| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [APIGateway.5] API Gateway REST API cache data should be encrypted at rest | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [AutoScaling.3] Auto Scaling group launch configurations should configure EC2 instances to require Instance Metadata Service Version 2 (IMDSv2) | | 1 | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [AutoScaling.9] Amazon EC2 Auto Scaling groups should use Amazon EC2 launch templates | | 1 | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.8] CloudFront distributions should use SNI to serve HTTPS requests | | 1 | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudTrail.2] CloudTrail should have encryption at-rest enabled | | | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CodeBuild.3] CodeBuild S3 logs should be encrypted | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DocumentDB.1] Amazon DocumentDB clusters should be encrypted at rest | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DocumentDB.5] Amazon DocumentDB clusters should have deletion protection enabled | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DynamoDB.3] DynamoDB Accelerator (DAX) clusters should be encrypted at rest | | 1 | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DynamoDB.6] DynamoDB tables should have deletion protection enabled | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.3] Attached Amazon EBS volumes should be encrypted at-rest | | | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.4] Stopped EC2 instances should be removed after a specified time period | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.7] EBS default encryption should be enabled | | 1 | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.19] Security groups should not allow unrestricted access to ports with high risk | | | 10 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.21] Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389 | | | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.23] Amazon EC2 Transit Gateways should not automatically accept VPC attachment requests | | | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECR.2] ECR private repositories should have tag immutability configured | | 1 | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECR.3] ECR repositories should have at least one lifecycle policy configured | | 1 | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.3] ECS task definitions should not share the host's process namespace | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.8] Secrets should not be passed as container environment variables | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EFS.1] Elastic File System should be configured to encrypt file data at-rest using AWS KMS | | 1 | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EKS.2] EKS clusters should run on a supported Kubernetes version | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ElastiCache.4] ElastiCache replication groups should be encrypted at rest | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.6] Application, Gateway, and Network Load Balancers should have deletion protection enabled | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.7] Classic Load Balancers should have connection draining enabled | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.12] Application Load Balancer should be configured with defensive or strictest desync mitigation mode | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.14] Classic Load Balancer should be configured with defensive or strictest desync mitigation mode | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EMR.3] Amazon EMR security configurations should be encrypted at rest | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.1] Elasticsearch domains should have encryption at-rest enabled | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [FSx.1] FSx for OpenZFS file systems should be configured to copy tags to backups and volumes | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Kinesis.1] Kinesis streams should be encrypted at rest | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Lambda.2] Lambda functions should use supported runtimes | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Macie.1] Amazon Macie should be enabled | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Macie.2] Macie automated sensitive data discovery should be enabled | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Neptune.1] Neptune DB clusters should be encrypted at rest | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Neptune.4] Neptune DB clusters should have deletion protection enabled | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Neptune.6] Neptune DB cluster snapshots should be encrypted at rest | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Neptune.8] Neptune DB clusters should be configured to copy tags to snapshots | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [NetworkFirewall.3] Network Firewall policies should have at least one rule group associated | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [NetworkFirewall.4] The default stateless action for Network Firewall policies should be drop or forward for full packets | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [NetworkFirewall.5] The default stateless action for Network Firewall policies should be drop or forward for fragmented packets | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [NetworkFirewall.9] Network Firewall firewalls should have deletion protection enabled | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [NetworkFirewall.10] Network Firewall firewalls should have subnet change protection enabled | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.1] OpenSearch domains should have encryption at rest enabled | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [PCA.1] AWS Private CA root certificate authority should be disabled | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.3] RDS DB instances should have encryption at-rest enabled | | 1 | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.4] RDS cluster snapshots and database snapshots should be encrypted at rest | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.16] RDS DB clusters should be configured to copy tags to snapshots | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.17] RDS DB instances should be configured to copy tags to snapshots | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.24] RDS Database clusters should use a custom administrator username | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.25] RDS database instances should use a custom administrator username | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.27] RDS DB clusters should be encrypted at rest | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Redshift.6] Amazon Redshift should have automatic upgrades to major versions enabled | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Redshift.8] Amazon Redshift clusters should not use the default Admin username | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Redshift.9] Redshift clusters should not use the default database name | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Redshift.10] Redshift clusters should be encrypted at rest | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.6] S3 general purpose bucket policies should restrict access to other AWS accounts | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SQS.1] Amazon SQS queues should be encrypted at rest | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SSM.1] Amazon EC2 instances should be managed by AWS Systems Manager | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SSM.3] Amazon EC2 instances managed by Systems Manager should have an association compliance status of COMPLIANT | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [WAF.4] AWS WAF Classic Regional web ACLs should have at least one rule or rule group | | | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [WAF.6] AWS WAF Classic global rules should have at least one condition | | | | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [WAF.7] AWS WAF Classic global rule groups should have at least one rule | | | 1 | | no data |
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [WAF.10] AWS WAF web ACLs should have at least one rule or rule group | | | 1 | | no data |