Rule Index (Comment) Structure
- Structure of the Index
-
Attribute Mappings
2.1. Cloud Mapping
2.2. Platform Mapping
2.3. Category Mapping
2.4. Service Section Mapping
2.5. Source Mapping
2.6. Customization Mapping
2.7. Multiregional Mapping
The Index (comment) structure follows a pattern that represents different metadata attributes of a rule. The Index contains 10 digits and have following structure:
- Cloud: Represents the cloud provider where the rule is applicable. (2 digits)
- Platform: Represents the platform where the rule is applicable. (2 digits)
- Category: Represents the category of the rule, indicating its purpose or focus. (2 digits)
- Service Section: Represents the cloud service section to which the rule applies. (2 digits)
- Source: Represents the source of the rule (e.g., benchmark). (2 digits)
- Customization: Indicates whether the rule has 'customization' (1) or not (0). (1 digit)
- Multiregional: Indicates whether the rule is multiregional (1) or not (0). (1 digit)
Example of Index name structure:
Example of how to use tables and indexes to define metadata attributes:
Here are the attribute mappings used to construct the Index (comment):
| Cloud | Index |
|---|---|
| None | 00 |
| AWS | 01 |
| AZURE | 02 |
| GCP | 03 |
| Platform | Index |
|---|---|
| None | 00 |
| Kubernetes | 01 |
| OpenShift | 02 |
| Kubernetes and OpenShift | 03 |
Category mapping
| Category | Index |
|---|---|
| FinOps | 00 |
| Lifecycle management | 01 |
| Unutilized Resources | 02 |
| Idle and underutilized resources | 03 |
| Rightsizing | 04 |
| Autoscaling | 05 |
| Computing resources optimization | 06 |
| Storage optimization | 07 |
| Reserved instances and savings plan usage | 08 |
| Other cost optimization checks | 09 |
| Tagging | 10 |
| Security | 11 |
| Detect | 12 |
| Identify | 13 |
| Protect | 14 |
| Recover | 15 |
| Detection services | 16 |
| Secure access management | 17 |
| Inventory | 18 |
| Logging | 19 |
| Resource configuration | 20 |
| Vulnerability, patch, and version management | 21 |
| Secure access management | 22 |
| Secure configuration | 23 |
| Secure network configuration | 24 |
| Data protection | 25 |
| API protection | 26 |
| Protective services | 27 |
| Secure development | 28 |
| Key, Secrets, and Certificate management | 29 |
| Network security | 30 |
| Resilience | 31 |
| Monitoring | 32 |
| Access control | 33 |
| Passwordless authentication | 34 |
| Root user access restrictions | 35 |
| MFA enabled | 36 |
| Sensitive API actions restricted | 37 |
| Resource policy configuration | 38 |
| API private access | 39 |
| Resources not publicly accessible | 40 |
| Resources within VPC | 41 |
| Security group configuration | 42 |
| Encryption of data at rest | 43 |
| Encryption of data in transit | 44 |
| Encryption of data at rest and in transit | 45 |
| Data integrity | 46 |
| Data deletion protection | 47 |
| Credentials not hardcoded | 48 |
| Backups enabled | 49 |
| High availability | 50 |
| Deprecation | 51 |
| Service | 52 |
| Feature | 53 |
| Engine version | 54 |
| Instance generation | 55 |
| Runtime version | 56 |
| Protocols | 57 |
| Other | 58 |
Service Section Mapping
| Service Section | Index |
|---|---|
| Identity and Access Management | 00 |
| Logging and Monitoring | 01 |
| Networking & Content Delivery | 02 |
| Compute | 03 |
| Storage | 04 |
| Analytics | 05 |
| Databases | 06 |
| Kubernetes Engine | 07 |
| Containers | 08 |
| Security & Compliance | 09 |
| Cryptography & PKI | 10 |
| Machine learning | 11 |
| End User Computing | 12 |
| Developer Tools | 13 |
| Application Integration | 14 |
| Dataproc | 15 |
| App Engine | 16 |
| AppService | 17 |
| Microsoft Defender for Cloud | 18 |
Source Mapping
| Source | Index |
|---|---|
| Azure Security Benchmark (V3) | 00 |
| CIS Amazon Web Services Foundations Benchmark v1.2.0 | 01 |
| CIS Amazon Web Services Foundations Benchmark v1.4.0 | 02 |
| CIS Amazon Web Services Foundations Benchmark v1.5.0 | 03 |
| CIS AWS Compute Services Benchmark v1.0.0 | 04 |
| CIS AWS EKS Benchmark 1.1.0 | 05 |
| CIS AWS End User Compute Services Benchmark v1.0.0 | 06 |
| CIS Benchmark Google Cloud Platform Foundation v1.0.0 | 07 |
| CIS Benchmark Google Cloud Platform Foundation v1.2.0 | 08 |
| CIS Benchmark Google Cloud Platform Foundation v1.3.0 | 09 |
| CIS Benchmark Google Cloud Platform Foundation v2.0.0 | 10 |
| CIS Google Kubernetes Engine (GKE) Benchmark v1.3.0 | 11 |
| CIS Google Kubernetes Engine (GKE) Benchmark v1.4.0 | 12 |
| CIS Microsoft Azure Foundations Benchmark v1.4.0 | 13 |
| CIS Microsoft Azure Foundations Benchmark v1.5.0 | 14 |
| CIS Microsoft Azure Foundations Benchmark v2.0.0 | 15 |
| CIS MySQL Enterprise Edition 8.0 Benchmark v1.2.0 | 16 |
| CIS Oracle Database 19 Benchmark v1.0.0 | 17 |
| CIS Oracle MySQL Community Server 5.7 Benchmark v2.0.0 | 18 |
| CIS PostgreSQL 11 Benchmark 1.0.0 | 19 |
| EPAM | 20 |
| NIST SP 800-53 Rev. 5 | 21 |
| PCI DSS | 22 |
| CIS Kubernetes Benchmark v1.7.0 | 23 |
| CIS RedHat OpenShift Container Platform Benchmark v1.4.0 | 24 |
| CIS Amazon Web Services Foundations Benchmark v2.0.0 | 25 |
| CIS Google Kubernetes Engine (GKE) Benchmark v1.5.0 | 26 |
| CIS Microsoft Azure Foundations Benchmark v2.1.0 | 27 |
| CIS Azure Kubernetes Service (AKS) Benchmark v1.5.0 | 28 |
| Customization | Index |
|---|---|
| Present | 1 |
| Absent | 0 |
| Multiregional | Index |
|---|---|
| Present | 1 |
| Absent | 0 |