirements.

Disabled S3 bucket versioning can lead to increased risk of data loss. Any accidental deletion or overwrite of an object can result in permanent data loss, as there are no previous versions to recover.

... see more

Remediation

Open File

Remediation

From Command Line

• Use the following AWS CLI command to enable versioning for your S3 bucket. Replace {{your-bucket-name}} with the actual name of your S3 bucket.

  aws s3api put-bucket-versioning --bucket {{your-bucket-name}} --versioning-configuration Status=Enabled

  This command sends a request to Amazon S3 to enable versioning for the specified bucket.

• To confirm that versioning has been successfully enabled for your bucket, you can use the following command:

  aws s3api get-bucket-versioning --bucket {{your-bucket-name}}

  The response will include the versioning configuration for your bucket, and you should see "Status": "Enabled".

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 APRA CPG 234 → 💼 73f response and recovery which involves a mixture of system restoration (where integrity and availability have been compromised) and managing sensitive data loss where confidentiality has been compromised. This allows for a return to businessas-usual processing;		4	4		no data
💼 AWS Well-Architected → 💼 SEC08-BP04 Enforce access control			8		no data
💼 Cloudaware Framework → 💼 Data Protection and Recovery			23		no data
💼 Cloudaware Framework → 💼 System Configuration			69		no data
💼 FedRAMP High Security Controls → 💼 AU-9(2) Store on Separate Physical Systems or Components (H)			1		no data
💼 FedRAMP High Security Controls → 💼 CM-2(3) Retention of Previous Configurations (M)(H)		1	1		no data
💼 FedRAMP High Security Controls → 💼 CP-6 Alternate Storage Site (M)(H)	3		19		no data
💼 FedRAMP High Security Controls → 💼 CP-6(1) Separation from Primary Site (M)(H)			5		no data
💼 FedRAMP High Security Controls → 💼 CP-6(2) Recovery Time and Recovery Point Objectives (H)			19		no data
💼 FedRAMP High Security Controls → 💼 CP-9 System Backup (L)(M)(H)	5	4	14		no data
💼 FedRAMP High Security Controls → 💼 CP-10 System Recovery and Reconstitution (L)(M)(H)	2		20		no data
💼 FedRAMP High Security Controls → 💼 SI-12 Information Management and Retention (L)(M)(H)			7		no data
💼 FedRAMP Low Security Controls → 💼 CP-9 System Backup (L)(M)(H)			12		no data
💼 FedRAMP Low Security Controls → 💼 CP-10 System Recovery and Reconstitution (L)(M)(H)			20		no data
💼 FedRAMP Low Security Controls → 💼 SI-12 Information Management and Retention (L)(M)(H)			7		no data
💼 FedRAMP Moderate Security Controls → 💼 CM-2(3) Retention of Previous Configurations (M)(H)			1		no data
💼 FedRAMP Moderate Security Controls → 💼 CP-6 Alternate Storage Site (M)(H)	2		5		no data
💼 FedRAMP Moderate Security Controls → 💼 CP-6(1) Separation from Primary Site (M)(H)			5		no data
💼 FedRAMP Moderate Security Controls → 💼 CP-9 System Backup (L)(M)(H)	2		14		no data
💼 FedRAMP Moderate Security Controls → 💼 CP-10 System Recovery and Reconstitution (L)(M)(H)	1		20		no data
💼 FedRAMP Moderate Security Controls → 💼 SI-12 Information Management and Retention (L)(M)(H)			7		no data
💼 ISO/IEC 27001:2013 → 💼 A.17.1.2 Implementing information security continuity		3	3		no data
💼 ISO/IEC 27001:2013 → 💼 A.17.1.3 Verify, review and evaluate information security continuity		1	1		no data
💼 NIST CSF v1.1 → 💼 DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed		10	34		no data
💼 NIST CSF v1.1 → 💼 ID.BE-4: Dependencies and critical functions for delivery of critical services are established			3		no data
💼 NIST CSF v1.1 → 💼 ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations)		3	3		no data
💼 NIST CSF v1.1 → 💼 ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers		1	1		no data
💼 NIST CSF v1.1 → 💼 PR.DS-7: The development and testing environment(s) are separate from the production environment			1		no data
💼 NIST CSF v1.1 → 💼 PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)		4	26		no data
💼 NIST CSF v1.1 → 💼 PR.IP-4: Backups of information are conducted, maintained, and tested		4	8		no data
💼 NIST CSF v1.1 → 💼 PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed		3	3		no data
💼 NIST CSF v1.1 → 💼 PR.IP-10: Response and recovery plans are tested		1	1		no data
💼 NIST CSF v1.1 → 💼 PR.PT-5: Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations		3	3		no data
💼 NIST CSF v2.0 → 💼 GV.OC-04: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated			3		no data
💼 NIST CSF v2.0 → 💼 GV.OC-05: Outcomes, capabilities, and services that the organization depends on are understood and communicated			3		no data
💼 NIST CSF v2.0 → 💼 GV.SC-08: Relevant suppliers and other third parties are included in incident planning, response, and recovery activities			1		no data
💼 NIST CSF v2.0 → 💼 ID.AM-03: Representations of the organization's authorized network communication and internal and external network data flows are maintained			89		no data
💼 NIST CSF v2.0 → 💼 ID.AM-07: Inventories of data and corresponding metadata for designated data types are maintained			7		no data
💼 NIST CSF v2.0 → 💼 ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles			27		no data
💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties			59		no data
💼 NIST CSF v2.0 → 💼 ID.IM-04: Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved			3		no data
💼 NIST CSF v2.0 → 💼 PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected			187		no data
💼 NIST CSF v2.0 → 💼 PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected			184		no data
💼 NIST CSF v2.0 → 💼 PR.DS-11: Backups of data are created, protected, maintained, and tested			15		no data
💼 NIST CSF v2.0 → 💼 PR.IR-01: Networks and environments are protected from unauthorized logical access and usage			123		no data
💼 NIST CSF v2.0 → 💼 PR.IR-03: Mechanisms are implemented to achieve resilience requirements in normal and adverse situations			21		no data
💼 NIST CSF v2.0 → 💼 PR.IR-04: Adequate resource capacity to ensure availability is maintained			5		no data
💼 NIST CSF v2.0 → 💼 RC.RP-01: The recovery portion of the incident response plan is executed once initiated from the incident response process			20		no data
💼 NIST CSF v2.0 → 💼 RC.RP-02: Recovery actions are selected, scoped, prioritized, and performed			20		no data
💼 NIST CSF v2.0 → 💼 RC.RP-03: The integrity of backups and other restoration assets is verified before using them for restoration			9		no data
💼 NIST CSF v2.0 → 💼 RC.RP-05: The integrity of restored assets is verified, systems and services are restored, and normal operating status is confirmed			20		no data
💼 NIST SP 800-53 Revision 4 → 💼 CM-2 BASELINE CONFIGURATION	7	1	1		no data
💼 NIST SP 800-53 Revision 4 → 💼 CM-6 CONFIGURATION SETTINGS	4	1	1		no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-9(2) Protection of Audit Information _ Store on Separate Physical Systems or Components			1		no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-6 Alternate Storage Site	3		19		no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-6(1) Alternate Storage Site _ Separation from Primary Site			5		no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-6(2) Alternate Storage Site _ Recovery Time and Recovery Point Objectives			19		no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-9 System Backup	8		11		no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-10 System Recovery and Reconstitution	6		20		no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-5(2) Denial-of-service Protection _ Capacity, Bandwidth, and Redundancy			24		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-12 Information Management and Retention	3		7		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-13(5) Predictable Failure Prevention _ Failover Capability			19		no data
💼 SOC 2 → 💼 CC6.1-8 Manages Identification and Authentication		18	24		no data