Skip to content
/ automate-aws-evidence-collection Public

Point of Concept: To help to automate the collection of evidence for SOC 2 Audits and etc.

9 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

austinsonger/automate-aws-evidence-collection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

163 Commits
.github/workflows
.github/workflows
 
 
configurations
configurations
 
 
lists
lists
 
 
scripts
scripts
 
 
README.md
README.md
 
 

Repository files navigation

Github Action for AWS Evidence Collection

When you use this. The project should be private for obvious reasons.

Frequency Auditor Evidence ID # Evidence Github Action Evidence Output SOC2 Mapping NIST Mapping
28 Days Load balancers have only HTTPS/SSL listeners to enforce encryption in transit YAML OUTPUT CC6.1, CC6.3, CC6.6, CC6.7
28 Days TLS certificate of the production application proving confidential traffic. YAML OUTPUT CC6.1,
28 Days Direct remote access to production servers is restricted and performed through a dedicated jump server (bastion host) or VPN YAML OUTPUT CC6.1, CC6.7
Inbound network access to server management ports is controlled and restricted to defined sources CC6.1, CC6.3, CC6.6, CC6.7
The default configuration of server network access is restricted and denies all access CC6.1, CC6.3, CC6.6, CC6.7
Buckets have delete protection enabled to protect bucket deletion CC6.1, CC6.3, CC6.6, CC6.7
Public access to buckets is restricted to prevent uncontrolled or unauthorized access CC6.1, CC6.3, CC6.6, CC6.7
Network access to buckets is restricted to disallow non-conforming traffic and protocols such as HTTP CC6.1, CC6.3, CC6.6, CC6.7
Inbound network access to management ports is controlled and restricted to defined sources CC6.1, CC6.3, CC6.6, CC6.7
Web Application Firewall (WAF) rules are configured to protect network access CC6.1
Load balancers have delete protection enabled to protect from deletion CC6.1, CC6.3, CC6.6, CC6.7
Database backups are encrypted to prevent unauthorized access to information CC6.7
Encryption configuration for databases used in production environments CC6.7
Encryption configuration for server disks used in production environments CC6.7
Server disk backups are encrypted to prevent unauthorized access to information CC6.7
Encryption configuration for buckets used in production environments CC6.7
Encryption keys are rotated frequently to mitigate the risk of unauthorized access to cryptographic keys CC1.1
Listings of access keys, secret keys, API keys and other cryptographic keys stored on the key management server

About

Point of Concept: To help to automate the collection of evidence for SOC 2 Audits and etc.

Topics

fedramp iso27001 soc2

Resources

Readme

Security policy

Security policy
Activity

Stars

9 stars

Watchers

2 watching

Forks

4 forks
Report repository

Sponsor this project

  •  
Learn more about GitHub Sponsors

Contributors 2

  •  
  •  

Languages