Skip to main content

💼 SI-7(6) Software, Firmware, and Information Integrity | Cryptographic Protection

  • ID: /frameworks/nist-sp-800-53-r5/si/07/06

Description

Implement cryptographic mechanisms to detect unauthorized changes to software, firmware, and information.

Similar

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/api-gateway/02
    • /frameworks/aws-fsbp-v1.0.0/api-gateway/05
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/03
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/07
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/08
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/10
    • /frameworks/aws-fsbp-v1.0.0/cloudtrail/02
    • /frameworks/aws-fsbp-v1.0.0/codebuild/03
    • /frameworks/aws-fsbp-v1.0.0/documentdb/01
    • /frameworks/aws-fsbp-v1.0.0/dynamodb/03
    • /frameworks/aws-fsbp-v1.0.0/ec2/03
    • /frameworks/aws-fsbp-v1.0.0/ec2/07
    • /frameworks/aws-fsbp-v1.0.0/efs/01
    • /frameworks/aws-fsbp-v1.0.0/elasticache/04
    • /frameworks/aws-fsbp-v1.0.0/elasticache/05
    • /frameworks/aws-fsbp-v1.0.0/elb/01
    • /frameworks/aws-fsbp-v1.0.0/elb/02
    • /frameworks/aws-fsbp-v1.0.0/elb/03
    • /frameworks/aws-fsbp-v1.0.0/elb/08
    • /frameworks/aws-fsbp-v1.0.0/elb/17
    • /frameworks/aws-fsbp-v1.0.0/es/01
    • /frameworks/aws-fsbp-v1.0.0/es/08
    • /frameworks/aws-fsbp-v1.0.0/kinesis/01
    • /frameworks/aws-fsbp-v1.0.0/neptune/01
    • /frameworks/aws-fsbp-v1.0.0/opensearch/01
    • /frameworks/aws-fsbp-v1.0.0/opensearch/08
    • /frameworks/aws-fsbp-v1.0.0/rds/03
    • /frameworks/aws-fsbp-v1.0.0/rds/04
    • /frameworks/aws-fsbp-v1.0.0/rds/27
    • /frameworks/aws-fsbp-v1.0.0/redshift/10
    • /frameworks/aws-fsbp-v1.0.0/s3/05
    • /frameworks/aws-fsbp-v1.0.0/sqs/01
  • Internal
    • ID: dec-c-8934557b

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [APIGateway.2] API Gateway REST API stages should be configured to use SSL certificates for backend authentication"11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [APIGateway.5] API Gateway REST API cache data should be encrypted at restno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.3] CloudFront distributions should require encryption in transit11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.7] CloudFront distributions should use custom SSL/TLS certificates11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.8] CloudFront distributions should use SNI to serve HTTPS requests11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.10] CloudFront distributions should not use deprecated SSL protocols between edge locations and custom origins11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudTrail.2] CloudTrail should have encryption at-rest enabled1no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CodeBuild.3] CodeBuild S3 logs should be encryptedno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DocumentDB.1] Amazon DocumentDB clusters should be encrypted at restno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DynamoDB.3] DynamoDB Accelerator (DAX) clusters should be encrypted at rest11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.3] Attached Amazon EBS volumes should be encrypted at-rest1no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.7] EBS default encryption should be enabled11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EFS.1] Elastic File System should be configured to encrypt file data at-rest using AWS KMS11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ElastiCache.4] ElastiCache replication groups should be encrypted at restno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ElastiCache.5] ElastiCache replication groups should be encrypted in transitno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.1] Application Load Balancer should be configured to redirect all HTTP requests to HTTPSno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.2] Classic Load Balancers with SSL/HTTPS listeners should use a certificate provided by AWS Certificate Managerno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.3] Classic Load Balancer listeners should be configured with HTTPS or TLS terminationno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.8] Classic Load Balancers with SSL listeners should use a predefined security policy that has strong AWS Configurationno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.17] Application and Network Load Balancers with listeners should use recommended security policiesno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.1] Elasticsearch domains should have encryption at-rest enabledno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.8] Connections to Elasticsearch domains should be encrypted using the latest TLS security policyno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Kinesis.1] Kinesis streams should be encrypted at restno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Neptune.1] Neptune DB clusters should be encrypted at restno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.1] OpenSearch domains should have encryption at rest enabledno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.8] Connections to OpenSearch domains should be encrypted using the latest TLS security policyno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.3] RDS DB instances should have encryption at-rest enabled11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.4] RDS cluster snapshots and database snapshots should be encrypted at restno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.27] RDS DB clusters should be encrypted at restno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Redshift.10] Redshift clusters should be encrypted at restno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.5] S3 general purpose buckets should require requests to use SSL11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SQS.1] Amazon SQS queues should be encrypted at restno data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (12)

PolicyLogic CountFlagsCompliance
🛡️ AWS Account EBS Volume Encryption Attribute is not enabled in all regions🟢1🟢 x6no data
🛡️ AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses default SSL/TLS certificate🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses Dedicated IP for SSL🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins🟢1🟢 x6no data
🛡️ AWS CloudTrail is not encrypted with KMS CMK🟢1🟢 x6no data
🛡️ AWS DAX Cluster Server-Side Encryption is not enabled🟢1🟢 x6no data
🛡️ AWS EBS Attached Volume is not encrypted🟢1🟢 x6no data
🛡️ AWS EFS File System encryption is not enabled🟢1🟢 x6no data
🛡️ AWS RDS Instance Encryption is not enabled🟢1🟢 x6no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢1🟢 x6no data