💼 [Config.1] AWS Config should be enabled and use the service-linked role for resource recording

Contextual name: 💼 [Config.1] AWS Config should be enabled and use the service-linked role for resource recording
ID: /frameworks/aws-fsbp-v1.0.0/config/01
Located in: 💼 Config

Description

The AWS Config service performs configuration management of supported AWS resources in your account and delivers log files to you. The recorded information includes the configuration item (AWS resource), relationships between configuration items, and any configuration changes within resources. Global resources are resources that are available in any Region.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/config-controls.html#config-1
Internal
- ID: dec-c-97993ae8

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies
💼 NIST SP 800-53 Revision 5 → 💼 CM-3 Configuration Change Control	8	17	25
💼 NIST SP 800-53 Revision 5 → 💼 CM-6(1) Configuration Settings _ Automated Management, Application, and Verification			1
💼 NIST SP 800-53 Revision 5 → 💼 CM-8 System Component Inventory	9		3
💼 NIST SP 800-53 Revision 5 → 💼 CM-8(2) System Component Inventory _ Automated Maintenance			1
💼 PCI DSS v3.2.1 → 💼 10.5.2 Protect audit trail files from unauthorized modifications.		1	4
💼 PCI DSS v3.2.1 → 💼 11.5 Deploy a change-detection mechanism to alert personnel to unauthorized modification of critical system files, configuration files, or content files.	1		1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS Account Config is not enabled in all regions 🟢	1	🟢 x6

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​

Description

Similar

Similar Sections (Give Policies To)

Sub Sections

Policies (1)