CloudTrail Rule Set Compliance Matrix

Follow

 

CloudTrail Rule Sets Overview

Threat Stack provides a CloudTrail Rule Set to help you get started on your security journey. We recognize that the CloudTrail Rule Set may not meet your organizations' specific needs and so we created alternate compliance rule sets based on:

  • HIPAA
  • SOC2
  • PCI
  • FFIEC

Rule Sets

To help clarify how these other compliance rule sets compare to the CloudTrail Rule Set, we created comparison charts for each compliance rule set.

Note

The "CloudTrail Stopped" rule in compliance rule sets does not exist in CloudTrail Base Rule Set. The CloudTrail Admin Activity catches what CloudTrail Stopped catches, as well as a few other events.

HIPAA SOC2 PCI FFIEC
CloudTrail Rule Set HIPAA Rule Set
CloudTrail Activity : Console Login MFA Not Used HIPAA Compliance 164.308(a)(5)(ii)(C): CloudTrail
Cloud Trail Activity: Admin Activity HIPAA Compliance 164.312(b): CloudTrail Stopped
CloudTrail Activity: S3 File tracking HIPAA Compliance 164.312(c)(1): CloudTrail Activity (S3FIM)
CloudTrail Activity: Wide Open Security Group HIPAA Compliance 164.312(c)(1): CloudTrail Activity (Wide Open Security Group)
CloudTrail Activity: Security Group Changes HIPAA Compliance 164.312(c)(1): CloudTrail Activity - Security Group Changes
Cloud Trail Activity: Admin Activity  
CloudTrail Activity : IAM Policy Changes  
CloudTrail Activity: S3 Security Activity  
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.