💼 [Redshift.1] Amazon Redshift clusters should prohibit public access

Contextual name: 💼 [Redshift.1] Amazon Redshift clusters should prohibit public access
ID: /frameworks/aws-fsbp-v1.0.0/redshift/01
Located in: 💼 Redshift

Description

The PubliclyAccessible attribute of the Amazon Redshift cluster configuration indicates whether the cluster is publicly accessible. When the cluster is configured with PubliclyAccessible set to true, it is an Internet-facing instance that has a publicly resolvable DNS name, which resolves to a public IP address.

When the cluster is not publicly accessible, it is an internal instance with a DNS name that resolves to a private IP address. Unless you intend for your cluster to be publicly accessible, the cluster should not be configured with PubliclyAccessible set to true.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-1
Internal
- ID: dec-c-b2f36793

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies
💼 NIST SP 800-53 Revision 5 → 💼 AC-3 Access Enforcement	15	5	34
💼 NIST SP 800-53 Revision 5 → 💼 AC-3(7) Access Enforcement _ Role-based Access Control			11
💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement	32	68	85
💼 NIST SP 800-53 Revision 5 → 💼 AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows		37	42
💼 NIST SP 800-53 Revision 5 → 💼 AC-6 Least Privilege	10	23	46
💼 NIST SP 800-53 Revision 5 → 💼 AC-21 Information Sharing	2		5
💼 NIST SP 800-53 Revision 5 → 💼 SC-7 Boundary Protection	29	4	47
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(3) Boundary Protection _ Access Points			5
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services			25
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(9) Boundary Protection _ Restrict Threatening Outgoing Communications Traffic			12
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(11) Boundary Protection _ Restrict Incoming Communications Traffic			19
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(16) Boundary Protection _ Prevent Discovery of System Components			20
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(20) Boundary Protection _ Dynamic Isolation and Segregation			5
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(21) Boundary Protection _ Isolation of System Components			19
💼 PCI DSS v3.2.1 → 💼 1.2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.		10	35
💼 PCI DSS v3.2.1 → 💼 1.3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.		6	19
💼 PCI DSS v3.2.1 → 💼 1.3.2 Limit inbound Internet traffic to IP addresses within the DMZ.			19
💼 PCI DSS v3.2.1 → 💼 1.3.4 Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet.			6
💼 PCI DSS v3.2.1 → 💼 1.3.6 Place system components that store cardholder data in an internal network zone, segregated from the DMZ and other untrusted networks.			5
💼 PCI DSS v4.0.1 → 💼 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks.			5

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Description

Similar

Similar Sections (Give Policies To)

Sub Sections