Skip to main content

๐Ÿ’ผ 4 Monitoring

  • Contextual name: ๐Ÿ’ผ 4 Monitoring
  • ID: /frameworks/cis-aws-v5.0.0/04
  • Located in: ๐Ÿ’ผ CIS AWS v5.0.0

Descriptionโ€‹

This section contains recommendations for configuring AWS to assist with monitoring and responding to account activities.

Metric filter-related recommendations in this section are dependent on the Ensure CloudTrail is enabled in all regions and Ensure CloudTrail trails are integrated with CloudWatch Logs recommendations in the "Logging" section.

Similarโ€‹

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 4.1 Ensure unauthorized API calls are monitored (Automated)1
๐Ÿ’ผ 4.2 Ensure management console sign-in without MFA is monitored (Manual)1
๐Ÿ’ผ 4.3 Ensure usage of the 'root' account is monitored (Manual)1
๐Ÿ’ผ 4.4 Ensure IAM policy changes are monitored (Manual)1
๐Ÿ’ผ 4.5 Ensure CloudTrail configuration changes are monitored (Manual)1
๐Ÿ’ผ 4.6 Ensure AWS Management Console authentication failures are monitored (Manual)1
๐Ÿ’ผ 4.7 Ensure disabling or scheduled deletion of customer created CMKs is monitored (Manual)1
๐Ÿ’ผ 4.8 Ensure S3 bucket policy changes are monitored (Manual)1
๐Ÿ’ผ 4.9 Ensure AWS Config configuration changes are monitored (Manual)1
๐Ÿ’ผ 4.10 Ensure security group changes are monitored (Manual)1
๐Ÿ’ผ 4.11 Ensure Network Access Control List (NACL) changes are monitored (Manual)1
๐Ÿ’ผ 4.12 Ensure changes to network gateways are monitored (Manual)1
๐Ÿ’ผ 4.13 Ensure route table changes are monitored (Manual)1
๐Ÿ’ผ 4.14 Ensure VPC changes are monitored (Manual)1
๐Ÿ’ผ 4.15 Ensure AWS Organizations changes are monitored (Manual)1
๐Ÿ’ผ 4.16 Ensure AWS Security Hub is enabled (Automated)1