Skip to main content

πŸ’Ό [S3.19] S3 access points should have block public access settings enabled

  • Contextual name: πŸ’Ό [S3.19] S3 access points should have block public access settings enabled

  • ID: /frameworks/aws-fsbp-v1.0.0/s3/19

  • Located in: πŸ’Ό Simple Storage Service (S3)

Description​

The Amazon S3 Block Public Access feature helps you manage access to your S3 resources at three levels: the account, bucket, and access point levels. The settings at each level can be configured independently, allowing you to have different levels of public access restrictions for your data. The access point settings can't individually override the more restrictive settings at higher levels (account level or bucket assigned to the access point). Instead, the settings at the access point level are additive, meaning they complement and work alongside the settings at the other levels. Unless you intend an S3 access point to be publicly accessible, you should enable block public access settings.

Similar​

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-3 Access Enforcement15534
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-3(7) Access Enforcement _ Role-based Access Control11
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-4 Information Flow Enforcement326885
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows3742
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-6 Least Privilege102346
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-21 Information Sharing25
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7 Boundary Protection29447
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(3) Boundary Protection _ Access Points5
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(4) Boundary Protection _ External Telecommunications Services25
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(9) Boundary Protection _ Restrict Threatening Outgoing Communications Traffic12
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(11) Boundary Protection _ Restrict Incoming Communications Traffic19
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(16) Boundary Protection _ Prevent Discovery of System Components20
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(20) Boundary Protection _ Dynamic Isolation and Segregation5
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(21) Boundary Protection _ Isolation of System Components19
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks.5

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags