💼 5.3 Ensure the default security group of every VPC restricts all traffic

• ID: /frameworks/cis-aws-v1.4.0/05/03

Description

A VPC comes with a default security group whose initial settings deny all inbound traffic, allow all outbound traffic, and allow all traffic between instances assigned to the security group. If you don't specify a security group when you launch an instance, the instance is automatically assigned to this default security group. Security groups provide stateful filtering of ingress/egress network traffic to AWS resources. It is recommended that the default security group restrict all traffic. The default VPC in every region should have its default security group updated to comply. Any newly created VPCs will automatically contain a default security group that will need remediation to comply with this recommendation.

Similar

• Sections
  • /frameworks/cis-aws-v1.5.0/05/04
  • /frameworks/cis-aws-v1.3.0/05/03
• Internal
  • ID: dec-c-76836c31

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS AWS v1.3.0 → 💼 5.3 Ensure the default security group of every VPC restricts all traffic			1		no data
💼 CIS AWS v1.5.0 → 💼 5.4 Ensure the default security group of every VPC restricts all traffic - Level 2 (Automated)			1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS AWS v1.3.0 → 💼 5.3 Ensure the default security group of every VPC restricts all traffic			1		no data
💼 CIS AWS v1.5.0 → 💼 5.4 Ensure the default security group of every VPC restricts all traffic - Level 2 (Automated)			1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS EC2 Default Security Group does not restrict all traffic🟢	1	🟢 x6	no data