website logo
HomeGithubSlack
⌘K
Overview
Quick Start
Supported Services
Running CloudGraph in EKS
Compliance
Rules Engine
AWS
Querying AWS Data
AWS Policy Packs
Billing Data
Services
Azure
Querying Azure Data
Azure Policy Packs
Services
GCP
Querying GCP Data
GCP Policy Packs
Services
K8s
Querying Kubernetes Data
Services
Docs powered by archbee 
8min

CIS AWS Foundations 1.4.0

Policy Pack based on the AWS Foundations 1.4.0 benchmark provided by the Center for Internet Security (CIS).

First Steps

  1. Install Cloud Graph CLI.
  2. Set up the AWS Provider for CG with the cg init aws command.
  3. Add Policy Pack for AWS PCI DSS benchmark using cg policy add aws-cis-1.4.0 command.
  4. Execute the ruleset using the scan command cg scan aws.
  5. Query the findings using the different options:

Use the CloudGraph Policy Pack for AWS CIS 1.4 to query all of your CIS findings for all of your AWS Accounts:

GraphQL
|

If you want to query several different compliance findings for a given provider like AWS at once, you can request them like this:

GraphQL
|

For each CIS rule, get the resources that the rule is associated with, in this case we are quering IAM user's data to see which pass and fail:

GraphQL
|

If you wanted to understand the CIS rules that apply to a particular IAM User you could use the following query:

GraphQL
|

Available Ruleset

Please see the CIS 1.4 README for a table of available rules.

Updated 18 May 2022
Did this page help you?
Yes
No
UP NEXT
PCI Data Security Standard V 3.2.1 for AWS
Docs powered by archbee 
TABLE OF CONTENTS
First Steps
Available Ruleset