💼 [ECR.2] ECR private repositories should have tag immutability configured

• ID: /frameworks/aws-fsbp-v1.0.0/ecr/02

Description

Amazon ECR Tag Immutability enables customers to rely on the descriptive tags of an image as a reliable mechanism to track and uniquely identify images. An immutable tag is static, which means each tag refers to a unique image. This improves reliability and scalability as the use of a static tag will always result in the same image being deployed. When configured, tag immutability prevents the tags from being overridden, which reduces the attack surface.

Similar

• AWS Security Hub
  • https://docs.aws.amazon.com/securityhub/latest/userguide/ecr-controls.html#ecr-2
• Internal
  • ID: dec-c-f0b1de71

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST SP 800-53 Revision 5 → 💼 CA-9(1) Internal System Connections _ Compliance Checks			23		no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-2 Baseline Configuration	7		27		no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-8(1) System Component Inventory _ Updates During Installation and Removal			2		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS ECR Repository Image Tag Mutability is set to Mutable🟢	1	🟢 x6	no data

Internal Rules

Rule	Policies	Flags
✉️ dec-x-767cce1f	1