💼 [RDS.2] RDS DB Instances should prohibit public access, as determined by the PubliclyAccessible configuration

• Contextual name: 💼 [RDS.2] RDS DB Instances should prohibit public access, as determined by the PubliclyAccessible configuration

• ID: /frameworks/aws-fsbp-v1.0.0/rds/02

• Located in: 💼 Relational Database Service (RDS)

Description

The PubliclyAccessible value in the RDS instance configuration indicates whether the DB instance is publicly accessible. When the DB instance is configured with PubliclyAccessible, it is an Internet-facing instance with a publicly resolvable DNS name, which resolves to a public IP address. When the DB instance isn't publicly accessible, it is an internal instance with a DNS name that resolves to a private IP address.

Similar

• AWS Security Hub
  • https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-2
• Internal
  • ID: dec-c-6264f50c

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement	32	68	89
💼 NIST SP 800-53 Revision 5 → 💼 AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows		37	46
💼 NIST SP 800-53 Revision 5 → 💼 SC-7 Boundary Protection	29	4	50
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services			28
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(5) Boundary Protection _ Deny by Default — Allow by Exception		4	18
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(11) Boundary Protection _ Restrict Incoming Communications Traffic			22
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(16) Boundary Protection _ Prevent Discovery of System Components			23
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(21) Boundary Protection _ Isolation of System Components			22
💼 PCI DSS v3.2.1 → 💼 1.2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.		10	35
💼 PCI DSS v3.2.1 → 💼 1.3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.		6	19
💼 PCI DSS v3.2.1 → 💼 1.3.2 Limit inbound Internet traffic to IP addresses within the DMZ.			19
💼 PCI DSS v3.2.1 → 💼 1.3.4 Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet.			6
💼 PCI DSS v3.2.1 → 💼 1.3.6 Place system components that store cardholder data in an internal network zone, segregated from the DMZ and other untrusted networks.			6
💼 PCI DSS v3.2.1 → 💼 7.2.1 Coverage of all system components.			7
💼 PCI DSS v4.0.1 → 💼 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks.			6

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS RDS Instance is publicly accessible and in an unrestricted public subnet 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-f937c35f	1