CloudTrail Rule Set Compliance Matrix

Follow

Threat Stack provides the CloudTrial Rule Set to help you continue on your security journey. We recognize that the CloudTrial  Rule Set may not meet your organizations' specific needs and so we created alternate compliance rule sets based on:

  • HIPAA
  • SOC2
  • PCI
  • FFIEC

To help clarify how these other compliance rule sets compare to the CloudTrial Rule Set, we created comparison charts for each compliance rule set.

NOTE: CloudTrail Stopped rule in compliance rule sets does not exist in CloudTrail Base Rule Set. The CloudTrail Admin Activity catches what CloudTrail Stopped catches, as well as a few other events.

 

PCI Comparison

CloudTrail Base Rule Set PCI
CloudTrail Activity : Console Login MFA Not Used  
Cloud Trail Activity: Admin Activity PCI Compliance 10.2, 10.3, 10.5: CloudTrail Stopped
CloudTrail Activity: S3 File tracking  
CloudTrail Activity: Wide Open Security Group  
CloudTrail Activity: Security Group Changes  
Cloud Trail Activity: Admin Activity  
CloudTrail Activity : IAM Policy Changes  
 CloudTrail Activity: S3 Security Activity  

 

FFEIC Comparison

CloudTrail Base Rule Set FFIEC
CloudTrail Activity : Console Login MFA Not Used  
Cloud Trail Activity: Admin Activity FFIEC Compliance II.A, II.B, II.C & II.D: CloudTrail Stopped
CloudTrail Activity: S3 File tracking FFIEC Compliance II.A, II.B, II.C & II.D: CloudTrail Activity: S3 File tracking
CloudTrail Activity: Wide Open Security Group FFIEC Compliance II.A, II.B, II.C & II.D: CloudTrail Activity: Wide Open Security Group
CloudTrail Activity: Security Group Changes FFIEC Compliance II.A, II.B, II.C & II.D: CloudTrail Activity - Security Group Changes
Cloud Trail Activity: Admin Activity FFIEC Compliance II.A, II.B, II.C & II.D: Cloud Trail Activity: Admin Activity
CloudTrail Activity : IAM Policy Changes FFIEC Compliance II.A, II.B, II.C & II.D: CloudTrail Activity : IAM Policy Changes
CloudTrail Activity: S3 Security Activity  FFIEC Compliance II.A, II.B, II.C & II.D: CloudTrail Activity: S3 Security Activity

 

SOC2 Comparison

CloudTrail Base Rule Set SOC 2
CloudTrail Activity : Console Login MFA Not Used  
Cloud Trail Activity: Admin Activity SOC-2 Common Criteria CC 4.1, 5.1, 6.1, 6.2 & 7.4: CloudTrail Stopped
CloudTrail Activity: S3 File tracking SOC-2 Common Criteria CC CC 4.1, 5.1, 6.1, 6.2 & 7.4: CloudTrail Activity: S3 File tracking
CloudTrail Activity: Wide Open Security Group SOC-2 Common Criteria CC 4.1, 5.1, 6.1, 6.2 & 7.4: CloudTrail Activity: Wide Open Security Group
CloudTrail Activity: Security Group Changes SOC-2 Common Criteria CC 4.1, 5.1, 6.1, 6.2 & 7.4: CloudTrail Activity - Security Group Changes
Cloud Trail Activity: Admin Activity SOC-2 Common Criteria CC 4.1, 5.1, 6.1, 6.2 & 7.4: Cloud Trail Activity (Admin Activity)
CloudTrail Activity : IAM Policy Changes SOC-2 Common Criteria CC 4.1, 5.1, 6.1, 6.2 & 7.4: CloudTrail Activity : IAM Policy Changes
CloudTrail Activity: S3 Security Activity  SOC-2 Common Criteria CC CC 4.1, 5.1, 6.1, 6.2 & 7.4: CloudTrail Activity: S3 Security Activity

 

HIPAA Comparison

CloudTrail Base Rule Set HIPAA
CloudTrail Activity : Console Login MFA Not Used HIPAA Compliance 164.308(a)(5)(ii)(C): CloudTrail Activity - Console Login, (MFA Not Used)
Cloud Trail Activity: Admin Activity HIPAA Compliance 164.312(b): CloudTrail Stopped
CloudTrail Activity: S3 File tracking HIPAA Compliance 164.312(c)(1): CloudTrail Activity (S3FIM)
CloudTrail Activity: Wide Open Security Group HIPAA Compliance 164.312(c)(1): CloudTrail Activity (Wide Open Security Group) 
CloudTrail Activity: Security Group Changes HIPAA Compliance 164.312(c)(1): CloudTrail Activity - Security Group Changes
Cloud Trail Activity: Admin Activity  
CloudTrail Activity : IAM Policy Changes  
CloudTrail Activity: S3 Security Activity  

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.