Skip to main content

💼 [S3.5] S3 general purpose buckets should require requests to use SSL

Contextual name: 💼 [S3.5] S3 general purpose buckets should require requests to use SSL
ID: /frameworks/aws-fsbp-v1.0.0/s3/05
Located in: 💼 Simple Storage Service (S3)

Description

S3 buckets should have policies that require all requests (Action: S3:*) to only accept transmission of data over HTTPS in the S3 resource policy, indicated by the condition key aws:SecureTransport.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-5
Internal
- ID: dec-c-08c8ebac

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement	32	61	73
💼 NIST SP 800-53 Revision 5 → 💼 AC-17(2) Remote Access _ Protection of Confidentiality and Integrity Using Encryption		11	13
💼 NIST SP 800-53 Revision 5 → 💼 IA-5(1) Authenticator Management _ Password-based Authentication			4
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services			17
💼 NIST SP 800-53 Revision 5 → 💼 SC-8 Transmission Confidentiality and Integrity	5	8	10
💼 NIST SP 800-53 Revision 5 → 💼 SC-8(1) Transmission Confidentiality and Integrity _ Cryptographic Protection		8	10
💼 NIST SP 800-53 Revision 5 → 💼 SC-8(2) Transmission Confidentiality and Integrity _ Pre- and Post-transmission Handling			2
💼 NIST SP 800-53 Revision 5 → 💼 SC-12(3) Cryptographic Key Establishment and Management _ Asymmetric Keys			2
💼 NIST SP 800-53 Revision 5 → 💼 SC-13 Cryptographic Protection	4		6
💼 NIST SP 800-53 Revision 5 → 💼 SC-23 Session Authenticity	5		2
💼 NIST SP 800-53 Revision 5 → 💼 SC-23(3) Session Authenticity _ Unique System-generated Session Identifiers			2
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(6) Software, Firmware, and Information Integrity _ Cryptographic Protection			6
💼 PCI DSS v3.2.1 → 💼 4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks.	1	6	9
💼 PCI DSS v4.0.1 → 💼 4.2.1 Strong cryptography and security protocols are implemented to safeguard PAN during transmission over open, public networks.	2		9

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS S3 Bucket Policy is not set to deny HTTP requests 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-d5fbfc40	1

Description
Similar
Similar Sections (Give Policies To)
Sub Sections
Policies (1)
Internal Rules