ISO/IEC 27001: Enforce infrastructure standards with Terraform policies

Description

ISO/IEC 27001 is an international standard for managing information security. It specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within the context of the organization's overall business risks.

Number of Guardrails

0

Relevant Guardrails

Disallow inbound open access

-->

Disallow inbound open access on Azure NSG

-->

Disallow inbound open access on GCP firewall rules

-->

Disallow public access on Azure Storage accounts

-->

Disallow public ACLs on S3 buckets

-->

Disallow public GCS buckets

-->

Disallow publicly accessible Azure SQL

-->

Disallow publicly accessible Cloud SQL

-->

Disallow publicly accessible RDS

-->

Enforce strong IAM password policy

-->

Require AWS Config to record all resources

-->

Require EBS encryption

-->

Require encryption on Azure managed disks

-->

Require encryption on GCE disks

-->

Require HTTPS on Azure Storage Accounts

-->

Require SSE on S3 buckets

-->

Require SSE on GCS buckets

-->

Require SSE on Azure Storage accounts

-->

Send CloudTrail logs to CloudWatch

-->

Import 0 Guardrails