💼 [ElastiCache.7] ElastiCache clusters should not use the default subnet group
- ID:
/frameworks/aws-fsbp-v1.0.0/elasticache/07
Description​
When launching an ElastiCache cluster, a default subnet group is created if one doesn't exist already. The default group uses subnets from the default Virtual Private Cloud (VPC). We recommend using custom subnet groups that are more restrictive of the subnets that the cluster resides in, and the networking that the cluster inherits from the subnets.
Similar​
- AWS Security Hub
- Internal
- ID:
dec-c-a2eea54e
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement | 32 | 68 | 91 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows | 37 | 48 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7 Boundary Protection | 29 | 4 | 52 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services | 28 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7(5) Boundary Protection _ Deny by Default — Allow by Exception | 4 | 18 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7(11) Boundary Protection _ Restrict Incoming Communications Traffic | 24 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7(16) Boundary Protection _ Prevent Discovery of System Components | 25 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7(21) Boundary Protection _ Isolation of System Components | 24 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|