πΌ [Config.1] AWS Config should be enabled and use the service-linked role for resource recording
-
Contextual name: πΌ [Config.1] AWS Config should be enabled and use the service-linked role for resource recording
-
ID:
/frameworks/aws-fsbp-v1.0.0/config/01 -
Located in: πΌ Config
Descriptionβ
The AWS Config service performs configuration management of supported AWS resources in your account and delivers log files to you. The recorded information includes the configuration item (AWS resource), relationships between configuration items, and any configuration changes within resources. Global resources are resources that are available in any Region.
Similarβ
- AWS Security Hub
- Internal
- ID:
dec-c-97993ae8
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ CM-3 Configuration Change Control | 8 | 15 | 21 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ CM-6(1) Configuration Settings _ Automated Management, Application, and Verification | 1 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ CM-8 System Component Inventory | 9 | 1 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ CM-8(2) System Component Inventory _ Automated Maintenance | 1 | |||
| πΌ PCI DSS v3.2.1 β πΌ 10.5.2 Protect audit trail files from unauthorized modifications. | 2 | 4 | ||
| πΌ PCI DSS v3.2.1 β πΌ 11.5 Deploy a change-detection mechanism to alert personnel to unauthorized modification of critical system files, configuration files, or content files. | 1 | 1 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (1)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS Account Config is not enabled in all regions π’ | 1 | π’ x6 |