2022.4 | 2022.3 | 2022.2

2022.4

January 7, 2023

New features and enhancements

Integrations
- Added Snyk Open Source (SCA) as a supported Verification Tool.
- Introduced an ability to upload and overwrite default Countermeasure mapping files under all Verification Tools.
- Currently, you cannot upload a file with special characters. See the User Guide for instructions on what is supported until a fix is released.
Advanced Reports
- Reporting Contexts
  - Users can choose the context that forms the basis of their report request to create more robust advanced reports.
- Join paths from Countermeasures to threats and Countermeasures to components have been added in the Countermeasure context. Users can now reliably report on the Countermeasures required to mitigate a threat.
- You will receive the error "Invalid Token" while executing an advanced report if it takes longer than 60 seconds to execute. Add additional filters to the report to reduce the number of returned results.
Components
- Connected Components
  - Enables SD Elements project users to create a component from a project or release.
  - Information from the project is preloaded in the component creation dialog.
  - Components created from projects still need to be enabled by a content admin (approval workflow).
Threat Model diagrams
- Added the ability to add notes to the diagram.
- Added the ability to nest zones.
- Added the ability to apply Risk Policies to filter Countermeasures on the Threats List page.

Other product improvements

Comment syncing via SD Elements to Jira was expanded to support all authoritative sources.
- This feature was originally only available to users using SD Elements as an authoritative source.
Added support for network isolation security features in containerized setups of SD Elements.
- This feature enables SD Elements administrators to filter out unauthorized network traffic between Kubernetes pods.

Content improvements summary

PCI DSS

Added new Countermeasures and a Regulation based on PCI DSS v4.0.

Azure AKS

Added new Countermeasures, Amendments, and How-tos based on CIS Azure Kubernetes Service (AKS) Benchmark version 1.2.0.

Android

Added and/or updated Countermeasures, Weaknesses, and How-tos, and Amendments based on Android versions 11, 12 and 13.

TypeScript

Added new How-tos for TypeScript.

AWS Services

Added content for AWS API Gateway, AWS Cognito, AWS Kinesis Data Firehose, Amazon Kinesis Data Streams, and AWS WAF.

.Net 6 Update

Added new How-tos for .Net 6.

Golang

Added new How-tos for Golang.

CWE Top 25

Added the latest CWE Top 25 (2022) mapping to SD Elements content.

Content additions and updates (as of December 6, 2022):

Compliance Regulations and Mappings
- Added 2022 CWE Top 25 Most Dangerous Software Weaknesses
- Added CIS Azure Kubernetes Service (AKS) 1.2.0
- Added PCI-DSS-v4.0
Content Packs
- Added TypeScript
- Added AKS
Updated the following code scanner mappings
- Fortify
New Just-in-Time Training
- Secure Software Requirements (18)
- Defending Django (23)
- CCPA for Developers (5)
- Defending Ansible (20)
- Defending .NET6 (15)
- PCI SSLC (10)
T1: Use multi-factor authentication for remote access to high risk systems or administrative access to services
- I1858: Configure 2FA in ASP.NET [Added]
T5: Use minimum standards for passwords [Updated]
- INFO: Updated the text.
- TA6364: Prevent the use of pwned passwords [Added]
T21: Ensure all data in transit is encrypted using a secure TLS channel
- P216: Clear Text and Unencrypted Transmission of Information [Updated]
  - INFO: Updated the match conditions.
T36: Escape untrusted data in HTML, HTML attributes, CSS, and JavaScript
- I1852: Avoid XSS in TypeScript [Added]
T43: Avoid unsafe operating system interaction
- I1853: Avoid Command Injection in TypeScript [Added]
T59: Use standard libraries for cryptography
- I1860: Go: Triple DES Encryption [Added]
T62: Protect passwords in property and configuration files
- TA6368: Protecting secrets in Test/Development environments. [Added]
- I771: ASP.NET Core / C#: Secret Manager for Development Environments [Updated]
  - INFO: Updated the text and match conditions.
- P158: Password in configuration files [Updated]
  - INFO: Updated the title.
T73: Use random delays in authentication failures
- I1856: Protect against timing attacks in TypeScript [Added]
T76: Do not hardcode passwords [Updated]
- INFO: Updated the title.
T161: Treat unique device IDs as personal information [Updated]
- INFO: Updated the text.
- TA280: Unique device IDs in Android [Updated]
  - INFO: Updated the text.
- P257: Privacy Violation [Updated]
  - INFO: Updated the text.
T162: Validate pathname before retrieving local resources
- I1855: Protect against path traversal in TypeScript [Added]
T194: Obtain user consent for tracking cookies
- P732: Insufficient consent for user tracking [Updated]
  - INFO: Updated the match conditions.
T204: Follow security best practices when dealing with pointers
- TA6367: Avoid granting direct access to the memory [Added]
T261: Manage iOS Pasteboards that are used with sensitive data
- P213: Plaintext Storage in Memory [Updated]
  - INFO: Updated the match conditions.
T270: Follow best practices for storing application data on Android devices [Updated]
- INFO: Updated the text.
- I1805: EncryptedSharedPreferences [Added]
- I402: Android storage options and considerations [Updated]
  - INFO: Updated the text.
T272: Restrict access to the application's exported components (Android) [Updated]
- INFO: Updated the text.
T331: Enforce policies through content security policy (CSP) or XSS protection headers [Updated]
- INFO: Updated the text.
- TA6365: X-XSS-Protection for old browser versions [Added]
T340: Use an account and identity management system
- I1857: Use extensibility points in the ASP.NET identity system [Added]
T423: Disable copying on Android text fields with sensitive data [Updated]
- INFO: Updated the text.
- I1806: Mask sensitive information in the Android clipboard [Added]
T440: Follow best practices when managing Android permissions
- I1807: Granular data access permissions [Added]
- TA6256: Location permissions [Added]
T442: Test that Android permissions are properly managed
- TA6257: Test location permissions [Added]
T528: Enable MAC layer security mechanisms supported in the IEEE 802.15.4 when supported by the vendor
- P799: No MAC layer security in shared networks [Updated]
  - INFO: Updated the match conditions.
T564: Follow best practices for sharing data between Android applications [Updated]
- INFO: Updated the text.
T615: Check your mobile application's integrity and installation source [Updated]
- INFO: Updated the text.
- I568: Android: Integrity and installation source [Updated]
  - INFO: Updated the text.
T643: Implement certificate pinning in a hostile environment
- I1861: GoLang: Certificate pinning [Added]
T975: Use a sandboxing alternative to Security Manager (Apache Tomcat) [Updated]
- INFO: Updated the text.
- I819: Apache Tomcat: Starting Tomcat with Security Manager [Updated]
  - INFO: Updated the text.
- P983: Lack of a sandboxing mechanism or relying on the deprecated Security Manager (Apache Tomcat) [Updated]
  - INFO: Updated the text.
T1004: Verify that a sandboxing alternative to Security Manager is used (Apache Tomcat) [Updated]
- INFO: Updated the text.
- P983: Lack of a sandboxing mechanism or relying on the deprecated Security Manager (Apache Tomcat) [Updated]
  - INFO: Updated the text.
T1300: Enable multi-factor authentication for all non-service accounts (Google Cloud)
- P1139: Weak Authentication [Updated]
  - INFO: Updated the title, text, and match conditions.
T1366: Identify applicable compliance regulations
- P1171: Lack of a process for identifying applicable compliance regulation [Updated]
  - INFO: Updated the match conditions.
T1367: Identify and classify critical assets
- P1172: Lack of a process for identifying critical assets [Updated]
  - INFO: Updated the match conditions.
T1368: Perform security testing using SAST tools
- I1851: Analyze TypeScript code using a SAST tool [Added]
- P1186: Lack of a process for static application security testing (SAST) [Updated]
  - INFO: Updated the match conditions.
T1369: Perform security testing using DAST tools
- P1173: Lack of a process for dynamic application testing [Updated]
  - INFO: Updated the match conditions.
T1370: Identify and track common software weaknesses and threats
- P1187: Lack of a process for identifying and assessing software threats [Updated]
  - INFO: Updated the match conditions.
T1371: Use a software security management solution to select and track security controls
- P1188: Lack of software security management solution to track security controls [Updated]
  - INFO: Updated the match conditions.
T1372: Follow software change management process
- P1174: Lack of software change management process [Updated]
  - INFO: Updated the match conditions.
T1373: Maintain the integrity of all software code
- P1175: Insufficient software code control [Updated]
  - INFO: Updated the match conditions.
T1374: Ensure the integrity of software release and update delivery
- P1178: Lack of a process for ensuring the integrity of software release and update [Updated]
  - INFO: Updated the match conditions.
T1375: Properly collect and protect sensitive data
- P1180: Lack of process for collecting and protecting sensitive data [Updated]
  - INFO: Updated the match conditions.
T1376: Provide and maintain guidance on secure installation, maintenance, and configuration of all software components
- P1181: Lack of guidance on secure installation, maintenance and configuration of all software components [Updated]
  - INFO: Updated the match conditions.
T1377: Establish and maintain a bi-directional communication channel for receiving security reports and sending security notifications
- P1182: Lack of a communication channel for reporting security issues [Updated]
  - INFO: Updated the match conditions.
T1378: Release a change summary for each software update
- P1177: Lack of a process for creating summary of changes upon each software update [Updated]
  - INFO: Updated the match conditions.
T1380: Enforce secure user registration and access control
- P1185: Lack of process for user registration and enforcement of access control [Updated]
  - INFO: Updated the match conditions.
T1381: Establish secure processes for key management
- P1434: Lack of secure key management process [Updated]
  - INFO: Updated the match conditions.
T1382: Manage performance and capacity
- P1190: Lack of process for performance and capacity management [Updated]
  - INFO: Updated the match conditions.
T1383: Separate development, test, and operational environments
- P1191: Deploying software in production on the same environment as development and testing [Updated]
  - INFO: Updated the match conditions.
T1384: Back up and restore securely
- P1179: A secure backup and restore processes are missing or lacking [Updated]
  - INFO: Updated the match conditions.
T1385: Institute secure logging and event monitoring
- P1183: No secure processes for logging and monitoring events [Updated]
  - INFO: Updated the match conditions.
T1387: Ensure the security of products acquired through the supply chain and contractors
- P1170: Lack of a secure process for outsourcing [Updated]
  - INFO: Updated the match conditions.
T1388: Triage and fix vulnerabilities discovered during automated and manual security tests
- P1225: Unmanaged test result findings [Updated]
  - INFO: Updated the match conditions.
T1389: Perform penetration testing
- P1184: Lack of a secure process for penetration testing [Updated]
  - INFO: Updated the match conditions.
T1541: Decide on the best CSRF defense for your application
- I1854: Protect against CSRF in TypeScript [Added]
T1891: Perform Privacy Impact Assessment (PIA)
- P1435: Lack of Privacy Impact Assessment (PIA) [Updated]
  - INFO: Updated the match conditions.
T1893: Perform a cloud solution security posture assessment
- P1436: Lack of cloud solution security posture assessment [Updated]
  - INFO: Updated the match conditions.
T1894: Perform a vendor security assessment
- P1437: Lack of vendor security assessment [Updated]
  - INFO: Updated the match conditions.
T1895: Protect applications with Intrusion Detection / Protection System (IDS/IPS)
- P1429: Applications not protected with Intrusion Detection / Protection System (IDS/IPS) [Updated]
  - INFO: Updated the match conditions.
T1915: Perform network vulnerability assessment
- P1438: Lack of network vulnerability assessment [Updated]
  - INFO: Updated the match conditions.
T1920: Conduct security architecture and design reviews before starting code development
- P1432: Lack of security architecture and design activities [Updated]
  - INFO: Updated the match conditions.
T1921: Track and manage usage of third-party and commercial off the shelf (COTS) hardware or software
- P1433: Lack of third-party software code or dependencies management [Updated]
  - INFO: Updated the match conditions.
T2052: Verify that network access rules are configured properly for storage accounts (Microsoft Azure) [Updated]
- INFO: Updated the text.
T2118: Exercise security monitoring best practices in Microservices environments [Updated]
- INFO: Updated the inclusion weakness.
- P1712: Lack of security monitoring in Microservices environments [Added]
T2119: Deploy circuit breakers in Microservices environments [Updated]
- INFO: Updated the inclusion weakness.
- P1711: Lack of strategies to limit resource consumption in Microservices environments [Added]
T2120: Exercise security best practices for load balancing in Microservices environments [Updated]
- INFO: Updated the inclusion weakness.
- P1711: Lack of strategies to limit resource consumption in Microservices environments [Added]
T2121: Exercise security best practices for service rate limiting in Microservices environments [Updated]
- INFO: Updated the inclusion weakness.
- P1711: Lack of strategies to limit resource consumption in Microservices environments [Added]
T2210: Prevent signals conflict between a hardware IP and the parent system (Hardware/Firmware) [Updated]
- INFO: Updated the phase.
T2214: Protect unexpected behavior of system due to sequence of processor instructions (Halt and Catch Fire) (Hardware/Firmware) [Updated]
- INFO: Updated the phase.
T2221: Prevent debugging messages revealing sensitive Information (Hardware/Firmware) [Updated]
- INFO: Updated the phase.
T2294: Enable logs and configuration monitoring in your cloud environment (Cloud) (1/4)
- P1667: Lack of monitoring (Cloud) [Updated]
  - INFO: Updated the match conditions.
T2296: Securely install and configure all software components
- P1669: Lack of a process for securely installing and configuring all software components [Updated]
  - INFO: Updated the match conditions.
T2309: Securely configure worker nodes (Containerization) [Deactivated]
T2310: Implement proper authentication and authorization (Containerization) (1/2) [Deactivated]
T2311: Ensure proper network settings and configuration (Containerization)
- I1840: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.4.2) [Added]
- I1849: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 5.4.2) [Added]
- I1850: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 5.4.3) [Added]
- TA6320: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.4.2) [Added]
- TA6348: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 5.4.2) [Added]
- TA6350: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 5.4.3) [Added]
- TA6352: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 5.4.4) [Added]
- TA6354: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 5.4.5) [Added]
- P1673: Improper network settings and configuration (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2312: Ensure proper logging and security monitoring (Containerization)
- I1809: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 2.1.1) [Added]
- TA6258: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 2.1.1) [Added]
- P1674: Inadequate logging and security monitoring (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2313: Keep data and secrets safe (Containerization)
- I1826: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.2) [Added]
- I1841: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.5.1) [Added]
- I1842: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.5.2) [Added]
- TA6292: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.2) [Added]
- TA6322: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.5.1) [Added]
- TA6324: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.5.2) [Added]
- TA6344: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 5.3.1) [Added]
- P1675: Lack of data and secrets protection (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2314: Enforce secure policies (Containerization)
- I1839: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.4.1) [Added]
- I1843: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.7.1) [Added]
- I1844: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.7.2) [Added]
- TA6318: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.4.1) [Added]
- TA6326: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.6.1) [Added]
- TA6328: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.7.1) [Added]
- TA6330: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.7.2) [Added]
- TA6362: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 5.6.2) [Added]
- P1676: Lack of secure policies (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2315: Use managed services (Containerization) [Deactivated]
T2317: Verify worker nodes are configured securely (Containerization) [Deactivated]
T2318: Verify proper authentication and authorization are implemented (Containerization) [Deactivated]
T2319: Verify proper network settings and configuration (Containerization)
- TA6321: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.4.2) [Added]
- P1673: Improper network settings and configuration (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2321: Verify data and secrets are kept safe (Containerization)
- TA6293: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.2) [Added]
- TA6323: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.5.1) [Added]
- TA6325: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.5.2) [Added]
- P1675: Lack of data and secrets protection (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2322: Verify secure policies are enforced (Containerization)
- TA6319: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.4.1) [Added]
- TA6327: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.6.1) [Added]
- TA6329: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.7.1) [Added]
- TA6331: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.7.2) [Added]
- P1676: Lack of secure policies (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2323: Verify managed services are used (Containerization) [Deactivated]
T2332: Adhere to an appropriate Global Privacy Control (GPC) header [Updated]
- INFO: Updated the match conditions.
- P732: Insufficient consent for user tracking [Updated]
  - INFO: Updated the match conditions.
T2377: Implement proper authentication and authorization (Containerization) (2/2) [Deactivated]
T2378: Ensure compatibility with the United Nations automotive cybersecurity regulation WP.29
- P1688: Lack of processes for the approval of vehicles with regards to cyber security and cyber security management system [Updated]
  - INFO: Updated the text.
T2380: Review and verify playbooks (Ansible) [Updated]
- INFO: Updated the text.
T2399: Perform a data access audit for sensitive data (Android) [Added]
- P1703: Lack of sensitive data access audits [Added]
- I1808: Performing data audit access inside an activity [Added]
T2400: Verify data access audits (Android) [Added]
- P1703: Lack of sensitive data access audits [Added]
T2404: Enforce a minimum TLS version for API connections (Amazon API Gateway) [Added]
- P1694: Using deprecated encryption protocols [Added]
T2405: Verify a minimum TLS version for API connections is used (Amazon API Gateway) [Added]
- P1694: Using deprecated encryption protocols [Added]
T2406: Encrypt the API cache (Amazon API Gateway) [Added]
- P1695: Lack of encryption for server-side cached data [Added]
T2407: Verify the API cache is encrypted (Amazon API Gateway) [Added]
- P1695: Lack of encryption for server-side cached data [Added]
T2408: Ensure API Gateway actions are logged (Amazon API Gateway) [Added]
- P1667: Lack of monitoring (Cloud) [Updated]
  - INFO: Updated the match conditions.
T2409: Verify API Gateway actions are logged (Amazon API Gateway) [Added]
- P1667: Lack of monitoring (Cloud) [Updated]
  - INFO: Updated the match conditions.
T2410: Restrict outside access to internal APIs (Amazon API Gateway) [Added]
- P1696: Exposed APIs with public endpoints [Added]
T2411: Verify outside access to internal APIs is restricted (Amazon API Gateway) [Added]
- P1696: Exposed APIs with public endpoints [Added]
T2412: Protect APIs with a Web Application Firewall (Amazon API Gateway) [Added]
- P1697: API endpoints without basic firewall protections [Added]
T2413: Verify APIs are protected with a Web Application Firewall (Amazon API Gateway) [Added]
- P1697: API endpoints without basic firewall protections [Added]
T2414: Don't use API keys for authentication and authorization (Amazon API Gateway) [Added]
- P1139: Weak Authentication [Updated]
  - INFO: Updated the title, text, and match conditions.
T2415: Verify API keys are not the only mechanism for authentication and authorization (Amazon API Gateway) [Added]
- P1139: Weak Authentication [Updated]
  - INFO: Updated the title, text, and match conditions.
T2416: Encrypt Kinesis Firehose delivery streams (Amazon Kinesis Data Firehose) [Added]
- P216: Clear Text and Unencrypted Transmission of Information [Updated]
  - INFO: Updated the match conditions.
T2417: Verify Kinesis Firehose delivery streams are encrypted (Amazon Kinesis Data Firehose) [Added]
- P216: Clear Text and Unencrypted Transmission of Information [Updated]
  - INFO: Updated the match conditions.
T2418: Ensure Cognito uses strong authentication requirements (Amazon Cognito) [Added]
- P1139: Weak Authentication [Updated]
  - INFO: Updated the title, text, and match conditions.
T2419: Verify Cognito uses strong authentication requirements (Amazon Cognito) [Added]
- P1139: Weak Authentication [Updated]
  - INFO: Updated the title, text, and match conditions.
T2420: Add advanced security to user pool (Amazon Cognito) [Added]
T2421: Verify Cognito user pools are protected by adaptive security (AWS) [Added]
T2422: Check the S3 backup for Kinesis Firehose delivery failures (Amazon Kinesis Data Firehose) [Added]
- P1699: Transfer failure that leads to orphaned data [Added]
T2423: Verify the S3 backup for Kinesis Firehose delivery failures are checked regularly (Amazon Kinesis Data Firehose) [Added]
- P1699: Transfer failure that leads to orphaned data [Added]
T2424: Defend Cognito user pools with a WAF (Amazon Cognito) [Added]
- P1698: Not using a WAF to protect web applications and services against common attacks [Added]
T2425: Encrypt Kinesis streams on the server (Amazon Kinesis Data Streams) [Added]
- P216: Clear Text and Unencrypted Transmission of Information [Updated]
  - INFO: Updated the match conditions.
T2426: Verify WAF is enabled for Cognito user pools (Amazon Cognito) [Added]
- P1698: Not using a WAF to protect web applications and services against common attacks [Added]
T2427: Verify Kinesis streams are encrypted on the server (Amazon Kinesis Data Streams) [Added]
- P216: Clear Text and Unencrypted Transmission of Information [Updated]
  - INFO: Updated the match conditions.
T2428: Implement least privilege access to Kinesis streams (Amazon Kinesis Data Streams) [Added]
- P1700: Unnecessary and excessive privileges [Added]
T2429: Verify least privilege access to Kinesis streams is implemented (Amazon Kinesis Data Streams) [Added]
- P1700: Unnecessary and excessive privileges [Added]
T2430: Use IAM policy to safeguard Cognito user records against accidents (Amazon Cognito) [Added]
- P1700: Unnecessary and excessive privileges [Added]
T2431: Verify IAM policies to safeguard Cognito user records against accidents is used (Amazon Cognito) [Added]
- P1700: Unnecessary and excessive privileges [Added]
T2432: Ensure Kinesis events are logged (Amazon Kinesis Data Streams) [Added]
- P1667: Lack of monitoring (Cloud) [Updated]
  - INFO: Updated the match conditions.
T2433: Verify Kinesis events are logged (Amazon Kinesis Data Streams) [Added]
- P1667: Lack of monitoring (Cloud) [Updated]
  - INFO: Updated the match conditions.
T2434: Enable Web Application Firewall (AWS Web Application Firewall) [Added]
- P1698: Not using a WAF to protect web applications and services against common attacks [Added]
T2435: Verify the Web Application Firewall is enabled (AWS Web Application Firewall) [Added]
- P1698: Not using a WAF to protect web applications and services against common attacks [Added]
T2436: Ensure Cognito events are logged (Amazon Cognito) [Added]
- P1667: Lack of monitoring (Cloud) [Updated]
  - INFO: Updated the match conditions.
T2437: Verify Cognito events are logged (Amazon Cognito) [Added]
- P1667: Lack of monitoring (Cloud) [Updated]
  - INFO: Updated the match conditions.
T2438: Ensure Web Application Firewall ACLs are logged (AWS Web Application Firewall) [Added]
- P1702: Lack of collecting log data for WAF rules [Added]
T2439: Review Web Application Firewall logs for issues (AWS Web Application Firewall) [Added]
- P1701: Lack of monitoring WAF for false positives and suspicious activity [Added]
T2440: Verify Web Application Firewall ACLs are logged (AWS Web Application Firewall) [Added]
- P1702: Lack of collecting log data for WAF rules [Added]
T2441: Verify WAF logs are reviewed in a timely manner for issues (AWS Web Application Firewall) [Added]
- P1701: Lack of monitoring WAF for false positives and suspicious activity [Added]
T2442: Ensure proper permissions for files on worker nodes (Containerization) [Added]
- P1704: Lack of proper access rights for configuration files (Containerization) [Added]
- I1810: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.1.1) [Added]
- I1811: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.1.2) [Added]
- I1812: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.1.3) [Added]
- I1813: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.1.4) [Added]
- TA6260: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.1.1) [Added]
- TA6262: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.1.2) [Added]
- TA6264: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.1.3) [Added]
- TA6266: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.1.4) [Added]
- TA5962: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.1.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA5964: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.1.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA5966: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.1.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA5968: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.1.4) [Updated]
  - INFO: Updated the inclusion standard.
- I1654: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.1.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1655: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.1.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1656: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.1.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1657: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.1.4) [Updated]
  - INFO: Updated the inclusion standard.
T2443: Verify proper permissions for files on worker nodes (Containerization) [Added]
- P1704: Lack of proper access rights for configuration files (Containerization) [Added]
- TA6261: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.1.1) [Added]
- TA6263: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.1.2) [Added]
- TA6265: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.1.3) [Added]
- TA6267: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.1.4) [Added]
- TA5963: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.1.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA5965: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.1.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA5967: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.1.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA5969: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.1.4) [Updated]
  - INFO: Updated the inclusion standard.
T2444: Secure authentication to and from worker nodes (Containerization) [Added]
- P1705: Insecure authentication to and from worker nodes (Containerization) [Added]
- I1814: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.1) [Added]
- I1816: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.3) [Added]
- TA6268: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.1) [Added]
- TA6272: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.3) [Added]
- TA5970: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA5974: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1658: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1659: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.3) [Updated]
  - INFO: Updated the inclusion standard.
T2445: Verify secure authentication to and from worker nodes (Containerization) [Added]
- P1705: Insecure authentication to and from worker nodes (Containerization) [Added]
- TA6269: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.1) [Added]
- TA6273: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.3) [Added]
- TA5971: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA5975: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.3) [Updated]
  - INFO: Updated the inclusion standard.
T2446: Collect and protect sensitive information on worker nodes (Containerization) [Added]
- P1706: Poor collection and protection of sensitive information on worker nodes (Containerization) [Added]
- I1817: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.4) [Added]
- I1822: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 3.2.9) [Added]
- TA6274: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.4) [Added]
- TA6284: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 3.2.9) [Added]
- TA5976: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA6033: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 3.2.9) [Updated]
  - INFO: Updated the inclusion standard.
- I1660: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.4) [Updated]
  - INFO: Updated the inclusion standard.
- I1666: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 3.2.9) [Updated]
  - INFO: Updated the inclusion standard.
T2447: Verify the collection and protection of sensitive information on worker nodes (Containerization) [Added]
- P1706: Poor collection and protection of sensitive information on worker nodes (Containerization) [Added]
- TA6275: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.4) [Added]
- TA6285: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 3.2.9) [Added]
- TA5977: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA6034: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 3.2.9) [Updated]
  - INFO: Updated the inclusion standard.
T2448: Ensure the availability of worker nodes (Containerization) [Added]
- P1707: Unavailabilty of worker nodes (Containerization) [Added]
- I1818: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.5) [Added]
- I1823: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 3.2.10) [Added]
- I1824: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.11) [Added]
- TA6276: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.5) [Added]
- TA6286: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 3.2.10) [Added]
- TA6288: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.11) [Added]
- TA5978: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA5986: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.11) [Updated]
  - INFO: Updated the inclusion standard.
- TA6035: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 3.2.10) [Updated]
  - INFO: Updated the inclusion standard.
- I1661: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.5) [Updated]
  - INFO: Updated the inclusion standard.
- I1665: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.11) [Updated]
  - INFO: Updated the inclusion standard.
- I1667: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 3.2.10) [Updated]
  - INFO: Updated the inclusion standard.
T2449: Verify the availability of worker nodes (Containerization) [Added]
- P1707: Unavailabilty of worker nodes (Containerization) [Added]
- TA6277: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.5) [Added]
- TA6287: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 3.2.10) [Added]
- TA6289: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.11) [Added]
- TA5979: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA5987: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.11) [Updated]
  - INFO: Updated the inclusion standard.
- TA6036: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 3.2.10) [Updated]
  - INFO: Updated the inclusion standard.
T2450: Protect worker nodes with proper flags and arguments (Containerization) [Added]
- P1708: Failure to protect worker nodes with proper flags and arguments (Containerization) [Added]
- I1819: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.6) [Added]
- I1820: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.7) [Added]
- I1821: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.8) [Added]
- TA6278: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.6) [Added]
- TA6280: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.7) [Added]
- TA6282: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.8) [Added]
- TA5980: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.6) [Updated]
  - INFO: Updated the inclusion standard.
- TA5982: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA5984: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.8) [Updated]
  - INFO: Updated the inclusion standard.
- I1662: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1663: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.7) [Updated]
  - INFO: Updated the inclusion standard.
- I1664: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.8) [Updated]
  - INFO: Updated the inclusion standard.
T2451: Verify that worker nodes are protected with proper flags and arguments (Containerization) [Added]
- P1708: Failure to protect worker nodes with proper flags and arguments (Containerization) [Added]
- TA6279: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.6) [Added]
- TA6281: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.7) [Added]
- TA6283: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.8) [Added]
- TA5981: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.6) [Updated]
  - INFO: Updated the inclusion standard.
- TA5983: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA5985: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.8) [Updated]
  - INFO: Updated the inclusion standard.
T2452: Use managed components (Containerization) [Added]
- P1710: Using unmanaged components (Containerization) [Added]
- I1848: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 5.2.1) [Added]
- TA6342: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 5.2.1) [Added]
- TA6360: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 5.6.1) [Added]
- TA6023: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.2.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA6031: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.6.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1699: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.2.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1700: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.6.1) [Updated]
  - INFO: Updated the inclusion standard.
T2453: Verify that managed components are used (Containerization). [Added]
- P1710: Using unmanaged components (Containerization) [Added]
- TA6343: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 5.2.1) [Added]
- TA6024: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.2.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA6032: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.6.1) [Updated]
  - INFO: Updated the inclusion standard.
T2454: Verify that managed container registries are securely configured (Containerization) [Added]
- P1709: Insecurely configured managed container registries (Containerization) [Added]
- TA6341: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 5.1.4) [Added]
- TA6019: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.1.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA6022: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.1.3) [Updated]
  - INFO: Updated the inclusion standard.
T2455: Securely configure managed container registries (Containerization) [Added]
- P1709: Insecurely configured managed container registries (Containerization) [Added]
- I1846: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 5.1.2) [Added]
- I1847: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 5.1.4) [Added]
- TA6334: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 5.1.1) [Added]
- TA6336: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 5.1.2) [Added]
- TA6338: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 5.1.3) [Added]
- TA6340: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 5.1.4) [Added]
- TA6018: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.1.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA6020: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.1.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA6021: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.1.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA6053: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 5.1.4) [Updated]
  - INFO: Updated the inclusion standard.
- I1681: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.1.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1697: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.1.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1698: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.1.3) [Updated]
  - INFO: Updated the inclusion standard.
T2456: Assign roles properly (Containerization) [Added]
- I1825: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.1) [Added]
- I1827: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.3) [Added]
- TA6290: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.1) [Added]
- TA6294: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.3) [Added]
- TA6356: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 5.5.1) [Added]
- TA6358: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 5.5.2) [Added]
- TA5988: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA5992: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA6056: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 5.5.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1669: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1670: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1686: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 5.5.1) [Updated]
  - INFO: Updated the inclusion standard.
- P1672: Lack of proper authentication and authorization (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2457: Verify roles are assigned Properly(Containerization) [Added]
- TA6291: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.1) [Added]
- TA6295: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.3) [Added]
- TA5989: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA5993: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA6057: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 5.5.1) [Updated]
  - INFO: Updated the inclusion standard.
- P1672: Lack of proper authentication and authorization (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2458: Restrict user access (Containerization) [Added]
- I1828: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.4) [Added]
- TA6296: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.4) [Added]
- TA6346: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 5.4.1) [Added]
- TA5994: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA6027: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.4.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1671: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.4) [Updated]
  - INFO: Updated the inclusion standard.
- I1682: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.4.1) [Updated]
  - INFO: Updated the inclusion standard.
- P1672: Lack of proper authentication and authorization (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2459: Verify user access is restricted (Containerization) [Added]
- TA6297: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.4) [Added]
- TA5995: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA6028: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.4.1) [Updated]
  - INFO: Updated the inclusion standard.
- P1672: Lack of proper authentication and authorization (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2460: Restrict service access (Containerization) [Added]
- I1815: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.2) [Added]
- I1829: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.5) [Added]
- I1830: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.6) [Added]
- TA6270: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.2) [Added]
- TA6298: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.5) [Added]
- TA6300: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.6) [Added]
- TA5972: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA5996: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA5998: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1668: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1672: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.5) [Updated]
  - INFO: Updated the inclusion standard.
- I1673: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.6) [Updated]
  - INFO: Updated the inclusion standard.
- P1672: Lack of proper authentication and authorization (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2461: Verify service access is restricted (Containerization) [Added]
- TA6271: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 3.2.2) [Added]
- TA6299: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.5) [Added]
- TA6301: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.1.6) [Added]
- TA5973: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 3.2.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA5997: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA5999: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.1.6) [Updated]
  - INFO: Updated the inclusion standard.
- P1672: Lack of proper authentication and authorization (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2462: Minimize the admission of high-privileged containers (Containerization) [Added]
- I1831: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.1) [Added]
- I1835: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.5) [Added]
- I1836: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.2.6) [Added]
- TA6302: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.1) [Added]
- TA6310: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.5) [Added]
- TA6312: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.2.6) [Added]
- TA6000: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA6008: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA6037: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.2.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1674: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1678: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.5) [Updated]
  - INFO: Updated the inclusion standard.
- I1683: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.2.6) [Updated]
  - INFO: Updated the inclusion standard.
- P1672: Lack of proper authentication and authorization (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2463: Verify that containers with excessive privileges are minimized (Containerization) [Added]
- TA6303: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.1) [Added]
- TA6311: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.5) [Added]
- TA6313: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.2.6) [Added]
- TA6001: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA6009: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA6038: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.2.6) [Updated]
  - INFO: Updated the inclusion standard.
- P1672: Lack of proper authentication and authorization (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2464: Minimize the admission of containers wishing to share namespaces (Containerization) [Added]
- I1832: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.2) [Added]
- I1833: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.3) [Added]
- I1834: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.4) [Added]
- I1845: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.7.3) [Added]
- TA6304: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.2) [Added]
- TA6306: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.3) [Added]
- TA6308: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.4) [Added]
- TA6332: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.7.3) [Added]
- TA6002: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA6004: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA6006: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA6051: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.6.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1675: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1676: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1677: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.4) [Updated]
  - INFO: Updated the inclusion standard.
- I1685: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.6.3) [Updated]
  - INFO: Updated the inclusion standard.
- P1672: Lack of proper authentication and authorization (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2465: Verify that containers wishing to share namespaces are minimized (Containerization) [Added]
- TA6305: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.2) [Added]
- TA6307: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.3) [Added]
- TA6309: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.4) [Added]
- TA6333: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.7.3) [Added]
- TA6003: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA6005: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA6007: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA6052: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.6.3) [Updated]
  - INFO: Updated the inclusion standard.
- P1672: Lack of proper authentication and authorization (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2466: Minimize the admission of containers with undesired capabilities (Containerization) [Added]
- I1837: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.7) [Added]
- I1838: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.2.8) [Added]
- TA6314: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.7) [Added]
- TA6316: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.2.8) [Added]
- TA6010: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA6012: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.8) [Updated]
  - INFO: Updated the inclusion standard.
- TA6039: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.2.9) [Updated]
  - INFO: Updated the inclusion standard.
- I1679: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.7) [Updated]
  - INFO: Updated the inclusion standard.
- I1680: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.8) [Updated]
  - INFO: Updated the inclusion standard.
- I1684: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.2.9) [Updated]
  - INFO: Updated the inclusion standard.
- P1672: Lack of proper authentication and authorization (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2467: Verify that containers with undesired capabilities are minimized (Containerization) [Added]
- TA6315: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 1, Recommendation 4.2.7) [Added]
- TA6317: CIS Azure Kubernetes Service (AKS) Benchmark v1.2.0 (Level 2, Recommendation 4.2.8) [Added]
- TA6011: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA6013: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 4.2.8) [Updated]
  - INFO: Updated the inclusion standard.
- TA6040: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.2.9) [Updated]
  - INFO: Updated the inclusion standard.
- P1672: Lack of proper authentication and authorization (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2468: Manage PCI-DSS compliance [Added]
- P1713: Lack of processes for the approval of compliance with PCI-DSS [Added]
- TA6366: Identify and confirm the scope of the PCI DSS [Added]
Changes to Project Properties and Profiles
- Q193: Components
  - Q101: Components In Development
    - A1077: Firmware, embedded, or hardware solution [Updated]
      - INFO: Updated the children.
- Q195: Language and Framework
  - Q109: Programming Language
    - Q110: Technology/Framework
      - A1223: Technology/Framework - Angular [Updated]
        
        INFO: Updated the children.
    - A1352: TypeScript [Added]
- Q243: Internal Hidden Properties
  - Q189: Internal Properties (Use this, for all hidden answers)
    - A1061: Set of default answers for all profiles [Updated]
      - INFO: Updated the children.
- Q284: Context and Characteristics
  - Q252: Application's Context and Characteristics
    - A1350: Include countermeasures in the Activity phase (process engineering tasks) in this project [Added]
- Q289: Cloud Computing
  - Q290: Cloud Providers
    - Q298: AWS Services
      - A1331: EKS [Updated]
        
        INFO: Updated the children.
      - A1345: API Gateway [Added]
      - A1346: Cognito [Added]
      - A1347: Kinesis Data Streams [Added]
      - A1348: Kinesis Data Firehose [Added]
      - A1349: WAF [Added]
    - Q306: Azure Services
      - A1351: AKS [Added]
- Q307: Containerization
  - Q308: Containerization Technologies
    - A1329: Managed Kubernetes [Updated]
      - INFO: Updated the children.

2022.3

October 15, 2022

New features and enhancements

Project Threats
- Introduced Project Threats, which are created per project based on survey answers and match conditions.
- Threats are automatically generated and presented on the threats page within the side panel of the diagram.
- Each threat consists of weaknesses and countermeasures.
- Where applicable, threats are mapped to reusable components.
Language change
- Changed default terminology in our platform from problems and tasks to weaknesses and countermeasures, to stay in line with the industry.
- To allow flexibility, users can customize weaknesses and countermeasures in the UI.
  - For existing customers who have changed the Problems label, we will be migrating that language in this release (SaaS only).
Advanced Reporting dashboards
- Introduced the ability for users to create their own dashboards based on visualizations from Advanced Reports.
  - Users with appropriate permissions will see the new Dashboard List page, which allows them to view existing dashboards or create a new dashboard.
  - Users can set a default dashboard for their homepage and organize their Dashboard List page with the ability to pin dashboards.
Advanced Reports
- Added four new tables to Advanced Reports.
  - Added Library Threats and Project Threats. Users can create reporting on threats across their entire security portfolio or focus more granularly at the project level.
  - Added Training (JITT) and Training enablement tables. Users can now create training-based reports to better understand the courses or modules into which users have enrolled.
Project survey
- Added Comments Required
  - Library users with customize_content permissions will be able to mark questions and subquestions as comments required. Once a question and sub question is marked as comments required, project users who are answering the survey will need to add at least one comment before saving the survey. Questions and subquestions that require a comment will have a visual indicator and a textbox attached to it in the survey.
- Improved mandatory indicators
  - Project users answering the survey will be able to better understand which questions and subquestions require an answer or comment when the survey initially appears. Sections and subsections will have a counter and each question or subquestion will have a red outline.
Integrations
- Added Fortify on Demand integration under Verification Tools.

Other product improvements

Integrations
- Fixed a bug on the JIRA integration that prevented custom field mappings from appearing correctly in JIRA Labels field.
- Addressed an issue while parsing data from Prisma Cloud formerly Twistlock.
- Renamed Twistlock to Prisma Cloud formerly Twistlock
- Renamed Whitesource to Mend formerly Whitesource
API
- Updated the feature Flags API to allow all authenticated users the ability to view the list of feature flags.

Content improvements summary

Countermeasure (Task) Priority
- Countermeasure priority levels may change as SD Elements revises its content. These changes may affect your risk policies. Ensure that you review changes to your risk policies after accepting changes from new releases.
Ansible
- Added new Weaknesses, Countermeasures, Additional Requirements, and How-tos for Ansible security.
Automotive industry (WP.29-Rev.3 and ISO/SAE 21434)
- Added new Weaknesses and Countermeasures to cover the WP.29-Rev.3 regulation.
- Added an activity Countermeasure for ISO/SAE 21434.
EO 14028: Critical Software & Verification Req. (NISTIR 8397)
- Added two regulations and Countermeasures to cover the requirements of the Executive Order.
Improved hardware, WiFi, and bluetooth content
- Added new Countermeasures and Additional Requirements.
Threat Modeling
- Updated terminology used from Task/Problem to Countermeasure/Weakness.
Control Correlation Identifier (CCI)
- Added a regulation for Control Correlation Identifier (CCI) and mapped relevant countermeasures to it.
Reusable components
- Mapped reusable components to Countermeasures.

Content additions and updates (as of September 13, 2022):

Compliance Regulations and Mappings
- Added WP.29-Rev.3
- Added NIST-EO-Critical-Software
- Added NIST-EO-Software-Verification
- Added Control Correlation Identifier (CCI)
Content Packs
- Added WP.29
- Added NIST EO Critical Software
- Added NIST EO Software-Verification
- Added CCI
- Added ISO/SAE 21434
- Added Ansible
T13: Change Automatically Generated Passwords [Updated]
- INFO: Updated the text.
T15: Centralize authorization
- P182: Improper Access Control (Authorization) [Updated]
  - INFO: Updated the text.
T21: Ensure all data in transit is encrypted using a secure TLS channel [Updated]
- INFO: Updated the text.
- TA6253: Secure files transfer [Added]
- TA6254: Connect to a remote system securely [Added]
T26: Expire sessions on logout
- P694: Sessions Not Expired Upon Logout [Updated]
  - INFO: Updated the text.
T27: Turn off session rewriting [Updated]
- INFO: Updated the text.
T36: Escape untrusted data in HTML, HTML attributes, CSS, and JavaScript
- P632: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting) [Updated]
  - INFO: Updated the text.
T40: Use XML encoding when interacting with XML data [Updated]
- INFO: Updated the text.
T45: Log potential critical security events [Updated]
- INFO: Updated the text.
T49: Disable and remove debug capabilities and code/data, and prepare application for release [Updated]
- INFO: Updated the text.
- TA6247: Deploy the product with a secure initial configuration [Added]
T50: Use indirect object reference maps if accessing files [Updated]
- INFO: Updated the text.
T53: Prevent the upload of malicious files and malware
- TA6243: Avoid the use of removable media [Added]
T62: Protect passwords in property and configuration files [Updated]
- INFO: Updated the text.
T71: Capture sufficient information for each transaction in audit logs [Updated]
- INFO: Updated the text.
- TA6245: Enable USB event tracing and logging [Added]
T119: Test for clickjacking [Updated]
- INFO: Updated the text.
T135: Assign each person using the system a unique user ID [Updated]
- INFO: Updated the text.
T146: Use encryption for network communications in mobile environments
- TA6250: Enabling Confidentiality on the Air Interface [Added]
- TA6251: Ensure Confidentiality Protection of S1 Interface [Added]
- TA6252: Employ a SIM/USIM PIN [Added]
T156: Validate certificate and its chain of trust properly
- P716: Certificate Validation Issues [Updated]
  - INFO: Updated the text.
T161: Treat unique device IDs as personal information [Updated]
- INFO: Updated the text.
T171: Follow spam-free guidelines for sending solicitation emails [Updated]
- INFO: Updated the text.
T177: Allow users to review and update their personal information [Updated]
- INFO: Updated the text.
T178: Obtain consent from users prior to collecting personal information [Updated]
- INFO: Updated the text.
T186: Use recommended settings and the latest patches for third party libraries and software [Updated]
- INFO: Updated the text.
T193: Review non-categorized/miscellaneous findings from automated analysis [Updated]
- INFO: Updated the text.
T194: Obtain user consent for tracking cookies [Updated]
- INFO: Updated the text and priority.
T195: Design lawful procedures to obtain consent for processing personal information and to withdraw it when requested [Updated]
- INFO: Updated the text.
T197: Encrypt and sign any remote code/update and then validate the signature to verify its origin and integrity [Updated]
- INFO: Updated the text.
T203: Avoid uncontrolled format strings
- P35: Uncontrolled Format String [Updated]
  - INFO: Updated the text.
T207: Provide special data protection for children's personal information [Updated]
- INFO: Updated the text and priority.
T226: Verify that authorization is centralized [Updated]
- INFO: Updated the text.
- P182: Improper Access Control (Authorization) [Updated]
  - INFO: Updated the text.
T227: Verify that application's access to database is restricted [Updated]
- INFO: Updated the text.
T240: Test whether users can remove their data from the system [Updated]
- INFO: Updated the text.
T248: Protect secret keys and passwords in the application [Updated]
- INFO: Updated the text.
T257: Secure cross origin resource sharing (CORS) [Updated]
- INFO: Updated the text.
T259: Follow best practices when storing data in Local or Session Storage [Updated]
- INFO: Updated the text.
T262: Mask passwords by default on mobiles but consider usability options [Updated]
- INFO: Updated the text.
T270: Follow best practices for storing application data on Android devices [Updated]
- INFO: Updated the text.
T272: Restrict access to the application's exported components (Android) [Updated]
- INFO: Updated the text.
T298: Verify that Pasteboards are securely managed [Updated]
- INFO: Updated the text.
T304: Verify that unique device IDs are treated as personal information [Updated]
- INFO: Updated the text.
T312: Verify that inter-process communication (IPC) endpoints are secured in client [Updated]
- INFO: Updated the text.
T313: Identify and classify categories of personal information [Updated]
- INFO: Updated the text.
T338: Control access to resources through user authentication and authorization [Updated]
- INFO: Updated the text.
- P182: Improper Access Control (Authorization) [Updated]
  - INFO: Updated the text.
T344: Enforce different rules for access to the system based on the origin, type and medium of request [Updated]
- INFO: Updated the text.
- P182: Improper Access Control (Authorization) [Updated]
  - INFO: Updated the text.
T349: Protect audit information and logs against unauthorized access [Updated]
- INFO: Updated the text.
T353: Control the inbound and outbound data flow across the boundaries of zones [Updated]
- INFO: Updated the text.
T370: Follow best practices for using third-party software libraries/modules and open source/COTS components [Updated]
- INFO: Updated the text.
T374: Offload HTTP request handling to dedicated modules [Updated]
- INFO: Updated the text.
T376: Fill out the manufacturer disclosure statement for the medical device security (MDS2) form [Updated]
- INFO: Updated the text.
T379: Provide sufficient documentation for security-related features
- TA6248: Document insecure settings [Added]
T408: Set secure flag on Android Activities with sensitive content [Updated]
- INFO: Updated the text.
T410: Manage use of Android third-party keyboards with sensitive data [Updated]
- INFO: Updated the text.
T417: Avoid passing dynamic data to trustAs or bypassSecurityTrust functions [Updated]
- INFO: Updated the text.
- P632: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting) [Updated]
  - INFO: Updated the text.
T418: Use Angular's built-in sanitization for user output with limited code or markup [Updated]
- INFO: Updated the text.
- P632: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting) [Updated]
  - INFO: Updated the text.
T420: Prevent Client-Side Template Injection (CSTI) [Updated]
- INFO: Updated the text.
- P632: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting) [Updated]
  - INFO: Updated the text.
T422: Verify that built-in sanitization is used in Angular with limited code or markup [Updated]
- INFO: Updated the text.
- P632: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting) [Updated]
  - INFO: Updated the text.
T427: Implement previous login (access) notification [Updated]
- INFO: Updated the title and text.
- P774: Inadequate Login Activity Monitoring and Notification [Updated]
  - INFO: Updated the title and text.
T428: Test that the system provides previous login (access) notifications [Updated]
- INFO: Updated the title and text.
- P774: Inadequate Login Activity Monitoring and Notification [Updated]
  - INFO: Updated the title and text.
T429: Limit the number of concurrent sessions for each account [Updated]
- INFO: Updated the text.
T456: Change default security settings to the most stringent ones and disable unnecessary services and modules [Updated]
- INFO: Updated the text.
- TA6244: Secure the use of USB ports when they are enabled [Added]
- TA6249: Disable Bluetooth when it is unnecessary [Added]
T472: Authenticate RFID reader before sending sensitive data or executing a command [Updated]
- INFO: Updated the text.
T482: Secure password-based authentication for RFID tags [Updated]
- INFO: Updated the text.
T508: Require authentication for accessing HyperCat catalogs and resources [Updated]
- INFO: Updated the title and text.
T509: Protect the integrity of HyperCat catalogs and resources [Updated]
- INFO: Updated the title and text.
T510: Test if authentication is enforced on HyperCat catalogs [Updated]
- INFO: Updated the title and text.
T511: Test if HyperCat resources have license and access control metadata [Updated]
- INFO: Updated the title and text.
T520: Design secure SOAP web services [Updated]
- INFO: Updated the text.
- P182: Improper Access Control (Authorization) [Updated]
  - INFO: Updated the text.
T536: Restrict the size of incoming messages in services [Updated]
- INFO: Updated the text.
T537: Test that the size of incoming messages in services is restricted [Updated]
- INFO: Updated the text.
T552: Verify that SOAP web services are securely designed [Updated]
- INFO: Updated the text.
- P182: Improper Access Control (Authorization) [Updated]
  - INFO: Updated the text.
T554: Verify that REST web services are securely designed [Updated]
- INFO: Updated the text.
- P182: Improper Access Control (Authorization) [Updated]
  - INFO: Updated the text.
T564: Follow best practices for sharing data between Android applications [Updated]
- INFO: Updated the text.
T565: Verify that data sharing between Android applications is secure [Updated]
- INFO: Updated the text.
T566: Enable network layer encryption for local area network communications [Updated]
- INFO: Updated the text.
T574: Prevent information exposure in HyperCat
- P96: Information Exposure [Updated]
  - INFO: Updated the text.
T578: Execute only compiled programs in mainframe [Updated]
- INFO: Updated the text.
T580: Validate return codes in mainframe programs [Updated]
- INFO: Updated the text.
T581: Verify that return codes are evaluated in mainframe programs [Updated]
- INFO: Updated the text.
T605: Verify if consent is obtained prior to personal information collection (where applicable) [Updated]
- INFO: Updated the text.
T612: Detect rooted devices and assess the runtime environment with the aid of SafetyNet Attestation API [Updated]
- INFO: Updated the text.
T613: Mitigate DDoS attacks with NGINX [Updated]
- INFO: Updated the text.
T616: Keep user iOS device token private
- P818: Privacy Issue due to Device Token Mishandling in Apple Push Notifications (APNs) [Updated]
  - INFO: Updated the text.
T629: Authenticate the game server to the clients before logging in [Updated]
- INFO: Updated the text.
T633: Mitigate Deadlock and Recursion in Services
- P827: Service Deadlock and Recursion [Updated]
  - INFO: Updated the text.
T683: Integrate CloudTrail logs with CloudWatch Logs for real-time analysis (AWS) [Updated]
- INFO: Updated the text.
T735: Verify that personal information is removed when it is no longer needed [Updated]
- INFO: Updated the text.
T750: Limit personal information collection and processing to the specified purpose [Updated]
- INFO: Updated the text and priority.
T752: Verify if users are notified about processing their personal information [Updated]
- INFO: Updated the text.
T757: Verify if personal information processing stops when user objects to it [Updated]
- INFO: Updated the text.
T858: Use the vendor supplied version of binaries
- P941: Not using vendor supplied binaries [Updated]
  - INFO: Updated the text.
T867: Restrict Apache options and disable default content (Apache HTTP Server) [Updated]
- INFO: Updated the text.
T871: Log Apache errors and access (Apache HTTP Server) [Updated]
- INFO: Updated the text.
T873: Apply applicable patches (Apache HTTP Server) [Updated]
- INFO: Updated the text.
T896: Design a secure architecture for AWS deployment (AWS) [Updated]
- INFO: Updated the text.
T928: Ensure debug is turned off (Microsoft IIS) [Updated]
- INFO: Updated the text.
T975: Use a sandboxing alternative to Security Manager (Apache Tomcat) [Updated]
- INFO: Updated the title and text.
- P983: Lack of a sandboxing mechanism or relying on the deprecated Security Manager (Apache Tomcat) [Updated]
  - INFO: Updated the title and text.
T977: Do not allow symbolic linking (Apache Tomcat)
- P985: Allowing symbolic linking (Apache Tomcat) [Updated]
  - INFO: Updated the text.
T1004: Verify that a sandboxing alternative to Security Manager is used (Apache Tomcat) [Updated]
- INFO: Updated the title and text.
- P983: Lack of a sandboxing mechanism or relying on the deprecated Security Manager (Apache Tomcat) [Updated]
  - INFO: Updated the title and text.
T1028: Log sufficiently and protect logs (Apache Tomcat)
- P1008: Insufficient Logging or Insufficient Protection of Logs (Apache Tomcat) [Updated]
  - INFO: Updated the text.
T1034: Protect manager application (Apache Tomcat)
- P1012: Unprotected manager application (Apache Tomcat) [Updated]
  - INFO: Updated the text.
T1051: Enable 'All Users' group (Microsoft Azure)
- P1019: Not using "All Users" for permissions (Microsoft Azure) [Updated]
  - INFO: Updated the title and text.
T1130: Configure authentication (MySQL)
- P1057: Improper authentication (MySQL) [Updated]
  - INFO: Updated the text.
T1144: Prevent Server-Side Template Injection (SSTI) [Updated]
- INFO: Updated the text.
T1158: Configure TLS authentication for the Docker daemon (Docker)
- P1068: Lack of proper TLS authentication for the Docker daemon (Docker) [Updated]
  - INFO: Updated the text.
T1164: Secure swarm mode (Docker)
- P1071: Insecure swarm mode (Docker) [Updated]
  - INFO: Updated the text.
T1176: Use trusted base images and include the latest security patches (Docker) [Updated]
- INFO: Updated the text.
T1182: Avoid image caching weakness (Docker) [Updated]
- INFO: Updated the title.
T1222: Do not change base device size until needed (Docker)
- P1100: Changing base device size when it's not needed (Docker) [Updated]
  - INFO: Updated the text.
T1224: Use authorization plugin (Docker)
- P1101: Failing to use the authorization plugin (Docker) [Updated]
  - INFO: Updated the text.
T1258: Configure service account securely (Kubernetes) [Updated]
- INFO: Updated the text.
T1286: Avoid using Kubernetes Secrets (Kubernetes)
- P1132: Using Kubernetes Secrets (Kubernetes) [Updated]
  - INFO: Updated the text.
T1310: Include sufficient information in the log files (Google Cloud)
- P1144: Insufficient information included in the log files (Google Cloud) [Updated]
  - INFO: Updated the title.
T1318: Enable and configure DNSSEC (Google Cloud)
- P1148: Insecure DNS configuration (Google Cloud) [Updated]
  - INFO: Updated the title.
T1322: Disable connection to serial ports for VM Instance (Google Cloud)
- P1150: Enabling interactive serial console access (Google Cloud) [Updated]
  - INFO: Updated the title.
T1324: Disable IP forwarding on Instances (Google Cloud)
- P1151: Enabling IP forwarding on Instances (Google Cloud) [Updated]
  - INFO: Updated the title.
T1326: Disable public or anonymous access to storage and database (Google Cloud)
- P1152: Allowing public access to storage and database (Google Cloud) [Updated]
  - INFO: Updated the title.
T1338: Ensure Kubernetes clusters are configured with Labels (Google Cloud)
- P1158: Kubernetes clusters configured without Labels (Google Cloud) [Updated]
  - INFO: Updated the title.
T1346: Ensure Kubernetes clusters are created with Alias IP ranges enabled (Google Cloud)
- P1162: Kubernetes cluster created without Alias IP ranges enabled (Google Cloud) [Updated]
  - INFO: Updated the title.
T1348: Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters (Google Cloud)
- P1163: Disabled PodSecurityPolicy controller on Kubernetes Engine Clusters (Google Cloud) [Updated]
  - INFO: Updated the title.
T1354: Enable Private Google Access for all subnetwork in VPC Network (Google Cloud)
- P1166: Disabled Private Google Access for all subnetworks in VPC Network (Google Cloud) [Updated]
  - INFO: Updated the title.
T1356: Ensure VM disks for critical VMs are encrypted with Customer-Supplied Encryption Keys (CSEK) (Google Cloud)
- P1167: VM disks for critical VMs not encrypted with Customer-Supplied Encryption Keys (CSEK) (Google Cloud) [Updated]
  - INFO: Updated the title.
T1358: Use Container-Optimized OS (cos) for Kubernetes Engine Clusters Node image (Google Cloud)
- P1168: Container-Optimized OS (cos) not used for Kubernetes Engine Clusters Node image (Google Cloud) [Updated]
  - INFO: Updated the title.
T1362: Perform message throttling in Web APIs [Updated]
- INFO: Updated the text.
T1365: Mitigate Server Side Request Forgery
- P1169: Server Side Request Forgery (SSRF) [Updated]
  - INFO: Updated the text.
T1368: Perform security testing using SAST tools [Updated]
- INFO: Updated the text.
- TA6239: Review hardcoded secrets using Heuristic tools [Added]
T1369: Perform security testing using DAST tools [Updated]
- INFO: Updated the text.
- TA6241: Run the product with various test cases [Added]
T1370: Identify and track common software weaknesses and threats [Updated]
- INFO: Updated the text.
T1373: Maintain the integrity of all software code
- P1175: Insufficient software code control [Updated]
  - INFO: Updated the text.
T1380: Enforce secure user registration and access control [Updated]
- INFO: Updated the text.
T1381: Establish secure processes for key management [Updated]
- INFO: Updated the text.
T1382: Manage performance and capacity
- P1190: Lack of process for performance and capacity management [Updated]
  - INFO: Updated the text.
T1383: Separate development, test, and operational environments [Updated]
- INFO: Updated the text.
T1385: Institute secure logging and event monitoring [Updated]
- INFO: Updated the text.
T1421: Do not use default ports (Microsoft SQL Server)
- P1204: Using default ports (Microsoft SQL Server) [Updated]
  - INFO: Updated the text.
T1425: Disable 'sa' login account (Microsoft SQL Server)
- P1206: Enabled SQL server account with sysadmin privileges (Microsoft SQL Server) [Updated]
  - INFO: Updated the text.
T1451: Maintain audit logs for all database activities (Microsoft SQL Server) [Updated]
- INFO: Updated the text.
- P1219: Not logging important events (Microsoft SQL Server) [Updated]
  - INFO: Updated the title and text.
T1465: Decide how to handle sessions/authorization state in your Angular application (Angular) [Updated]
- INFO: Updated the text.
- P182: Improper Access Control (Authorization) [Updated]
  - INFO: Updated the text.
T1466: Restrict sending of authorization state to approved origins in Angular (Angular) [Updated]
- INFO: Updated the text.
- P182: Improper Access Control (Authorization) [Updated]
  - INFO: Updated the text.
T1468: Encrypt sensitive data at rest in the browser [Updated]
- INFO: Updated the text.
T1469: Prevent sensitive data leakage through Content Security Policy (CSP) reports [Updated]
- INFO: Updated the text.
T1538: Avoid DOM-based Cross-Site Scripting (XSS) in Angular applications (Angular) [Updated]
- INFO: Updated the text.
- P632: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting) [Updated]
  - INFO: Updated the text.
T1541: Decide on the best CSRF defense for your application [Updated]
- INFO: Updated the text.
T1542: Use the correct HTTP methods for making state-changing operations [Updated]
- INFO: Updated the text.
T1544: Isolate untrusted content in a sandbox [Updated]
- INFO: Updated the text.
T1619: Keep audit parameters enabled at all times (Oracle Database)
- P1298: Not monitoring user activities (Oracle Database) [Updated]
  - INFO: Updated the text.
T1621: Only allow authorized domains to connect with database (Oracle Database)
- P1299: Unauthorized domain sources connecting to the database (Oracle Database) [Updated]
  - INFO: Updated the text.
T1659: Revoke excessive system privileges from unauthorized users (Oracle Database)
- P1318: Unauthorized users with excessive privileges can impact confidentiality and integrity of data (Oracle Database) [Updated]
  - INFO: Updated the text.
T1887: Decide on the right OAuth 2.0 flow for your application [Updated]
- INFO: Updated the text.
- P182: Improper Access Control (Authorization) [Updated]
  - INFO: Updated the text.
T1889: Secure the configuration of the authorization server [Updated]
- INFO: Updated the text.
- P182: Improper Access Control (Authorization) [Updated]
  - INFO: Updated the text.
T1890: Implement OAuth 2.0 securely on the resource server [Updated]
- INFO: Updated the text.
- P182: Improper Access Control (Authorization) [Updated]
  - INFO: Updated the text.
T1893: Perform a cloud solution security posture assessment [Updated]
- INFO: Updated the text.
T1906: Enforce authentication on your relational database services (AWS)
- P1430: Improper authentication on your database engine [Updated]
  - INFO: Updated the text.
T1915: Perform network vulnerability assessment [Updated]
- INFO: Updated the text.
T1921: Track and manage usage of third-party and commercial off the shelf (COTS) hardware or software [Updated]
- INFO: Updated the text.
T1922: Use secure OAuth 2.0 and OpenID Connect integration (where applicable) [Updated]
- INFO: Updated the text.
- P182: Improper Access Control (Authorization) [Updated]
  - INFO: Updated the text.
T1973: Do not disable use-service-account-credentials argument (OpenShift)
- P1464: Disabling use-service-account-credentials argument (OpenShift) [Updated]
  - INFO: Updated the text.
T2081: Encrypt data at rest properly (Kubernetes)
- P1517: Cleartext or weakly encrypted data at rest (Kubernetes) [Updated]
  - INFO: Updated the text.
T2124: Exercise security best practices for inducing new versions of microservices
- P1536: Insecure induction of new versions for microservices [Updated]
  - INFO: Updated the text.
T2160: Avoid vendor lock-in as a customer when migrating into or out of solutions (Cloud)
- P1560: Insufficient data portability in the cloud and insecure migration to the cloud (in and out) [Updated]
  - INFO: Updated the text.
T2206: Prevent the generation of incorrect security tokens (Hardware/Firmware)
- P1604: Generation of incorrect security tokens (Hardware/Firmware) [Updated]
  - INFO: Updated the text.
T2208: Restrict sharing device unlocking credentials across multiple parties (Hardware/Firmware)
- P1606: Device unlock credential sharing (Hardware/Firmware) [Updated]
  - INFO: Updated the text.
T2218: Prevent same Public Key usage for different environments (Debug and Production) (Hardware/Firmware) [Updated]
- INFO: Updated the text.
T2247: Use the strongest Security Mode and Level in devices (Bluetooth) [Updated]
- INFO: Updated the text.
T2259: Minimize access rights assigned to RBAC roles and Service Accounts (Kubernetes)
- P1653: Inappropriate access settings for RBAC roles and Service Accounts (Kubernetes) [Updated]
  - INFO: Updated the text.
T2296: Securely install and configure all software components [Updated]
- INFO: Updated the text.
T2309: Securely configure worker nodes (Containerization)
- P1671: Insecure configuration of worker nodes (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2310: Implement proper authentication and authorization (Containerization) (1/2)
- P1672: Lack of proper authentication and authorization (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2311: Ensure proper network settings and configuration (Containerization)
- P1673: Improper network settings and configuration (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2312: Ensure proper logging and security monitoring (Containerization) [Updated]
- INFO: Updated the text.
- P1674: Inadequate logging and security monitoring (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2313: Keep data and secrets safe (Containerization)
- P1675: Lack of data and secrets protection (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2314: Enforce secure policies (Containerization)
- P1676: Lack of secure policies (Containerization) [Updated]
  - INFO: Updated the match conditions.
T2315: Use managed services (Containerization)
- P1677: Using unmanaged services (Containerization) [Updated]
  - INFO: Updated the text and match conditions.
T2335: Securely automate your infrastructure provisioning process (Terraform)
- P1678: Unsafe infrastructure as code (IaC) processes [Updated]
  - INFO: Updated the title and text.
T2336: Use a remote backend to securely store your infrastructure state (Terraform)
- P1679: Unsafe infrastructure as code (IaC) state [Updated]
  - INFO: Updated the title and text.
T2343: Define security-related roles and provide role-base training [Updated]
- INFO: Updated the title and text.
- TA6238: Train all users of EO-critical software (NIST-EO-Critical-Software) [Added]
- P1680: Lack of defining proper security roles and responsibilities [Updated]
  - INFO: Updated the title, text, and match conditions.
T2344: Implement and augment supporting toolchains by automating SDLC security activities [Updated]
- INFO: Updated the text.
T2350: Create a Product Security Incident Response Team (PSIRT)
- P1687: Lack of a Product Security Incident Response [Updated]
  - INFO: Updated the title.
T2351: Verify that security-related roles and responsibilities are properly defined and assigned [Updated]
- INFO: Updated the title and text.
- P1680: Lack of defining proper security roles and responsibilities [Updated]
  - INFO: Updated the title, text, and match conditions.
T2378: Ensure compatibility with the United Nations automotive cybersecurity regulation WP.29 [Added]
- P1688: Lack of processes for the approval of vehicles with regards to cyber security and cyber security management system [Added]
T2379: Ensure compliance with ISO/SAE 21434 [Added]
- P1688: Lack of processes for the approval of vehicles with regards to cyber security and cyber security management system [Added]
T2380: Review and verify playbooks (Ansible) [Added]
- P1691: Insecure Ansible playbooks [Added]
- I1792: Deploy playbooks to store configurations and tasks (Ansible) [Added]
T2381: Follow a secure and guided workflow process (Ansible) [Added]
- P1691: Insecure Ansible playbooks [Added]
T2382: Automate the workflow (Ansible) [Added]
- P1691: Insecure Ansible playbooks [Added]
T2383: Avoid using the 'root' account (Ansible) [Added]
- I1794: Use Accounts with Limited Privileges (Ansible) [Added]
T2384: Use public-private key authentication for SSH (Ansible) [Added]
- P1692: Weak authentication (Ansible) [Added]
- I1795: Use public-private key pair authentication (Ansible) [Added]
T2385: Use Ansible Vault (Ansible) [Added]
- P1689: Unprotected credentials in Ansible files [Added]
- I1796: Encrypt secrets with Ansible Vault (Ansible) [Added]
- I1797: Ansible Vault integrations (Ansible) [Added]
- I1798: Ansible editor integrations (Ansible) [Added]
- I1799: Manage Ansible Vault passwords (Ansible) [Added]
- I1800: Use a cloud-based key manager (Ansible) [Added]
- I1801: Rotate passwords with rekey (Ansible) [Added]
- I1802: Encrypt sensitive Vault values separately (Ansible) [Added]
T2386: Use role-based access control in Automation Controller (Ansible) [Added]
- P1690: Inadequate access control in Ansible Automation Controller (Ansible) [Added]
- I1803: Add team permissions to a job template (Ansible) [Added]
- I1804: Configure user account security in Automation Controller (Ansible) [Added]
T2387: Collect logs for analysis and auditing (Ansible) [Added]
- TA6242: Use Automation Hub (Ansible) [Added]
T2388: Enforce the principle of separation of duties [Added]
- TA6246: Separate the roles for code signing and code submitting [Added]
T2389: Prevent co-channel and adjacent channel interference [Added]
- P1693: Poor WiFi Settings Configuration [Added]
T2390: Limit the WiFi network coverage [Added]
- P1693: Poor WiFi Settings Configuration [Added]
T2391: Change the default value of the Service Set Identifier (SSID) and protect it [Added]
- P1693: Poor WiFi Settings Configuration [Added]
T2392: Create an Incident Response Plan [Added]
- TA6255: Create an Incident Response Plan for compromised cryptographic keys [Added]
- P1687: Lack of a Product Security Incident Response [Updated]
  - INFO: Updated the title.
T2393: Verify the principle of Separation of Duties is strongly implemented [Added]
T2394: Test co-channel and adjacent channel interference is prevented [Added]
- P1693: Poor WiFi Settings Configuration [Added]
T2395: Test the default value of the Service Set Identifier (SSID) is changed [Added]
- P1693: Poor WiFi Settings Configuration [Added]
T2396: Verify that the organization has a Product Security Incident Plan [Added]
- P1687: Lack of a Product Security Incident Response [Updated]
  - INFO: Updated the title.
T2397: Detect rogue stations in a wireless network [Added]
- P96: Information Exposure [Updated]
  - INFO: Updated the text.
T2398: Verify all rogue stations are detected in your wireless network [Added]
- P96: Information Exposure [Updated]
  - INFO: Updated the text.
Changes to Project Properties and Profiles
- Q243: Internal Hidden Properties
  - Q189: Internal Properties (Use this, for all hidden answers)
    - A1061: Set of default answers for all profiles [Updated]
      - INFO: Updated the children.
    - A1330: Generic Container Orchestration [Updated]
      - INFO: Updated the text, description, question, and children.
- Q289: Cloud Computing
  - Q290: Cloud Providers
    - Q309: Google Cloud Services
      - A1213: Kubernetes Engine [Updated]
        
        INFO: Updated the children.
    - Q298: AWS Services
      - A1331: EKS [Updated]
        
        INFO: Updated the text, description, children, and match conditions.
    - A1190: Microsoft Azure [Updated]
      - INFO: Updated the children.
    - A1212: Google Cloud Content (Not Story-driven) [Updated]
      - INFO: Updated the children.
- Q299: General
  - Q346: IaC Tools
    - A1342: Ansible [Added]
- Q307: Containerization
  - Q308: Containerization Technologies
    - A1209: Unmanaged Kubernetes [Updated]
      - INFO: Updated the text.
    - A1329: Managed Kubernetes [Updated]
      - INFO: Updated the text, description, and children.
- Q331: US Federal and NIST
  - Q348: In-Scope for EO 14028 compliance [Added]
    - A1340: NIST EO Critical Software [Added]
    - A1341: NIST EO Software-Verification [Added]
- Q349: Broadband cellular networks [Added]
  - A1344: Long-Term Evolution (LTE) or Fifth-generation (5G) technologies [Added]
New Just-in-Time Training
- Secure Software Testing (20)
- PCI SSF (17)
- Securing Terraform (17)
- Defending C and C++ (25)

2022.2

July 7, 2022

New features and enhancements

Diagrams
- Introduced a Threat Model Diagrams feature that allows users to identify and communicate threats with data flow diagrams.
- Users have the option to create a diagram after filling out the Project Survey, which will automatically generate threat modeling components and place them within the diagram.
- Users can export a diagram in JSON or PNG format.
- Each diagram is attached to new releases so that the diagram can evolve with the project.
- If you don't see Diagrams enabled, contact your SD Elements Administrator or Customer Success Manager.
Reusable Components
- Added a Components object in the SD Elements Library, accessible to users with the permission to customize content.
- Built-in components are usable initially.
- Users can create and configure additional components called Custom Components.
- Each component has a Project Survey Answer mapping (a rule for adding the component to a project), a list of Mark as Complete Tasks and a list of Mark as Incomplete Tasks.
- Users can add an activated component to projects.
  - Adding a component to a project will apply the component's Mark as Complete and Mark as Incomplete lists, after which users will see their Tasks for the project marked as either complete (automatically) or as needing additional attention.
Advanced Reports
- Added Advanced Reports functionality that allows users the ability to create rich reports with data visualization using pre-built report templates or from a blank template. Accessible to users with permission to view Reporting Dashboard for all projects.
- Users can select up to 6 different visualizations to represent their data.
- Users have access to pull data over 200 dimensions and measures across 40 tables from their SD Elements instance to build reports.
- Users can choose from one of five pre-built templates, or they can create a report from a blank template.
- Users can take advantage of AND/OR logical operators when filtering.
- Users can filter reports by relative dates, arrange column orders, and multi-sort data.
- Users can view their saved advanced reports in the new Advanced Reports page, which includes the ability to export the report as CSV or JSON, ability to edit the report and the ability to expand view size of the report.
  - Added Reusable Component tables to Advanced Reports.
  - Added a new and improved Report Builder UI that enhances the user experience when building out a report.
Integrations
- Added Black Duck SCA integration under Verification Tools.
- JIRA Feature Enhancements:
  - Added a new configuration to provide a summary of errors found within a completed sync job.
  - Enabled Comment Syncing from SD Elements to JIRA only under the Authoritative Source (not supported for RIA customers).
  - Added a mapping option within JIRA Global Configuration that allows users to leverage the Native Jira field "resolution" with a JIRA Status to provide a different definition to "Done". For example, (Done, Won't Fix) maps to "Not Applicable".
Turning features on/off in the UI
- Users can turn specific features on or off through the SD Elements UI. Toggling features on or off through the API remains a supported feature as well.
- This functionality is available to SD Elements Administrators with the correct permissions.

Other product improvements

Integrations
- Checkmarx Project ID Configurations: Users can now define a project_id alternatively to project_name in Checkmarx project-level configurations.
Problems related Task view
- Updated sorting so that a Problem's related Tasks will be sorted alphabetically.

Content additions and updates (as of June 16, 2022):

Compliance Regulations and Mappings
- Added California Civil Code (CCPA and CPRA)
- Added NIST-SSDF-v1.1
- Updated ISASecure CSA 311 [INFO: Updated the regulation sections].
- Updated ISASecure SSA 311 [INFO: Updated the regulation sections].
Content Packs
- Added Cybersecurity
- Added Application Server
- Added Terraform
- Added NIST SSDF
T1: Use multi-factor authentication for remote access to high risk systems or administrative access to services
- TA46: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA216: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA262: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
- TA867: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2: Secure the password reset mechanism
- TA47: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA2893: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T3: Require old passwords when users change passwords
- TA48: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA217: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA878: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T4: Use configurable password policies
- TA49: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA149: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA218: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA2894: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T5: Use minimum standards for passwords
- TA50: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA150: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA219: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA871: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T6: Implement account lockout or authentication throttling
- TA51: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA151: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA220: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA846: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T7: Salt and hash stored passwords
- TA52: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA152: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA221: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA872: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T8: Use Consistent Error Handling for All Authentication Failures
- TA53: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA2895: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T9: Implement authorization and screening for highly sensitive transactions
- TA54: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA245: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
- TA2896: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T10: Use server-to-server authentication
- TA55: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA2897: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T12: Mask User Passwords by Default
- TA56: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA879: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T13: Change Automatically Generated Passwords
- TA57: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA2898: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T14: Enforce the principle of least privilege
- TA58: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA153: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA2899: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T15: Centralize authorization
- TA2900: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T16: Authorize every non-public page
- TA2901: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T17: Do not only rely on client-side authorization
- TA2902: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T18: Make authorization decisions using full context
- TA2903: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T19: Restrict Application's Access to Database
- TA2904: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T20: Generate unique session IDs and reset old IDs after authentication [Updated]
- INFO: Updated the priority.
- TA59: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA898: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T21: Ensure all data in transit is encrypted using a secure TLS channel
- TA60: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA154: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA246: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
- TA852: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
- TA965: Choice of cipher [Updated]
  - INFO: Updated the text.
- I479: Apache HTTP Server [Updated]
  - INFO: Updated the text.
T22: Set secure flags on session cookies
- TA896: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T23: Set HttpOnly flag on session cookies
- TA895: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T24: Enforce idle session timeout
- TA43: PCI/PA DSS notes [Updated]
  - INFO: Updated the title.
- TA61: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA155: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA851: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T25: Enforce absolute session timeouts
- TA874: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T26: Expire sessions on logout
- TA881: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T27: Turn off session rewriting
- TA897: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T28: Avoid 'Remember Me' features
- TA2905: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T29: Use anti-Cross-Site Request Forgery (CSRF) tokens
- TA905: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T30: Protect forms authentication submissions
- TA62: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA2906: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T31: Validate all forms of input
- TA907: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
- TA3499: Input validation (GraphQL) [Updated]
  - INFO: Updated the text.
T32: Always perform input validation on a server [Updated]
- INFO: Updated the text.
- TA2907: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T33: Verify integrity of client-supplied read-only data
- TA892: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T34: Refuse overly-long, malformed, and non-printable characters unless required
- TA2908: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T35: Fine-tune HTTP server settings
- TA888: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T36: Escape untrusted data in HTML, HTML attributes, CSS, and JavaScript
- TA904: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T37: Avoid DOM-based Cross-Site Scripting (XSS)
- TA2909: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T38: Bind variables in SQL statements
- TA908: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T40: Use XML encoding when interacting with XML data
- I116: ASP.NET / C# XML encoding with Microsoft Anti XSS [Updated]
  - INFO: Updated the text.
T43: Avoid unsafe operating system interaction [Updated]
- INFO: Updated the text.
- TA906: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T45: Log potential critical security events
- TA156: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA247: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
- TA844: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T46: Do not log confidential data
- I1787: Mark sensitive variables for log redaction (Terraform) [Added]
- TA63: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA860: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T49: Disable and remove debug capabilities and code/data, and prepare application for release
- TA901: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T53: Prevent the upload of malicious files and malware
- TA64: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA157: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA5239: ISASecure CSA 311 requirements: Levels (1, 2, 3, 4), Components (Embedded Device) [Updated]
  - INFO: Updated the text.
T55: Validate all XML input
- TA887: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T58: Do not process user-supplied XSLTs in XML digital signatures
- TA2910: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T59: Use standard libraries for cryptography
- TA2911: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T60: Use correct and approved cryptographic algorithms, parameters, and key lengths
- TA158: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA222: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA880: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T61: Disable default accounts or change all default passwords
- TA65: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA159: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA840: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T62: Protect passwords in property and configuration files
- TA66: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA2912: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T65: Restrict accepted HTTP verbs
- TA2913: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T68: Encrypt credit card PANs in storage
- TA67: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA160: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA223: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA2914: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T69: Strong password requirements for server-to-server system accounts
- TA68: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA161: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA2915: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T70: Implement account lockout or authentication throttling for system accounts
- TA69: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA162: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA2916: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T71: Capture sufficient information for each transaction in audit logs
- TA70: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA163: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA856: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T72: Use safe arithmetic to avoid integer overflow
- TA2917: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T73: Use random delays in authentication failures
- TA71: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA2918: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T74: Avoid HTTP parameter pollution
- TA2919: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T76: Do not hard code passwords
- TA72: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA877: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T77: Test for single-factor authentication
- TA73: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA224: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA248: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
T78: Test strength of password reset mechanism
- TA74: MDS2 Notes [Updated]
  - INFO: Updated the title.
T79: Test password change functions
- TA75: MDS2 Notes [Updated]
  - INFO: Updated the title.
T80: Test password requirements
- TA76: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA164: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA225: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
T81: Test account lockout
- TA77: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA165: DIACAP Notes [Updated]
  - INFO: Updated the title.
T82: Test authentication error consistency
- TA78: MDS2 Notes [Updated]
  - INFO: Updated the title.
T83: Verify transactional authorization and screening
- TA79: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA249: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
T86: Test session ID uniqueness and rotation after authentication
- TA80: MDS2 Notes [Updated]
  - INFO: Updated the title.
T87: Verify that all data in transit is encrypted using a secure TLS channel
- TA81: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA166: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA250: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
T90: Test idle session timeout
- TA82: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA167: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA226: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
T107: Test that application forbids uploading or transferring malware
- TA83: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA168: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA5238: ISASecure CSA 311 requirements: Levels (1, 2, 3, 4), Components (Embedded Device) [Updated]
  - INFO: Updated the text.
T114: Test system-to-system authentication lockout or throttling
- TA84: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA169: DIACAP Notes [Updated]
  - INFO: Updated the title.
T124: Test for authentication timing vulnerability
- TA85: MDS2 Notes [Updated]
  - INFO: Updated the title.
T131: Test for forced password change upon login
- TA86: MDS2 Notes [Updated]
  - INFO: Updated the title.
T133: Mask credit card PAN numbers when displayed
- TA227: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA2954: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T134: Do not send unprotected PANs in emails or text messages
- TA87: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA228: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
T135: Assign each person using the system a unique user ID
- TA88: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA170: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA229: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA866: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T136: Do not store sensitive credit card data
- TA230: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA2955: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T137: Encrypt protected health information in storage [Updated]
- INFO: Updated the priority.
- TA89: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA171: DIACAP Notes [Updated]
  - INFO: Updated the title.
T139: Use secure channels to transmit protected health information on the Internet [Updated]
- INFO: Updated the priority.
- TA90: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA172: DIACAP Notes [Updated]
  - INFO: Updated the title.
T143: Apply minimum password standards for mobile environments
- TA91: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA173: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA2957: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T144: Do not rely on client for account lockout or authentication throttling
- TA92: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA2958: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T145: Avoid client-side authorization for mobile clients
- TA2959: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T146: Use encryption for network communications in mobile environments
- TA93: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA174: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA2960: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T148: Avoid caching confidential data on client
- TA900: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T150: Validate data received from server before handling
- TA95: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA2961: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T151: Use cryptographically secure random numbers
- TA894: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T152: Avoid asking for and using excessive permissions
- TA843: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T153: Scrub buffers holding sensitive information when releasing/deleting
- TA175: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA2962: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T154: Do not store or cache credit card information on client
- TA96: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA231: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA2963: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T155: Avoid storing sensitive logs on the client
- TA2964: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T156: Validate certificate and its chain of trust properly
- TA97: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA876: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T158: Verify integrity of client-supplied read-only data from rich clients
- TA891: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T159: Follow best practices for secure error and exception handling
- TA232: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA893: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T160: Avoid relying on jailbreak or root detection as a strong security measure
- TA2965: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T161: Treat unique device IDs as personal information
- TA2966: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T163: Handle health data securely [Updated]
- INFO: Updated the priority.
- TA98: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA176: DIACAP Notes [Updated]
  - INFO: Updated the title.
T164: Clear session information from client upon logout
- TA850: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T165: Do not rely on Unique Device ID values in security controls
- TA99: MDS2 Notes [Updated]
  - INFO: Updated the title.
T168: Prevent auto-snapshot from saving sensitive data (iOS)
- TA2967: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T173: Test that user data is transmitted over secure channel in mobile environment
- TA101: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA177: DIACAP Notes [Updated]
  - INFO: Updated the title.
T175: Test that the client validates digital certificates [Updated]
- INFO: Updated the text.
T176: Apply principles of privacy when handling personal information [Updated]
- INFO: Updated the text.
- TA2972: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T177: Allow users to review and update their personal information
- TA6230: California Civil Code: Requests to know [Added]
T178: Obtain consent from users prior to collecting personal information
- TA2973: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T179: Allow access for users to remove their personal information from the system
- TA2863: California Civil Code: Requests to delete [Updated]
  - INFO: Updated the title and text.
T184: Perform authorization checks on RESTful web services
- TA2974: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T185: Follow best practices to secure SAML implementations
- TA2975: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T186: Use recommended settings and the latest patches for third party libraries and software
- TA102: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA863: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T193: Review non-categorized/miscellaneous findings from automated analysis
- TA178: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA2977: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T194: Obtain user consent for tracking cookies [Updated]
- INFO: Updated the priority.
T197: Encrypt and sign any remote code/update and then validate the signature to verify its origin and integrity
- TA103: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA179: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA251: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
- TA882: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T202: Prevent buffer overflow/underflow
- TA909: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T205: Avoid inter-process race conditions
- TA883: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T207: Provide special data protection for children's personal information [Updated]
- INFO: Updated the priority.
- TA2979: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T210: Encrypt sensitive data during transmission for rich clients
- TA104: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA180: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA2980: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T214: Protect confidential files on operating system or server [Updated]
- INFO: Updated the priority.
- TA2981: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T217: Use compiler settings to mitigate buffer overflows
- TA2982: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T219: Avoid transmitting confidential data through URL parameters
- TA2983: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T220: Verify that user password is salted and hashed
- TA105: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA181: DIACAP Notes [Updated]
  - INFO: Updated the title.
T222: Verify server-to-server authentication
- TA106: MDS2 Notes [Updated]
  - INFO: Updated the title.
T225: Test that password fields are masked by default
- TA107: MDS2 Notes [Updated]
  - INFO: Updated the title.
T229: Verify that logs do not contain confidential data
- TA108: MDS2 Notes [Updated]
  - INFO: Updated the title.
T230: Test that sever-to-server system accounts meet minimum password requirements
- TA109: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA182: DIACAP Notes [Updated]
  - INFO: Updated the title.
T232: Verify that end-user transaction logs capture sufficient information
- TA110: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA183: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA252: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
T233: Verify that each person using the system is assigned a unique user ID
- TA111: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA184: DIACAP Notes [Updated]
  - INFO: Updated the title.
T235: Verify that application does not store protected health information insecurely
- TA185: DIACAP Notes [Updated]
  - INFO: Updated the title.
T236: Test that the application encrypts protected health information on the Internet
- TA112: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA186: DIACAP Notes [Updated]
  - INFO: Updated the title.
T241: Verify that third party libraries use secure settings and the latest patches
- TA113: MDS2 Notes [Updated]
  - INFO: Updated the title.
T243: Check the authenticity and integrity of received SOAP messages
- TA114: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA853: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T244: Securely delete any unprotected sensitive data before a resource is released or shared
- TA187: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA233: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA886: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T245: Verify that sensitive unprotected data is securely deleted
- TA188: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA234: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
T246: Control access to encrypted volumes independent of native operating system
- TA235: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA2998: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T248: Protect secret keys and passwords in the application
- TA189: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA236: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
- TA875: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T249: Verify that keys and passwords are protected in the application
- TA190: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA237: PCI/PA DSS Notes [Updated]
  - INFO: Updated the title.
T252: Configure XML parsers for secure processing
- TA3001: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T257: Secure cross origin resource sharing (CORS)
- TA3004: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T259: Follow best practices when storing data in Local or Session Storage
- TA117: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA191: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA3005: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T261: Manage iOS Pasteboards that are used with sensitive data
- TA3006: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T262: Mask passwords by default on mobiles but consider usability options
- TA118: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA3007: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T263: Test that password fields are masked by default on mobiles and usability improvement options are implemented
- TA119: MDS2 Notes [Updated]
  - INFO: Updated the title.
T264: Do not use method swizzling in Objective-C
- TA3009: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T270: Follow best practices for storing application data on Android devices
- TA120: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA192: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA3010: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T275: Avoid sending sensitive data using implicit Intents or Broadcasts
- TA3011: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T276: Validate the content of received Intents
- TA3012: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T279: Avoid dynamically loading any code without proper security considerations
- TA3013: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T282: Bind variables in SQL statements for client applications
- TA3014: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T286: Make sure username rules are consistent among the registration system, authentication system, and application
- TA121: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA3016: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T287: Test that usernames are handled consistently by registration system, authentication system and application
- TA122: MDS2 Notes [Updated]
  - INFO: Updated the title.
T288: Prevent unauthorized access to information through XML external references
- TA3018: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T295: Avoid storing unencrypted confidential data without access control mechanisms
- TA123: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA193: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA3020: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T296: Test that unencrypted confidential data is not stored without access control mechanisms
- TA124: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA194: DIACAP Notes [Updated]
  - INFO: Updated the title.
T301: Verify that buffers holding sensitive information are scrubbed
- TA195: DIACAP Notes [Updated]
  - INFO: Updated the title.
T302: Test that sensitive data is transmitted over secure channel for rich clients
- TA125: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA196: DIACAP Notes [Updated]
  - INFO: Updated the title.
T309: Verify that data received from server is validated before handling
- TA126: MDS2 Notes [Updated]
  - INFO: Updated the title.
T313: Identify and classify categories of personal information
- TA127: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA3032: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T314: Verify that personal and confidential information is identified and classified
- TA128: MDS2 Notes [Updated]
  - INFO: Updated the title.
T315: Verify that potential security-critical events are logged
- TA197: DIACAP Notes [Updated]
  - INFO: Updated the title.
T316: Prevent unauthorized access to information through keyboard caches and shared dictionaries
- TA3035: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T321: Verify that Local and Session Storage are securely used
- TA129: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA198: DIACAP Notes [Updated]
  - INFO: Updated the title.
T322: Include HTTP Strict-Transport-Security headers in HTTPS responses
- TA3039: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T323: Test that default accounts are disabled or default passwords are changed
- TA130: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA199: DIACAP Notes [Updated]
  - INFO: Updated the title.
T327: Review security of Node.js modules before installation
- TA3041: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T335: Sanitize user input before passing to NoSQL operators
- TA3043: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T337: Include a 'break glass' feature that enables emergency functions
- TA131: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA3483: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T338: Control access to resources through user authentication and authorization
- TA132: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA200: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA253: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
- TA841: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T340: Use an account and identity management system
- TA133: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA201: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA3484: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T341: Test that certificate validation and subject identification are properly performed in PKI based authentication [Deactivated]
T342: Inform and warn users about using critical system services
- TA202: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA3047: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T343: Test that proper system use notification is displayed or sent for critical features
- TA203: DIACAP Notes [Updated]
  - INFO: Updated the title.
T344: Enforce different rules for access to the system based on the origin, type and medium of request
- TA135: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA3049: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
- TA5450: ISASecure SSA 311 requirements: Levels (3, 4) [Updated]
  - INFO: Updated the text.
T345: Check the integrity of critical configuration and data files
- TA136: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA3050: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T346: Test that the integrity of important configuration and data files are checked
- TA137: MDS2 Notes [Updated]
  - INFO: Updated the title.
T347: Fail to a known state with predefined outputs
- TA899: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T349: Protect audit information and logs against unauthorized access
- TA204: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA254: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
- TA859: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T350: Verify that audit information is sufficiently protected
- TA205: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA255: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
T353: Control the inbound and outbound data flow across the boundaries of zones
- TA206: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA842: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T355: Verify that inbound/outbound traffic is properly filtered
- TA207: DIACAP Notes [Updated]
  - INFO: Updated the title.
T356: Break the system into zones and design the conduits
- TA864: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T360: Partition the application in a way that facilitates adoption of a zoning model
- TA902: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T363: Design a priority scheme for application services and operations
- TA208: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA3056: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T364: Enable secure backup and restore capabilities
- TA138: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA209: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA865: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T365: Verify the security of backing up and restoring procedures
- TA139: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA210: DIACAP Notes [Updated]
  - INFO: Updated the title.
T367: Mitigate the security risks of power cut and power supply switch
- TA212: DIACAP Notes [Updated]
  - INFO: Updated the title.
- TA890: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T368: Test system/application security in the event of a power cut or power supply switch
- TA213: DIACAP Notes [Updated]
  - INFO: Updated the title.
T370: Follow best practices for using third-party software libraries/modules and open source/COTS components [Updated]
- INFO: Updated the text.
- TA141: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA861: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T371: Provide unified and manageable interfaces for security settings and configuration parameters
- TA142: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA845: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T373: Design and regulate access to unauthenticated parts of the application
- TA3059: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T377: De-identify protected health information before using it for a secondary purpose
- TA144: MDS2 Notes [Updated]
  - INFO: Updated the title.
T378: Authorize every request for data objects
- TA3060: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T379: Provide sufficient documentation for security-related features
- TA6234: Define security policies (NIST-SSDF) [Added]
- TA145: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA256: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
- TA885: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T380: Verify that security documents are complete
- TA146: MDS2 Notes [Updated]
  - INFO: Updated the title.
- TA257: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
T381: Test break-glass procedures
- TA147: MDS2 Notes [Updated]
  - INFO: Updated the title.
T394: Secure one-time passwords (OTP)
- TA258: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
- TA873: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T395: Verify that one-time passwords (OTP) are securely used
- TA259: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
T396: Set maximum limits for authorized transactions
- TA260: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
- TA3064: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T397: Test the limits of authorized transactions
- TA261: EBA-Security of Internet Payments Notes [Updated]
  - INFO: Updated the title.
T399: Separate delegated payment pages from the rest of the application
- TA3066: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T415: Develop features to allow verifying the authenticity of the product
- TA3069: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T425: Check the authenticity of external devices/applications
- TA868: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T427: Implement previous logon (access) notification
- TA848: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T429: Limit the number of concurrent sessions for each account
- TA849: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T431: Design a response to logging failures and other minor failures
- TA858: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T433: Design a fallback mechanism or a degraded mode for the system
- TA3075: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T437: Include log reduction and report generation capabilities
- TA857: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T451: Disable index and search capabilities for confidential content on iOS
- TA3081: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T453: Perform security function verification on a regular basis
- TA903: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T456: Change default security settings to the most stringent ones and disable unnecessary services and modules
- TA862: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T459: Remove factory default reset button or key metadata used for IoT device registration
- TA3085: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T468: Develop an RFID usage, safety, and privacy policy
- TA3087: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T485: Sign audit records for non-repudiation
- TA3089: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T502: Limit MQTT broker resource consumption
- TA3091: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T504: Check the integrity of MQTT messages
- TA3093: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T514: Prevent formula injection in CSV/Excel files
- TA3094: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T515: Limit resource consumption of outgoing HTTP requests sent to external user-defined webhooks
- TA3095: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T517: Protect user registration and account modification pages against user enumeration
- TA3097: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T520: Design secure SOAP web services
- TA854: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T521: Protect the ZigBee network infrastructure with a Network Key
- TA3100: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T536: Restrict the size of incoming messages in services
- TA3102: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T544: Anonymize (de-identify) identifying information before using it for a secondary purpose [Updated]
- INFO: Updated the priority.
T553: Design secure RESTful web services
- TA3105: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T555: Acquire a secret token from users for signing the payload of webhook notifications
- TA3107: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T558: Authenticate all other components before any network communication with them
- TA869: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T562: Consider Doze, Standby, and battery saving limitations when developing Android applications
- TA3110: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T566: Enable network layer encryption for local area network communications
- TA3112: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T567: Enable network access control for local area network communications
- TA3113: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T569: Prevent parameter tampering in web services
- TA3114: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T570: Sign the parent tag of the SAML assertion before forwarding
- TA3115: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T571: Validate SAML assertions
- TA855: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T574: Prevent information exposure in HyperCat
- TA3116: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T580: Validate return codes in mainframe programs
- TA884: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T582: Secure SYSABEND, SYSUDUMP, or SNAP dumps in mainframe
- TA3120: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T584: Implement update capabilities for your application
- TA3122: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T586: Implement Secure Boot if possible
- TA3123: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T604: Implement a consent withdrawal mechanism [Updated]
- INFO: Updated the priority.
T608: Obfuscate your executables
- TA3133: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T609: Protect your application against debuggers
- TA3134: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T613: Mitigate DDoS attacks with NGINX
- TA3135: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T615: Check your mobile application's integrity and installation source
- TA3136: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T617: Do not rely on APN for delivering critical notifications
- TA3137: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T620: Use SSL/TLS offloading, encryption and certificates with NGINX
- TA3138: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T622: Assign a random revocable token to actions and achievements in the game
- TA3139: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T624: Implement a verifiable log for the game
- TA3141: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T639: Use secure functions to load DLL files
- TA3143: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T640: Design and implement some rootkit detection techniques
- TA3144: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T641: Limit resource consumption of WebSocket connections
- TA3145: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T643: Implement certificate pinning in a hostile environment
- TA3147: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T663: Avoid the use of the 'root' account (AWS) [Updated]
- INFO: Updated the title.
- I592: How to avoid the use of the "root" account (AWS) [Updated]
  - INFO: Updated the title.
T664: Enable multi-factor authentication (MFA) for all IAM users that have a console password (AWS) [Updated]
- INFO: Updated the title.
- I593: How to enable multi-factor authentication (MFA) for all IAM users that have a console password (AWS) [Updated]
  - INFO: Updated the title.
T665: Disable credentials unused for 90 days or greater (AWS) [Updated]
- INFO: Updated the title.
- I594: How to disable credentials unused for 90 days or greater (AWS) [Updated]
  - INFO: Updated the title.
- P840: Not disabling inactive user accounts (AWS) [Updated]
  - INFO: Updated the title.
T666: Rotate access keys every 90 days or less (AWS) [Updated]
- INFO: Updated the title.
- I595: How to rotate access keys every 90 days or less (AWS) [Updated]
  - INFO: Updated the title.
- P161: Password Aging with Long Expiration [Updated]
  - INFO: Updated the title.
T667: Apply minimum IAM password policy requirements (AWS) [Updated]
- INFO: Updated the title.
- I596: How to apply minimum IAM password policy requirements (AWS) [Updated]
  - INFO: Updated the title.
T671: Enable multi-factor authentication for the 'root' account (AWS) [Updated]
- INFO: Updated the title.
- I600: How to enable MFA for the "root" account (AWS) [Updated]
  - INFO: Updated the title.
T672: Register security questions in the AWS account (AWS) [Updated]
- INFO: Updated the title.
- I601: How to register security questions in the AWS account (AWS) [Updated]
  - INFO: Updated the title.
- P847: No backup of passwords and no secondary ways of accessing accounts (AWS) [Updated]
  - INFO: Updated the title.
T673: Attach IAM policies only to groups or roles (AWS) [Updated]
- INFO: Updated the title.
- I602: How to attach IAM policies only to groups or roles (AWS) [Updated]
  - INFO: Updated the title.
T676: Maintain current contact details (AWS) [Updated]
- INFO: Updated the title.
- I605: How to maintain current contact details (AWS) [Updated]
  - INFO: Updated the title.
- P856: Improper contact details associated to account (AWS) [Updated]
  - INFO: Updated the title.
T677: Register security contact information (AWS) [Updated]
- INFO: Updated the title.
- I606: How to register security contact information (AWS) [Updated]
  - INFO: Updated the title.
- P857: Lack of registered security contact information (AWS) [Updated]
  - INFO: Updated the title.
T678: Create a support role to manage incidents with AWS Support (AWS) [Updated]
- INFO: Updated the title.
- I607: How to create a support role to manage incidents with AWS Support (AWS) [Updated]
  - INFO: Updated the title.
- P844: No support role or insufficient permissions to manage incidents (AWS) [Updated]
  - INFO: Updated the title.
T679: Do not set up access keys during initial IAM user setup (AWS) [Updated]
- INFO: Updated the title.
- I608: How to do delete access keys that are created during initial IAM user setup (AWS) [Updated]
  - INFO: Updated the title.
- P845: Generating unnecessary access keys during initial IAM user setup (AWS) [Updated]
  - INFO: Updated the title.
T680: Do not create IAM policies that allow full administrative privileges (AWS) [Updated]
- INFO: Updated the title.
- I609: How to delete IAM policies that allow full administrative privileges (AWS) [Updated]
  - INFO: Updated the title.
T681: Enable CloudTrail in all regions (AWS) [Updated]
- INFO: Updated the title.
- I610: How to enable CloudTrail in all regions (AWS) [Updated]
  - INFO: Updated the title.
- P846: Lack of CloudTrail logs for all regions (AWS) [Updated]
  - INFO: Updated the title.
T682: Make S3 bucket CloudTrail logs publicly inaccessible (AWS) [Updated]
- INFO: Updated the title.
- I611: How to make S3 bucket CloudTrail logs publicly inaccessible (AWS) [Updated]
  - INFO: Updated the title.
- P848: Unauthorized access to CloudTrail log content (AWS) [Updated]
  - INFO: Updated the title.
T683: Integrate CloudTrail logs with CloudWatch Logs for real-time analysis (AWS) [Updated]
- INFO: Updated the title.
- I612: How to integrate CloudTrail logs with CloudWatch Logs for real-time analysis (AWS) [Updated]
  - INFO: Updated the title.
- P849: Nonintegrated CloudTrail trails with CloudWatch Logs (AWS) [Updated]
  - INFO: Updated the title.
T684: Enable AWS Config in all regions (AWS) [Updated]
- INFO: Updated the title.
- I613: How to enable AWS Config in all regions (AWS) [Updated]
  - INFO: Updated the title.
- P851: Disabled AWS Config (AWS) [Updated]
  - INFO: Updated the title.
T685: Enable S3 bucket access logging on the CloudTrail S3 bucket (AWS) [Updated]
- INFO: Updated the title.
- I614: How to enable S3 bucket access logging on the CloudTrail S3 bucket (AWS) [Updated]
  - INFO: Updated the title.
- P852: Disabled S3 bucket logging on target S3 buckets (AWS) [Updated]
  - INFO: Updated the title.
T686: Create log metrics and alarms (AWS) [Updated]
- INFO: Updated the title.
- I615: How to create log metrics and alarms (AWS) [Updated]
  - INFO: Updated the title.
- I626: How to create log metrics and alarms (AWS) - In-depth controls [Updated]
  - INFO: Updated the title.
T688: Apply security group requirements (AWS) [Updated]
- INFO: Updated the title.
- I617: How to apply security group requirements (AWS) [Updated]
  - INFO: Updated the title.
- P839: Unrestricted connectivity to remote console services (AWS) [Updated]
  - INFO: Updated the title.
T689: Enable hardware multi-factor authentication (MFA) for the 'root' account (AWS) [Updated]
- INFO: Updated the title.
- I618: How to enable hardware multi-factor authentication (MFA) for the "root" account (AWS) [Updated]
  - INFO: Updated the title.
- P841: Missing hardware multi-factor authentication (MFA) (AWS) [Updated]
  - INFO: Updated the title.
T690: Use IAM instance roles for resource access from instances (AWS) [Updated]
- INFO: Updated the title.
- I619: How to use IAM instance roles for resource access from instances (AWS) [Updated]
  - INFO: Updated the title.
- P842: Failing to properly use AWS IAM roles (AWS) [Updated]
  - INFO: Updated the title.
T691: Enable CloudTrail log file validation (AWS) [Updated]
- INFO: Updated the title.
- I620: How to enable CloudTrail log file validation (AWS) [Updated]
  - INFO: Updated the title.
- P843: Unsecure use of CloudTrail logs (AWS) [Updated]
  - INFO: Updated the title.
T692: Encrypt CloudTrail logs at rest using KMS CMKs (AWS) [Updated]
- INFO: Updated the title.
- I621: How to encrypt CloudTrail logs at rest using KMS CMKs (AWS) [Updated]
  - INFO: Updated the title.
- P843: Unsecure use of CloudTrail logs (AWS) [Updated]
  - INFO: Updated the title.
T693: Enable rotation for customer created CMKs (AWS) [Updated]
- INFO: Updated the title.
- I622: How to enable rotation for customer created CMKs (AWS) [Updated]
  - INFO: Updated the title.
- P850: Missing rotation for encryption keys (AWS) [Updated]
  - INFO: Updated the title.
T694: Enable VPC flow logging in all VPCs (AWS) [Updated]
- INFO: Updated the title.
- I623: How to enable VPC flow logging in all VPCs (AWS) [Updated]
  - INFO: Updated the title.
T695: Restrict all traffic in the default security group of every VPC (AWS) [Updated]
- INFO: Updated the title.
- I624: How to restrict all traffic in the default security group of every VPC (AWS) [Updated]
  - INFO: Updated the title.
T696: Change routing tables for VPC peering to 'least access' (AWS) [Updated]
- INFO: Updated the title.
- I625: How to change routing tables for VPC peering to "least access" (AWS) [Updated]
  - INFO: Updated the title.
T697: Test that 'root' account is not used (AWS) [Updated]
- INFO: Updated the title.
T698: Test that multi-factor authentication (MFA) is enabled for all IAM users that have a console password (AWS) [Updated]
- INFO: Updated the title.
T699: Test that credentials unused for 90 days or greater are disabled (AWS) [Updated]
- INFO: Updated the title.
- P840: Not disabling inactive user accounts (AWS) [Updated]
  - INFO: Updated the title.
T700: Test that access keys are rotated every 90 days or less (AWS) [Updated]
- INFO: Updated the title.
- P161: Password Aging with Long Expiration [Updated]
  - INFO: Updated the title.
T701: Test that minimum IAM password policy requirements are applied (AWS) [Updated]
- INFO: Updated the title.
T705: Test that multi-factor authentication is enabled for the 'root' account (AWS) [Updated]
- INFO: Updated the title.
T706: Test that security questions are registered in the AWS account (AWS) [Updated]
- INFO: Updated the title.
- P847: No backup of passwords and no secondary ways of accessing accounts (AWS) [Updated]
  - INFO: Updated the title.
T707: Test that IAM policies are attached only to groups or roles (AWS) [Updated]
- INFO: Updated the title.
T710: Verify that contact details are current (AWS) [Updated]
- INFO: Updated the title.
- P856: Improper contact details associated to account (AWS) [Updated]
  - INFO: Updated the title.
T711: Verify that security contact information is registered (AWS) [Updated]
- INFO: Updated the title.
- P857: Lack of registered security contact information (AWS) [Updated]
  - INFO: Updated the title.
T712: Test if a support role has been created to manage incidents with AWS Support (AWS) [Updated]
- INFO: Updated the title.
- P844: No support role or insufficient permissions to manage incidents (AWS) [Updated]
  - INFO: Updated the title.
T713: Test if access keys have been created during initial IAM user setup (AWS) [Updated]
- INFO: Updated the title.
- P845: Generating unnecessary access keys during initial IAM user setup (AWS) [Updated]
  - INFO: Updated the title.
T714: Test if any IAM policy exists that allows full administrative privileges (AWS) [Updated]
- INFO: Updated the title.
T715: Test if CloudTrail is enabled in all regions (AWS) [Updated]
- INFO: Updated the title.
- P846: Lack of CloudTrail logs for all regions (AWS) [Updated]
  - INFO: Updated the title.
T716: Test if S3 bucket CloudTrail logs are not publicly accessible (AWS) [Updated]
- INFO: Updated the title.
- P848: Unauthorized access to CloudTrail log content (AWS) [Updated]
  - INFO: Updated the title.
T717: Test that CloudTrail trails are integrated with CloudWatch Logs (AWS) [Updated]
- INFO: Updated the title.
- P849: Nonintegrated CloudTrail trails with CloudWatch Logs (AWS) [Updated]
  - INFO: Updated the title.
T718: Test if AWS Config is enabled in all regions (AWS) [Updated]
- INFO: Updated the title.
- P851: Disabled AWS Config (AWS) [Updated]
  - INFO: Updated the title.
T719: Test if S3 bucket access logging is enabled on the CloudTrail S3 bucket (AWS) [Updated]
- INFO: Updated the title.
- P852: Disabled S3 bucket logging on target S3 buckets (AWS) [Updated]
  - INFO: Updated the title.
T720: Test that log metrics and alarms are created (AWS) [Updated]
- INFO: Updated the title.
T722: Test Security Group requirements (AWS) [Updated]
- INFO: Updated the title.
- P839: Unrestricted connectivity to remote console services (AWS) [Updated]
  - INFO: Updated the title.
T723: Test that hardware multi-factor authentication (MFA) is enabled for the 'root' account (AWS) [Updated]
- INFO: Updated the title.
- P841: Missing hardware multi-factor authentication (MFA) (AWS) [Updated]
  - INFO: Updated the title.
T724: Test that IAM instance roles are used for resource access from instances (AWS) [Updated]
- INFO: Updated the title.
- P842: Failing to properly use AWS IAM roles (AWS) [Updated]
  - INFO: Updated the title.
T725: Test that log file validation is enabled (AWS) [Updated]
- INFO: Updated the title.
- P843: Unsecure use of CloudTrail logs (AWS) [Updated]
  - INFO: Updated the title.
T726: Test that CloudTrail logs are encrypted at rest using KMS CMKs (AWS) [Updated]
- INFO: Updated the title.
- P843: Unsecure use of CloudTrail logs (AWS) [Updated]
  - INFO: Updated the title.
T727: Test that rotation is enabled for customer created CMKs (AWS) [Updated]
- INFO: Updated the title.
- P850: Missing rotation for encryption keys (AWS) [Updated]
  - INFO: Updated the title.
T728: Test that VPC flow logging is enabled in all VPCs (AWS) [Updated]
- INFO: Updated the title.
T729: Test that the default security group of every VPC restricts all traffic (AWS) [Updated]
- INFO: Updated the title.
T730: Test that routing tables for VPC peering are 'least access' (AWS) [Updated]
- INFO: Updated the title.
T738: Determine the legal basis for transferring personal information [Updated]
- INFO: Updated the priority.
T740: Provide personal information and its processing information to users in an appropriate format [Updated]
- INFO: Updated the text.
T742: Implement technical measures to ensure the accuracy of personal information [Updated]
- INFO: Updated the priority.
T744: Protect pseudonymized personal information [Updated]
- INFO: Updated the priority.
T750: Limit personal information collection and processing to the specified purpose [Updated]
- INFO: Updated the priority.
- TA2864: California Civil Code: Service Provider obligations [Updated]
  - INFO: Updated the title and text.
T751: Provide users with a notification of personal information processing
- TA6228: California Civil Code: Privacy policy [Added]
- TA6229: California Civil Code: Notice of financial incentive [Added]
- TA847: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
- TA2860: California Civil Code: Privacy notice [Updated]
  - INFO: Updated the title and text.
T753: Verify whether personal information is collected only for specified purposes [Updated]
- INFO: Updated the priority.
T754: Enable the restriction of processing personal information of an individual for a specific purpose [Updated]
- INFO: Updated the priority.
- TA2865: California Civil Code: Requests to opt out of the sale of personal information [Updated]
  - INFO: Updated the title and text.
T755: Maintain a Data Processing Register or Record of Business Processing Activities [Updated]
- INFO: Updated the priority.
T765: Authorize user before launching the iOS app via a widget
- TA3179: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T766: Configure the relational database service correctly (AWS) [Updated]
- INFO: Updated the title.
- I629: How to configure the relational database service correctly (AWS) [Updated]
  - INFO: Updated the title.
T767: Encrypt the sensitive Elastic Block Storage volumes (AWS) [Updated]
- INFO: Updated the title.
- I630: How to encrypt the sensitive Elastic Block Storage volumes (AWS) [Updated]
  - INFO: Updated the title.
- P867: Encryption on the sensitive Elastic Block Storage volumes is disabled (AWS) [Updated]
  - INFO: Updated the title.
T768: Do not share sensitive Amazon Machine Images publicly (AWS) [Updated]
- INFO: Updated the title.
- I631: How to remove public launch permissions from Amazon Machine Images (AWS) [Updated]
  - INFO: Updated the title.
- P868: Public Access to sensitive Amazon Machine Images (AWS) [Updated]
  - INFO: Updated the title and match conditions.
T769: Configure Web- and App-tier ELB correctly (AWS) [Updated]
- INFO: Updated the title.
- I632: How to configure Web- and App-tier ELB correctly (AWS) [Updated]
  - INFO: Updated the title.
- I664: How to configure Web and App -tier ELB correctly (AWS) - In-depth controls [Updated]
  - INFO: Updated the title.
T770: Configure S3 buckets correctly (AWS) [Updated]
- INFO: Updated the title.
- I633: How to configure S3 buckets correctly (AWS) [Updated]
  - INFO: Updated the title.
- P870: Misconfiguring S3 buckets (AWS) [Updated]
  - INFO: Updated the title.
T771: Create IAM roles and policies correctly for Amazon EC2 (AWS) [Updated]
- INFO: Updated the title.
- I634: How to create IAM roles and policies correctly for Amazon EC2 (AWS) [Updated]
  - INFO: Updated the title.
- P871: IAM roles and policies are not created properly for Amazon EC2 (AWS) [Updated]
  - INFO: Updated the title.
T772: Configure Auto Scaling Group Launch correctly (AWS) [Updated]
- INFO: Updated the title.
- I635: How to configure Auto Scaling Group Launch correctly (AWS) [Updated]
  - INFO: Updated the title.
- P872: Auto Scaling Group Launch is not configured correctly (AWS) [Updated]
  - INFO: Updated the title.
T773: Create separate IAM groups and policies for administration (AWS) [Updated]
- INFO: Updated the title.
- I636: How to create separate IAM groups and policies for administration (AWS) [Updated]
  - INFO: Updated the title.
- P873: No separate IAM groups and policies for administration (AWS) [Updated]
  - INFO: Updated the title.
T775: Associate an Elastic Load Balancer to each sensitive Auto Scaling Group (AWS) [Updated]
- INFO: Updated the title.
- I638: How to associate an Elastic Load Balancer to each sensitive Auto Scaling Group (AWS) [Updated]
  - INFO: Updated the title.
- P875: An Elastic Load Balancer Is Not Associated to Each Sensitive Auto Scaling Group (AWS) [Updated]
  - INFO: Updated the title.
T776: Ensure each Auto Scaling Group is configured for multiple Availability Zones (AWS) [Updated]
- INFO: Updated the title.
- I639: How to ensure each Auto Scaling Group is configured for multiple Availability Zones (AWS) [Updated]
  - INFO: Updated the title.
- P876: Auto Scaling Group Is Not Configured Correctly for Multiple Availability Zones (AWS) [Updated]
  - INFO: Updated the title.
T777: Use an approved Amazon Machine Image in Auto Scaling Launch Configuration (AWS) [Updated]
- INFO: Updated the title.
- I640: How to use an approved Amazon Machine Image in Auto Scaling Launch Configuration (AWS) [Updated]
  - INFO: Updated the title.
- P877: An Approved Amazon Machine Image Is Not Used in Auto Scaling Launch Configuration (AWS) [Updated]
  - INFO: Updated the title and match conditions.
T779: Ensure Billing Alerts are enabled for increments of X spend (AWS) [Updated]
- INFO: Updated the title.
- I642: How to ensure Billing Alerts are enabled for increments of X spend (AWS) [Updated]
  - INFO: Updated the title.
- P879: Billing Alerts are disabled for increments of X spend (AWS) [Updated]
  - INFO: Updated the title.
T780: Enable AWS Elastic Load Balancer logging (AWS) [Updated]
- INFO: Updated the title.
- I643: How to enable AWS Elastic Load Balancer logging (AWS) [Updated]
  - INFO: Updated the title.
- P880: Inactive AWS Elastic Load Balancer logging (AWS) [Updated]
  - INFO: Updated the title.
T781: Enable AWS CloudFront Logging (AWS) [Updated]
- INFO: Updated the title.
- I644: How to enable AWS CloudFront Logging (AWS) [Updated]
  - INFO: Updated the title.
T782: Create CloudWatch Log Groups (AWS) [Updated]
- INFO: Updated the title.
- I645: How to create CloudWatch Log Groups (AWS) [Updated]
  - INFO: Updated the title.
- P882: CloudWatch Log Groups have same settings (AWS) [Updated]
  - INFO: Updated the title.
T783: Install an agent for AWS CloudWatch Logs within required Auto-Scaling Groups (AWS) [Updated]
- INFO: Updated the title.
- I646: How to install an agent for AWS CloudWatch Logs within required Auto-Scaling Groups (AWS) [Updated]
  - INFO: Updated the title.
- P883: Insufficient monitoring of AWS logs within required Auto-Scaling Groups (AWS) [Updated]
  - INFO: Updated the title.
T784: Create required AWS Managed Config Rules (AWS) [Updated]
- INFO: Updated the title.
- I647: How to create required AWS Managed Config Rules (AWS) [Updated]
  - INFO: Updated the title.
- P884: Failing to create required AWS Managed Config Rules (AWS) [Updated]
  - INFO: Updated the title.
T785: Use CloudFront Content Distribution Network (AWS) [Updated]
- INFO: Updated the title.
- I648: How to use CloudFront Content Distribution Network (AWS) [Updated]
  - INFO: Updated the title.
- P885: Failing to use CloudFront Content Distribution Network (AWS) [Updated]
  - INFO: Updated the title.
T786: Create required subnets (AWS) [Updated]
- INFO: Updated the title.
- I649: How to create required subnets (AWS) [Updated]
  - INFO: Updated the title.
- P886: Misconfiguration of VPCs and subnets (AWS) [Updated]
  - INFO: Updated the title.
T787: Create NAT gateways (AWS) [Updated]
- INFO: Updated the title.
- I650: How to create NAT gateways (AWS) [Updated]
  - INFO: Updated the title.
T789: Create and configure ELB Security Groups (AWS) [Updated]
- INFO: Updated the title.
- I652: How to create and configure ELB Security Groups (AWS) [Updated]
  - INFO: Updated the title.
- P889: Misconfiguration of Security Groups (AWS) [Updated]
  - INFO: Updated the title.
T790: Create and configure Security Groups (AWS) [Updated]
- INFO: Updated the title.
- I653: How to create and configure Security Groups (AWS) [Updated]
  - INFO: Updated the title.
- P889: Misconfiguration of Security Groups (AWS) [Updated]
  - INFO: Updated the title.
T791: Remove redundant Elastic / Public IP addresses (AWS) [Updated]
- INFO: Updated the title.
- I654: How to remove redundant Elastic / Public IP addresses (AWS) [Updated]
  - INFO: Updated the title.
- P891: Redundant Elastic / Public IP addresses (AWS) [Updated]
  - INFO: Updated the title.
T792: Create required Customer Master Keys (AWS) [Updated]
- INFO: Updated the title.
- I655: How to create required Customer Master Keys (AWS) [Updated]
  - INFO: Updated the title.
- P892: Lack of customer-managed Customer Master Keys (AWS) [Updated]
  - INFO: Updated the title.
T794: Extend all public Web-tier SSL/TLS certificates if required (AWS) [Updated]
- INFO: Updated the title.
- I657: How to extend all public Web-tier SSL/TLS certificates if required (AWS) [Updated]
  - INFO: Updated the title.
- P894: Expired public SSL/TLS certificates (AWS) [Updated]
  - INFO: Updated the title.
T795: Configure CloudFront correctly (AWS) [Updated]
- INFO: Updated the title.
- I658: How to configure CloudFront correctly (AWS) [Updated]
  - INFO: Updated the title.
- P895: Misconfiguration of CloudFront (AWS) [Updated]
  - INFO: Updated the title.
T796: Configure DNS for Root Domain (AWS) [Updated]
- INFO: Updated the title.
- I659: How to configure DNS for Root Domain (AWS) [Updated]
  - INFO: Updated the title.
- P896: Misconfiguration of DNS for Root Domain (AWS) [Updated]
  - INFO: Updated the title.
T797: Make all RDS Databases private and ensure RDS instances are inside a VPC (AWS) [Updated]
- INFO: Updated the title.
- I660: How to make all RDS Databases private (AWS) [Updated]
  - INFO: Updated the title.
T798: Don't use the default VPC (AWS) [Updated]
- INFO: Updated the title.
- I661: How to change the default VPC (AWS) [Updated]
  - INFO: Updated the title.
- P898: Using the default VPC (AWS) [Updated]
  - INFO: Updated the title.
T799: Test if the Relational Database Service is configured correctly (AWS) [Updated]
- INFO: Updated the title.
T800: Test if the sensitive Elastic Block Storage volumes are encrypted (AWS) [Updated]
- INFO: Updated the title.
- P867: Encryption on the sensitive Elastic Block Storage volumes is disabled (AWS) [Updated]
  - INFO: Updated the title.
T801: Test if the sensitive Amazon Machine Images are shared publicly (AWS) [Updated]
- INFO: Updated the title.
- P868: Public Access to sensitive Amazon Machine Images (AWS) [Updated]
  - INFO: Updated the title and match conditions.
T802: Test if Web- and App-tier Elastic Load Balancing is correctly configured (AWS) [Updated]
- INFO: Updated the title.
T803: Test if S3 buckets are configured correctly (AWS) [Updated]
- INFO: Updated the title.
- P870: Misconfiguring S3 buckets (AWS) [Updated]
  - INFO: Updated the title.
T804: Test if IAM roles and policies are created correctly for Amazon EC2 (AWS) [Updated]
- INFO: Updated the title.
- P871: IAM roles and policies are not created properly for Amazon EC2 (AWS) [Updated]
  - INFO: Updated the title.
T805: Test if Auto Scaling Group Launch is configured correctly (AWS) [Updated]
- INFO: Updated the title.
- P872: Auto Scaling Group Launch is not configured correctly (AWS) [Updated]
  - INFO: Updated the title.
T806: Test if separate IAM groups and policies are created for administration (AWS) [Updated]
- INFO: Updated the title.
- P873: No separate IAM groups and policies for administration (AWS) [Updated]
  - INFO: Updated the title.
T808: Test if an Elastic Load Balancer is associated to each sensitive Auto Scaling Group (AWS) [Updated]
- INFO: Updated the title.
- P875: An Elastic Load Balancer Is Not Associated to Each Sensitive Auto Scaling Group (AWS) [Updated]
  - INFO: Updated the title.
T809: Test if each Auto Scaling Group is configured for multiple Availability Zones (AWS) [Updated]
- INFO: Updated the title.
- P876: Auto Scaling Group Is Not Configured Correctly for Multiple Availability Zones (AWS) [Updated]
  - INFO: Updated the title.
T810: Test if an approved Amazon Machine Image is used in Auto Scaling Launch Configuration (AWS) [Updated]
- INFO: Updated the title.
- P877: An Approved Amazon Machine Image Is Not Used in Auto Scaling Launch Configuration (AWS) [Updated]
  - INFO: Updated the title and match conditions.
T812: Test if Billing Alerts are enabled for increments of X spend (AWS) [Updated]
- INFO: Updated the title.
- P879: Billing Alerts are disabled for increments of X spend (AWS) [Updated]
  - INFO: Updated the title.
T813: Test that AWS Elastic Load Balancer logging is enabled (AWS) [Updated]
- INFO: Updated the title.
- P880: Inactive AWS Elastic Load Balancer logging (AWS) [Updated]
  - INFO: Updated the title.
T814: Test that AWS CloudFront Logging is enabled (AWS) [Updated]
- INFO: Updated the title.
T815: Test that CloudWatch Log Groups are created (AWS) [Updated]
- INFO: Updated the title.
- P882: CloudWatch Log Groups have same settings (AWS) [Updated]
  - INFO: Updated the title.
T816: Test that AWS CloudWatch Logs agent is installed within required Auto-Scaling Groups (AWS) [Updated]
- INFO: Updated the title.
- P883: Insufficient monitoring of AWS logs within required Auto-Scaling Groups (AWS) [Updated]
  - INFO: Updated the title.
T817: Test for required AWS Managed Config Rules (AWS) [Updated]
- INFO: Updated the title.
- P884: Failing to create required AWS Managed Config Rules (AWS) [Updated]
  - INFO: Updated the title.
T818: Test that CloudFront Content Distribution Network is used (AWS) [Updated]
- INFO: Updated the title.
- P885: Failing to use CloudFront Content Distribution Network (AWS) [Updated]
  - INFO: Updated the title.
T819: Test the configuration of VPCs and subnets (AWS) [Updated]
- INFO: Updated the title.
- P886: Misconfiguration of VPCs and subnets (AWS) [Updated]
  - INFO: Updated the title.
T822: Test the configuration of ELB Security Groups (AWS) [Updated]
- INFO: Updated the title.
- P889: Misconfiguration of Security Groups (AWS) [Updated]
  - INFO: Updated the title.
T823: Test the configuration of Security Groups (AWS) [Updated]
- INFO: Updated the title.
- P889: Misconfiguration of Security Groups (AWS) [Updated]
  - INFO: Updated the title.
T824: Test that redundant Elastic / Public IP addresses are removed (AWS) [Updated]
- INFO: Updated the title.
- P891: Redundant Elastic / Public IP addresses (AWS) [Updated]
  - INFO: Updated the title.
T825: Test that required Customer Master Keys are created (AWS) [Updated]
- INFO: Updated the title.
- P892: Lack of customer-managed Customer Master Keys (AWS) [Updated]
  - INFO: Updated the title.
T827: Test that public Web-tier SSL/TLS certificates are more than 30 days from expiration (AWS) [Updated]
- INFO: Updated the title.
- P894: Expired public SSL/TLS certificates (AWS) [Updated]
  - INFO: Updated the title.
T828: Test that CloudFront is configured correctly (AWS) [Updated]
- INFO: Updated the title.
- P895: Misconfiguration of CloudFront (AWS) [Updated]
  - INFO: Updated the title.
T829: Test that DNS for Root Domain is configured correctly (AWS) [Updated]
- INFO: Updated the title.
- P896: Misconfiguration of DNS for Root Domain (AWS) [Updated]
  - INFO: Updated the title.
T830: Test that RDS Databases are not publicly accessible and are defined in a VPC (AWS) [Updated]
- INFO: Updated the title.
T831: Verify that the default VPC is not used (AWS) [Updated]
- INFO: Updated the title.
- P898: Using the default VPC (AWS) [Updated]
  - INFO: Updated the title.
T837: Adhere to HTTP DNT header [Updated]
- INFO: Updated the priority.
T839: Follow best practices for securely using Android autofill framework
- TA3199: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T856: Keep your web server separate from other services
- TA3201: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T858: Use the vendor supplied version of binaries
- TA3203: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T859: Minimize Apache HTTP Server modules (Apache HTTP Server)
- TA3204: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T861: Set up a non-root user account for running the Apache Web server (Apache HTTP Server)
- TA3206: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T863: Secure Apache directories and files (Apache HTTP Server)
- TA3208: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T865: Secure Apache access control (Apache HTTP Server)
- TA3210: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T867: Restrict Apache options and disable default content (Apache HTTP Server)
- TA3212: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T871: Log Apache errors and access (Apache HTTP Server)
- TA3214: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T873: Apply applicable patches (Apache HTTP Server)
- TA3216: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T875: Secure Apache SSL/TLS (Apache HTTP Server)
- TA3218: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T877: Limit information exposed by Apache (Apache HTTP Server)
- TA3220: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T879: Protect Apache against DoS attacks (Apache HTTP Server)
- TA3222: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T890: Limit the size of Apache's request parameters (Apache HTTP Server)
- TA3224: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T893: Configure AppArmor to restrict Apache processes (Apache HTTP Server)
- TA3226: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T898: Create bastion hosts for administrative access to the resources (AWS)
- TA3228: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T900: Seek user consent before updating your application or installing other software in the background
- TA3230: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T905: Configure application pools securely (Microsoft IIS)
- TA3232: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T906: Set 'global authorization rule' to restrict access (Microsoft IIS)
- TA3233: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T908: Require SSL/TLS for 'forms authentication' (Microsoft IIS)
- TA3234: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T910: Configure transport layer security for 'basic authentication' (Microsoft IIS)
- TA3235: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T913: Ensure HTTP detailed errors are hidden from displaying remotely (Microsoft IIS)
- TA3236: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T914: Ensure cookies are set with HttpOnly attribute (Microsoft IIS)
- TA3237: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T916: Ensure global .NET trust level is configured securely (Microsoft IIS)
- TA3238: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T919: Do not allow unlisted file extensions (Microsoft IIS)
- TA3239: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T923: Configure logging securely on Microsoft IIS (Microsoft IIS)
- TA3240: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T925: Configure TLS/SSL securely for Microsoft IIS (Microsoft IIS)
- TA3241: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T926: Use cookies for forms authentication (Microsoft IIS)
- TA3242: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T927: Do not store 'credentials' in configuration files (Microsoft IIS)
- TA3243: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T929: Ensure custom error messages are not off (Microsoft IIS)
- TA3244: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T931: Ensure httpcookie mode is configured for session state (Microsoft IIS)
- TA3245: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T971: Protect the Shutdown Port (Apache Tomcat)
- TA3260: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T972: Apply access restrictions in Tomcat configurations (Apache Tomcat)
- TA3261: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T973: Accurately set scheme (Apache Tomcat)
- TA3262: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T974: Restrict runtime access to sensitive packages (Apache Tomcat)
- TA3263: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T978: Do not run applications as privileged (Apache Tomcat)
- TA3264: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T983: Force TLS for manager application (Apache Tomcat)
- TA3265: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T984: Enable strict servlet compliance (Apache Tomcat)
- TA3266: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T989: Setup Client-cert Authentication (Apache Tomcat)
- TA3267: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T991: Configure connectionTimeout (Apache Tomcat)
- TA3268: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T993: Force TLS for all applications (Apache Tomcat)
- TA3269: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1027: Configure TLS/SSL securely (Apache Tomcat)
- TA3280: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1028: Log sufficiently and protect logs (Apache Tomcat)
- TA3281: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1041: Enable multi-factor authentication (Microsoft Azure)
- TA3284: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1055: Update VMs (Microsoft Azure)
- TA3286: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1057: Enable disk and storage encryption (Microsoft Azure)
- TA3288: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1065: Enable data encryption in transit (Microsoft Azure)
- TA3290: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1077: Log critical events (Microsoft Azure)
- TA3292: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1083: Disable non-required user capabilities (Microsoft Azure)
- TA3294: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1092: Do not store sensitive cleartext information in cookies
- TA3296: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1094: Place MySQL data and logs on non-system partitions (MySQL)
- TA3298: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1096: Keep MySQL separate from other services (MySQL)
- TA3300: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1102: Securely set file and directory permissions (MySQL)
- TA3302: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1104: Apply the latest security patches (MySQL)
- TA3304: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1108: Ensure that password policy is in place (MySQL)
- TA3306: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1116: Drop the default 'test' database (MySQL)
- TA3308: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1126: Log errors and critical events (MySQL)
- TA3310: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1128: Ensure raw logging of password is disabled (MySQL)
- TA3312: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1132: Set up SSL/TLS properly (MySQL)
- TA3314: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1146: Enable DEP and ASLR on your server
- TA3316: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1148: Validate JSON files
- TA3318: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1166: Encrypt data exchanged between containers on different nodes on the overlay network (Docker)
- TA3320: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1172: Secure daemon configuration files (Docker)
- TA3322: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1176: Use trusted base images and include the latest security patches (Docker)
- TA3324: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1188: Configure Linux Security Modules (Docker)
- TA3326: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1214: Restrict containers from acquiring additional privileges (Docker)
- TA3328: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1224: Use authorization plugin (Docker)
- TA3330: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1252: Configure logs securely (Kubernetes)
- TA3332: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1266: Set permissions for sensitive files properly (Kubernetes)
- TA3336: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1272: Create administrative boundaries between resources using namespaces (Kubernetes)
- TA3338: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1290: Apply security context to your pods and containers (Kubernetes)
- TA3340: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1342: Enable automatic node repair and upgrades for Kubernetes clusters (Google Cloud)
- TA3352: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1346: Ensure Kubernetes clusters are created with Alias IP ranges enabled (Google Cloud)
- TA3354: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1348: Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters (Google Cloud)
- TA3356: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1362: Perform message throttling in Web APIs
- TA3360: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1367: Identify and classify critical assets
- TA3363: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1368: Perform security testing using SAST tools
- TA3364: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1369: Perform security testing using DAST tools
- TA3365: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1370: Identify and track common software weaknesses and threats
- TA6237: Establish a vulnerability disclosure program (NIST-SSDF) [Added]
- TA3366: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1371: Use a software security management solution to select and track security controls
- TA3367: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1372: Follow software change management process
- TA3368: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1373: Maintain the integrity of all software code
- TA3369: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1374: Ensure the integrity of software release and update delivery
- TA6235: Securely archive necessary files and other data to be retained for each software release (NIST-SSDF) [Added]
T1376: Provide and maintain guidance on secure installation, maintenance, and configuration of all software components
- TA3370: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1377: Establish and maintain a bi-directional communication channel for receiving security reports and sending security notifications
- TA3371: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1378: Release a change summary for each software update
- TA3372: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1380: Enforce secure user registration and access control
- TA3373: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1382: Manage performance and capacity
- TA3374: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1383: Separate development, test, and operational environments [Updated]
- INFO: Updated the text.
- TA3375: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1384: Back up and restore securely
- TA3376: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1385: Institute secure logging and event monitoring
- TA3377: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1388: Triage and fix vulnerabilities discovered during automated and manual security tests
- TA3378: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1389: Perform penetration testing
- TA3379: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1397: Use the most recent service packs and hotfixes (Microsoft SQL Server)
- TA3380: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1417: Disable 'Trustworthy' database option (Microsoft SQL Server)
- TA3382: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1451: Maintain audit logs for all database activities (Microsoft SQL Server)
- TA3384: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1453: Validate user input before transmitting it to the SQL server (Microsoft SQL Server)
- TA3386: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1457: Use a strong symmetric key encryption algorithm (Microsoft SQL Server)
- TA3388: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1459: Use asymmetric keys of at least 2048-bit long (Microsoft SQL Server)
- TA3390: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1465: Decide how to handle sessions/authorization state in your Angular application (Angular)
- TA3392: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1466: Restrict sending of authorization state to approved origins in Angular (Angular)
- TA3393: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1468: Encrypt sensitive data at rest in the browser
- TA3395: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1469: Prevent sensitive data leakage through Content Security Policy (CSP) reports
- TA3396: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1538: Avoid DOM-based Cross-Site Scripting (XSS) in Angular applications (Angular)
- TA3397: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1539: Clear browser data on user logout
- TA3398: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1541: Decide on the best CSRF defense for your application
- TA3400: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1542: Use the correct HTTP methods for making state-changing operations
- TA3401: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1543: Leverage origin isolation for compartmentalization
- TA3402: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1544: Isolate untrusted content in a sandbox
- TA3403: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1613: Use latest versions and patches (Oracle Database)
- TA3404: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1615: Keep passwords secure (Oracle Database)
- TA3406: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1617: Remove all sample data and sample schemas (Oracle Database)
- TA3408: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1619: Keep audit parameters enabled at all times (Oracle Database)
- TA3410: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1639: Maintain server logs for bad packets received from the client (Oracle Database)
- TA3412: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1649: Lock out accounts after 5 unsuccessful attempts (Oracle Database)
- TA3414: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1651: Accounts must be unlocked automatically after a period of time (Oracle Database)
- TA3416: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1655: Limit the number of sessions per user (Oracle Database)
- TA3418: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1659: Revoke excessive system privileges from unauthorized users (Oracle Database)
- TA3420: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1673: All traditional audit options must be enabled at all times (Oracle Database)
- TA3422: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1733: Enable all unified audit options (Oracle Database)
- TA3424: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1878: Grant minimal IAM permissions (especially to Lambda functions) (AWS)
- TA3426: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1881: Mitigate the risk of uncontrolled data harvesting
- TA3427: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1885: Ensure Lambda functions handle input safely (AWS)
- TA3429: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1887: Decide on the right OAuth 2.0 flow for your application
- TA3430: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1888: Decide on the right OpenID Connect flow for your application
- TA3431: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1892: Perform a Threat and Risk Assessment (TRA) [Updated]
- INFO: Updated the text.
- TA3432: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1897: Encrypt SQS queue messages (AWS)
- TA3433: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1899: Do not allow unauthorized access to SQS queues (AWS)
- TA3435: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1903: Enforce Network ACLs for RDS (AWS)
- TA3437: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1906: Enforce authentication on your relational database services (AWS)
- TA3438: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1919: Use JSON Web Token (JWT) securely
- TA3440: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T1920: Conduct security architecture and design reviews before starting code development
- TA6236: Review the software design (NIST-SSDF) [Added]
T1947: Configure auditing properly on the API server (OpenShift)
- TA3441: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2037: Set root filesystems to be read-only (Amazon ECS)
- TA3443: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2038: Apply resource limits on containers (Amazon ECS)
- TA3444: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2040: Ensure host operating systems are up to date (Amazon ECS)
- TA3445: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2044: Utilize AWS parameter store for sensitive data storage (Amazon ECS)
- TA3446: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2047: Attach IAM policies to DynamoDB resources (Amazon DynamoDB)
- TA3447: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2059: Enable App Service authentication and identity management (Microsoft Azure)
- TA3448: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2067: Use the latest version of software on App Service (Microsoft Azure)
- TA3450: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2071: Enable logging of important PostgreSQL security events (Microsoft Azure)
- TA3452: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2111: Set the 'Per-User Session Limit' to a value of '3' or lower (Docker)
- TA3454: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2113: Set the 'Lifetime Minutes' and 'Renewal Threshold Minutes' values to '15' or lower and '0' respectively (Docker)
- TA3456: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2118: Exercise security monitoring best practices in Microservices environments
- TA3458: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2121: Exercise security best practices for service rate limiting in Microservices environments [Updated]
- INFO: Updated the text.
- TA3459: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2122: Update Android Security Provider
- TA3460: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2125: Exercise security strategies for handling session persistence
- TA3462: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2128: Develop a process to notify users and regulators of breaches of personal information
- TA3463: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2130: Exercise best practices for securing microservices communication
- TA3464: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2133: Protect the security of data in iOS
- TA3465: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2134: Compile iOS applications with PIE and ARC flags
- TA3466: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2141: Perform function level authorization in API
- TA3467: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2144: Implement CAN bus protocol properly (Connected Cars)
- P1548: Poor implementation of CAN bus protocol (Connected Cars) [Updated]
  - INFO: Updated the match conditions.
T2145: Enable gRPC Server-Client Certificate Authentication (.NET Core 3) [Updated]
- INFO: Updated the title and text.
T2149: Perform security checks before external infotainment communication (Connected Cars)
- TA3469: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2154: Validate all YAML input
- TA3471: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2155: Follow security best practices for YAML parsers
- TA3472: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2161: Ensure the cloud management interface is secured properly (Cloud)
- TA3473: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2162: Prevent malicious insider risks and privileged user abuse in cloud providers (Cloud)
- TA3474: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2165: Ensure security governance when outsourcing to cloud providers (Cloud)
- TA6231: Use official cloud providers (Terraform) [Added]
- TA3475: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2166: Ensure business continuity over cloud services (Cloud)
- TA3476: ASD-STIG requirements [Updated]
  - INFO: Updated the title.
T2175: Provide documentation for design (Hardware/Firmware) [Updated]
- INFO: Updated the text.
- P1573: Missing documentation for design (Hardware/Firmware) [Updated]
  - INFO: Updated the text.
T2180: Review Access Control Policy (Hardware/Firmware) [Updated]
- INFO: Updated the text.
T2189: Prevent Semiconductor Defects in Hardware Logic with Security-Sensitive Implications (Hardware/Firmware) [Updated]
- INFO: Updated the text.
T2196: Prevent exposure of sensitive system information due to uncleared debug information (Hardware/Firmware) [Updated]
- INFO: Updated the text.
T2201: Enforce physical access control (Hardware/Firmware) [Updated]
- INFO: Updated the title and text.
- P1599: Improper physical access control (Hardware/Firmware) [Updated]
  - INFO: Updated the text.
T2203: Ensure a policy that prevents the use of obsolete encoding (Hardware/Firmware) [Updated]
- INFO: Updated the title and text.
- P1601: Policy uses obsolete encoding (Hardware/Firmware) [Updated]
  - INFO: Updated the text.
T2204: Enforce policy privilege assignments consistently between control and data agents (Hardware/Firmware) [Updated]
- INFO: Updated the text.
- P1602: Policy privileges are not assigned consistently between control and data agents (Hardware/Firmware) [Updated]
  - INFO: Updated the text.
T2205: Prevent a product being released in non-release configuration (Hardware/Firmware) [Updated]
- INFO: Updated the title and text.
- P1603: Product released in non-release configuration (Hardware/Firmware) [Updated]
  - INFO: Updated the text.
T2206: Prevent the generation of incorrect security tokens (Hardware/Firmware) [Updated]
- INFO: Updated the title and text.
- P1604: Generation of incorrect security tokens (Hardware/Firmware) [Updated]
  - INFO: Updated the text.
T2211: Include a firmware update mechanism/feature (Hardware/Firmware) [Updated]
- INFO: Updated the title and text.
- P1609: Firmware cannot be updated (Hardware/Firmware) [Updated]
  - INFO: Updated the title and text.
T2278: Test to confirm that different rules for access to the system are enforced based on the origin, type, and medium of the request
- TA5449: ISASecure SSA 311 requirements: Levels (3, 4) [Updated]
  - INFO: Updated the text.
T2286: Configure a secure user authentication (Cloud) (1/2) [Updated]
- INFO: Updated the title.
T2287: Configure a secure user authorization (Cloud) (1/2) [Updated]
- INFO: Updated the title.
T2288: Design a secure application architecture for the cloud environment (Cloud) (1/2) [Updated]
- INFO: Updated the title.
T2289: Secure network access control (Cloud) (1/4) [Updated]
- INFO: Updated the title.
T2290: Secure data in transit (Cloud) (1/2) [Updated]
- INFO: Updated the title.
T2292: Protect data at rest (Cloud) (1/3) [Updated]
- INFO: Updated the title.
T2293: Enable logging and protect log files in your cloud environment (Cloud) (1/4) [Updated]
- INFO: Updated the title.
T2294: Enable logs and configuration monitoring in your cloud environment (Cloud) (1/4) [Updated]
- INFO: Updated the title.
T2305: Verify that logging is enabled and log files are protected (Cloud) (1/2) [Updated]
- INFO: Updated the title.
T2306: Verify that log monitoring and configuration monitoring are enabled (Cloud) (1/3) [Updated]
- INFO: Updated the title.
T2310: Implement proper authentication and authorization (Containerization) (1/2) [Updated]
- INFO: Updated the title.
T2315: Use managed services (Containerization) [Updated]
- INFO: Updated the text.
T2335: Securely automate your infrastructure provisioning process (Terraform) [Added]
- P1678: Unsafe infrastructure as a code(IaC) process [Added]
T2336: Use a remote backend to securely store your infrastructure state (Terraform) [Added]
- P1679: Unsafe state of infrastructure as a code(IaC) [Added]
- I1784: Configure a remote backend (Terraform) [Added]
T2337: Keep your infrastructure state secure (Terraform) [Added]
- P1679: Unsafe state of infrastructure as a code(IaC) [Added]
T2338: Protect your credentials (Terraform) [Added]
- I1785: Use a secret manager (Terraform) [Added]
- I1786: Use dynamically generated, short-lived credentials (Terraform) [Added]
- I1791: Setting and retrieving credentials in Terraform [Added]
T2339: Restrict direct access to your cloud provider (Terraform) [Added]
- P1678: Unsafe infrastructure as a code(IaC) process [Added]
T2340: Use Terraform Teams to implement role-based security (Terraform) [Added]
- P1679: Unsafe state of infrastructure as a code(IaC) [Added]
T2341: Catch common security mistakes with a linter (Terraform) [Added]
- P1679: Unsafe state of infrastructure as a code(IaC) [Added]
T2342: Improve your security posture with Sentinel policies (Terraform) [Added]
- P1679: Unsafe state of infrastructure as a code(IaC) [Added]
- I1788: A sample Sentinel policy [Added]
- I1789: Use the Sentinel CLI to test policies [Added]
- I1790: Apply Sentinel policies in your Terraform workflow [Added]
- TA6233: Implement CIS Benchmarks with the Terraform Foundational Policy Library (Sentinel) [Added]
T2343: Implement SSDF-related roles and responsibilities (NIST-SSDF) [Added]
- P1680: Lack of defining proper SSDF roles and responsibilities [Added]
T2344: Implement and augment supporting toolchains by automating SDLC security activities [Added]
- P1681: Lack of automation and implementation of supporting toolchains [Added]
T2345: Define and implement criteria for software security checks [Added]
- P1682: Lack of proper criteria for software security checks [Added]
T2346: Establish an organization-wide software and code repository [Added]
- P1683: Lack of organization-wide software and code repository [Added]
T2347: Configure the Integrated Development Environment, Compilation, Interpreter, and Build Processes [Added]
- P1684: Lack of proper integration of the development environment and tools [Added]
T2348: Perform code reviews [Added]
- P1685: Lack of proper code reviews [Added]
T2349: Configure software to have secure settings by default [Added]
- P1686: Lack of secure default settings [Added]
T2350: Create a Product Security Incident Response Team (PSIRT) [Added]
- P1687: Lack of a Product Security Incident Response Team (PSIRT) [Added]
T2351: Verify that SSDF-related roles and responsibilities are properly defined and assigned (NIST-SSDF) [Added]
- P1680: Lack of defining proper SSDF roles and responsibilities [Added]
T2352: Verify that supporting toolchains are properly implemented [Added]
- P1681: Lack of automation and implementation of supporting toolchains [Added]
T2353: Verify that proper criteria for software security checks are defined and implemented [Added]
- P1682: Lack of proper criteria for software security checks [Added]
T2354: Verify that an organization-wide software and code repository is established and used [Added]
- P1683: Lack of organization-wide software and code repository [Added]
T2355: Verify that the IDE, compiler, interpreter, and build processes are configured securely [Added]
- P1684: Lack of proper integration of the development environment and tools [Added]
T2356: Verify that code reviews are performed properly [Added]
- P1685: Lack of proper code reviews [Added]
T2357: Verify that software is configured to have secure settings by default [Added]
- P1686: Lack of secure default settings [Added]
T2358: Verify that the organization has a Product Security Incident Response Team (PSIRT) [Added]
- P1687: Lack of a Product Security Incident Response Team (PSIRT) [Added]
T2359: Configure a secure user authentication (Cloud) (2/2) [Added]
- TA5646: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 1.19) [Updated]
  - INFO: Updated the inclusion standard.
- TA6062: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA6066: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA6072: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA6082: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 1.12) [Updated]
  - INFO: Updated the inclusion standard.
- TA6084: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.13) [Updated]
  - INFO: Updated the inclusion standard.
- TA6086: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.14) [Updated]
  - INFO: Updated the inclusion standard.
- TA6088: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.15) [Updated]
  - INFO: Updated the inclusion standard.
- I1520: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 1.19) [Updated]
  - INFO: Updated the inclusion standard.
- I1702: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1704: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.4) [Updated]
  - INFO: Updated the inclusion standard.
- I1707: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.7) [Updated]
  - INFO: Updated the inclusion standard.
- I1712: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 1.12) [Updated]
  - INFO: Updated the inclusion standard.
- I1713: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.13) [Updated]
  - INFO: Updated the inclusion standard.
- I1714: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.14) [Updated]
  - INFO: Updated the inclusion standard.
- I1715: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.15) [Updated]
  - INFO: Updated the inclusion standard.
T2360: Configure a secure user authorization (Cloud) (2/2) [Added]
- TA5770: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 2.6) [Updated]
  - INFO: Updated the inclusion standard.
- TA5772: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 2.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA5774: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 2.8) [Updated]
  - INFO: Updated the inclusion standard.
- TA5776: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 2.9) [Updated]
  - INFO: Updated the inclusion standard.
- TA5778: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 2.10) [Updated]
  - INFO: Updated the inclusion standard.
- TA6068: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA6070: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1582: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 2.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1583: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 2.7) [Updated]
  - INFO: Updated the inclusion standard.
- I1584: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 2.8) [Updated]
  - INFO: Updated the inclusion standard.
- I1585: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 2.9) [Updated]
  - INFO: Updated the inclusion standard.
- I1586: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 2.10) [Updated]
  - INFO: Updated the inclusion standard.
- I1705: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.5) [Updated]
  - INFO: Updated the inclusion standard.
- I1706: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 1.6) [Updated]
  - INFO: Updated the inclusion standard.
T2361: Design a secure application architecture for the cloud environment (Cloud) (2/2) [Added]
- TA5850: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA5854: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA5856: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.6) [Updated]
  - INFO: Updated the inclusion standard.
- TA5858: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA5860: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.8) [Updated]
  - INFO: Updated the inclusion standard.
- TA5862: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.9) [Updated]
  - INFO: Updated the inclusion standard.
- TA5864: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.10) [Updated]
  - INFO: Updated the inclusion standard.
- TA5908: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.32) [Updated]
  - INFO: Updated the inclusion standard.
- TA5910: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.33) [Updated]
  - INFO: Updated the inclusion standard.
- I1622: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1624: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.5) [Updated]
  - INFO: Updated the inclusion standard.
- I1625: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1626: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.7) [Updated]
  - INFO: Updated the inclusion standard.
- I1627: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.8) [Updated]
  - INFO: Updated the inclusion standard.
- I1628: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.9) [Updated]
  - INFO: Updated the inclusion standard.
- I1629: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.10) [Updated]
  - INFO: Updated the inclusion standard.
- I1651: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.32) [Updated]
  - INFO: Updated the inclusion standard.
- I1652: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.33) [Updated]
  - INFO: Updated the inclusion standard.
T2362: Secure network access control (Cloud) (2/4) [Added]
- TA5878: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.17) [Updated]
  - INFO: Updated the inclusion standard.
- TA5888: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.22) [Updated]
  - INFO: Updated the inclusion standard.
- TA5890: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.23) [Updated]
  - INFO: Updated the inclusion standard.
- I1636: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.17) [Updated]
  - INFO: Updated the inclusion standard.
- I1641: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.22) [Updated]
  - INFO: Updated the inclusion standard.
- I1642: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.23) [Updated]
  - INFO: Updated the inclusion standard.
T2363: Secure network access control (Cloud) (3/4) [Added]
- TA5892: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.24) [Updated]
  - INFO: Updated the inclusion standard.
- TA5894: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.25) [Updated]
  - INFO: Updated the inclusion standard.
- TA5896: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.26) [Updated]
  - INFO: Updated the inclusion standard.
- TA5898: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.27) [Updated]
  - INFO: Updated the inclusion standard.
- TA5900: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.28) [Updated]
  - INFO: Updated the inclusion standard.
- TA5902: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.29) [Updated]
  - INFO: Updated the inclusion standard.
- TA5904: CIS AWS Three-tier Web Architecture v1.0.0 (Level 2, Recommendation 6.30) [Updated]
  - INFO: Updated the inclusion standard.
- TA5906: CIS AWS Three-tier Web Architecture v1.0.0 (Level 2, Recommendation 6.31) [Updated]
  - INFO: Updated the inclusion standard.
- TA5912: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.34) [Updated]
  - INFO: Updated the inclusion standard.
- TA6114: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 3.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA6116: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 3.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA6118: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 3.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA6120: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 3.4) [Updated]
  - INFO: Updated the inclusion standard.
- I1643: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.24) [Updated]
  - INFO: Updated the inclusion standard.
- I1644: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.25) [Updated]
  - INFO: Updated the inclusion standard.
- I1645: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.26) [Updated]
  - INFO: Updated the inclusion standard.
- I1646: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.27) [Updated]
  - INFO: Updated the inclusion standard.
- I1647: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.28) [Updated]
  - INFO: Updated the inclusion standard.
- I1648: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.29) [Updated]
  - INFO: Updated the inclusion standard.
- I1649: CIS AWS Three-tier Web Architecture v1.0.0 (Level 2, Recommendation 6.30) [Updated]
  - INFO: Updated the inclusion standard.
- I1650: CIS AWS Three-tier Web Architecture v1.0.0 (Level 2, Recommendation 6.31) [Updated]
  - INFO: Updated the inclusion standard.
- I1653: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.34) [Updated]
  - INFO: Updated the inclusion standard.
- I1728: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 3.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1729: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 3.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1730: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 3.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1731: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 3.4) [Updated]
  - INFO: Updated the inclusion standard.
T2364: Secure network access control (Cloud) (4/4) [Added]
- TA6122: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 3.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA6124: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 3.6) [Updated]
  - INFO: Updated the inclusion standard.
- TA6126: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 3.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA6128: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 3.8) [Updated]
  - INFO: Updated the inclusion standard.
- TA6130: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 3.9) [Updated]
  - INFO: Updated the inclusion standard.
- TA6132: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 3.10) [Updated]
  - INFO: Updated the inclusion standard.
- TA6150: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 4.9) [Updated]
  - INFO: Updated the inclusion standard.
- TA6206: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA6214: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA6216: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1732: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 3.5) [Updated]
  - INFO: Updated the inclusion standard.
- I1733: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 3.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1734: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 3.7) [Updated]
  - INFO: Updated the inclusion standard.
- I1735: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 3.8) [Updated]
  - INFO: Updated the inclusion standard.
- I1736: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 3.9) [Updated]
  - INFO: Updated the inclusion standard.
- I1737: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 3.10) [Updated]
  - INFO: Updated the inclusion standard.
- I1746: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 4.9) [Updated]
  - INFO: Updated the inclusion standard.
- I1774: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.5) [Updated]
  - INFO: Updated the inclusion standard.
- I1778: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.5) [Updated]
  - INFO: Updated the inclusion standard.
- I1779: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.6) [Updated]
  - INFO: Updated the inclusion standard.
T2365: Secure data in transit (Cloud) (2/2) [Added]
- TA5886: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.21) [Updated]
  - INFO: Updated the inclusion standard.
- TA6152: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 4.10) [Updated]
  - INFO: Updated the inclusion standard.
- TA6212: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.4) [Updated]
  - INFO: Updated the inclusion standard.
- I1640: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 6.21) [Updated]
  - INFO: Updated the inclusion standard.
- I1747: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 4.10) [Updated]
  - INFO: Updated the inclusion standard.
- I1777: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.4) [Updated]
  - INFO: Updated the inclusion standard.
T2366: Protect data at rest (Cloud) (2/3) [Added]
- TA5736: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 1.6) [Updated]
  - INFO: Updated the inclusion standard.
- TA5744: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 1.10) [Updated]
  - INFO: Updated the inclusion standard.
- TA5756: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 1.16) [Updated]
  - INFO: Updated the inclusion standard.
- TA5840: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.10) [Updated]
  - INFO: Updated the inclusion standard.
- TA5842: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.11) [Updated]
  - INFO: Updated the inclusion standard.
- TA6146: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 4.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA6154: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 4.11) [Updated]
  - INFO: Updated the inclusion standard.
- TA6156: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 5.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA6158: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 5.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA6162: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.1.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1565: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 1.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1569: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 1.10) [Updated]
  - INFO: Updated the inclusion standard.
- I1575: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 1.16) [Updated]
  - INFO: Updated the inclusion standard.
- I1617: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.10) [Updated]
  - INFO: Updated the inclusion standard.
- I1618: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.11) [Updated]
  - INFO: Updated the inclusion standard.
- I1744: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 4.7) [Updated]
  - INFO: Updated the inclusion standard.
- I1748: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 4.11) [Updated]
  - INFO: Updated the inclusion standard.
- I1749: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 5.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1750: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 5.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1752: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.1.2) [Updated]
  - INFO: Updated the inclusion standard.
T2367: Protect data at rest (Cloud) (3/3) [Added]
- TA6164: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.1.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA6198: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA6200: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA6202: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA6204: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA6208: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.6) [Updated]
  - INFO: Updated the inclusion standard.
- TA6210: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA6218: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA6220: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 7.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA6222: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 7.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1753: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.1.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1770: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1771: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1772: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1773: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.4) [Updated]
  - INFO: Updated the inclusion standard.
- I1775: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1776: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.3.7) [Updated]
  - INFO: Updated the inclusion standard.
- I1780: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.7) [Updated]
  - INFO: Updated the inclusion standard.
- I1781: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 7.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1782: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 7.2) [Updated]
  - INFO: Updated the inclusion standard.
T2368: Enable logging and protect log files in your cloud environment (Cloud) (2/4) [Added]
- TA5810: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA5816: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.6) [Updated]
  - INFO: Updated the inclusion standard.
- TA5818: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA5822: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA5824: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1602: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1605: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1606: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.7) [Updated]
  - INFO: Updated the inclusion standard.
- I1608: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1609: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.2) [Updated]
  - INFO: Updated the inclusion standard.
T2369: Enable logging and protect log files in your cloud environment (Cloud) (3/4) [Added]
- TA5826: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA5828: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA5830: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA5832: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.6) [Updated]
  - INFO: Updated the inclusion standard.
- TA5834: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA5836: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.8) [Updated]
  - INFO: Updated the inclusion standard.
- TA5838: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.9) [Updated]
  - INFO: Updated the inclusion standard.
- TA6090: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA6092: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA6094: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA6166: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1610: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1611: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.4) [Updated]
  - INFO: Updated the inclusion standard.
- I1612: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.5) [Updated]
  - INFO: Updated the inclusion standard.
- I1613: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1614: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.7) [Updated]
  - INFO: Updated the inclusion standard.
- I1615: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.8) [Updated]
  - INFO: Updated the inclusion standard.
- I1616: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 5.9) [Updated]
  - INFO: Updated the inclusion standard.
- I1716: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1717: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1718: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1754: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.1) [Updated]
  - INFO: Updated the inclusion standard.
T2370: Enable logging and protect log files in your cloud environment (Cloud) (4/4) [Added]
- TA6232: Monitor the audit logs for problems (Terraform) [Added]
- TA6170: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA6172: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA6174: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA6176: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.6) [Updated]
  - INFO: Updated the inclusion standard.
- TA6178: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA6180: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.8) [Updated]
  - INFO: Updated the inclusion standard.
- TA6190: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.13) [Updated]
  - INFO: Updated the inclusion standard.
- TA6192: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.14) [Updated]
  - INFO: Updated the inclusion standard.
- TA6194: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.15) [Updated]
  - INFO: Updated the inclusion standard.
- TA6196: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.16) [Updated]
  - INFO: Updated the inclusion standard.
- I1756: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1757: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.4) [Updated]
  - INFO: Updated the inclusion standard.
- I1758: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.5) [Updated]
  - INFO: Updated the inclusion standard.
- I1759: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1760: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.7) [Updated]
  - INFO: Updated the inclusion standard.
- I1761: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.8) [Updated]
  - INFO: Updated the inclusion standard.
- I1766: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.13) [Updated]
  - INFO: Updated the inclusion standard.
- I1767: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.14) [Updated]
  - INFO: Updated the inclusion standard.
- I1768: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.15) [Updated]
  - INFO: Updated the inclusion standard.
- I1769: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.16) [Updated]
  - INFO: Updated the inclusion standard.
T2371: Enable logs and configuration monitoring in your cloud environment (Cloud) (2/4) [Added]
- TA5704: CIS AWS Foundation v1.4.0 (Level 2, Recommendation 4.9) [Updated]
  - INFO: Updated the inclusion standard.
- TA5706: CIS AWS Foundation v1.4.0 (Level 2, Recommendation 4.10) [Updated]
  - INFO: Updated the inclusion standard.
- TA5708: CIS AWS Foundation v1.4.0 (Level 2, Recommendation 4.11) [Updated]
  - INFO: Updated the inclusion standard.
- TA5710: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 4.12) [Updated]
  - INFO: Updated the inclusion standard.
- TA5712: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 4.13) [Updated]
  - INFO: Updated the inclusion standard.
- TA5714: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 4.14) [Updated]
  - INFO: Updated the inclusion standard.
- TA5716: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 4.15) [Updated]
  - INFO: Updated the inclusion standard.
- I1549: CIS AWS Foundation v1.4.0 (Level 2, Recommendation 4.9) [Updated]
  - INFO: Updated the inclusion standard.
- I1550: CIS AWS Foundation v1.4.0 (Level 2, Recommendation 4.10) [Updated]
  - INFO: Updated the inclusion standard.
- I1551: CIS AWS Foundation v1.4.0 (Level 2, Recommendation 4.11) [Updated]
  - INFO: Updated the inclusion standard.
- I1552: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 4.12) [Updated]
  - INFO: Updated the inclusion standard.
- I1553: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 4.13) [Updated]
  - INFO: Updated the inclusion standard.
- I1554: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 4.14) [Updated]
  - INFO: Updated the inclusion standard.
- I1555: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 4.15) [Updated]
  - INFO: Updated the inclusion standard.
T2372: Enable logs and configuration monitoring in your cloud environment (Cloud) (3/4) [Added]
- TA5812: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA5814: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA5820: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.8) [Updated]
  - INFO: Updated the inclusion standard.
- TA6096: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA6098: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA6100: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.6) [Updated]
  - INFO: Updated the inclusion standard.
- TA6102: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA6104: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.8) [Updated]
  - INFO: Updated the inclusion standard.
- I1603: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1604: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.4) [Updated]
  - INFO: Updated the inclusion standard.
- I1607: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.8) [Updated]
  - INFO: Updated the inclusion standard.
- I1719: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.4) [Updated]
  - INFO: Updated the inclusion standard.
- I1720: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.5) [Updated]
  - INFO: Updated the inclusion standard.
- I1721: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1722: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.7) [Updated]
  - INFO: Updated the inclusion standard.
- I1723: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.8) [Updated]
  - INFO: Updated the inclusion standard.
T2373: Enable logs and configuration monitoring in your cloud environment (Cloud) (4/4) [Added]
- TA6106: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.9) [Updated]
  - INFO: Updated the inclusion standard.
- TA6108: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.10) [Updated]
  - INFO: Updated the inclusion standard.
- TA6110: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.11) [Updated]
  - INFO: Updated the inclusion standard.
- TA6112: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.12) [Updated]
  - INFO: Updated the inclusion standard.
- TA6168: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA6182: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.9) [Updated]
  - INFO: Updated the inclusion standard.
- TA6184: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.10) [Updated]
  - INFO: Updated the inclusion standard.
- TA6186: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.11) [Updated]
  - INFO: Updated the inclusion standard.
- TA6188: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.12) [Updated]
  - INFO: Updated the inclusion standard.
- I1724: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.9) [Updated]
  - INFO: Updated the inclusion standard.
- I1725: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.10) [Updated]
  - INFO: Updated the inclusion standard.
- I1726: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.11) [Updated]
  - INFO: Updated the inclusion standard.
- I1727: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.12) [Updated]
  - INFO: Updated the inclusion standard.
- I1755: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.2) [Updated]
  - INFO: Updated the inclusion standard.
- I1762: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.9) [Updated]
  - INFO: Updated the inclusion standard.
- I1763: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.10) [Updated]
  - INFO: Updated the inclusion standard.
- I1764: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.11) [Updated]
  - INFO: Updated the inclusion standard.
- I1765: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.12) [Updated]
  - INFO: Updated the inclusion standard.
T2374: Verify that logging is enabled and log files are protected (Cloud) (2/2) [Added]
- TA6179: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA6181: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.8) [Updated]
  - INFO: Updated the inclusion standard.
- TA6191: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.13) [Updated]
  - INFO: Updated the inclusion standard.
- TA6193: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.14) [Updated]
  - INFO: Updated the inclusion standard.
- TA6195: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.15) [Updated]
  - INFO: Updated the inclusion standard.
- TA6197: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 6.2.16) [Updated]
  - INFO: Updated the inclusion standard.
T2375: Verify that log monitoring and configuration monitoring are enabled (Cloud) (2/3) [Added]
- TA5711: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 4.12) [Updated]
  - INFO: Updated the inclusion standard.
- TA5713: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 4.13) [Updated]
  - INFO: Updated the inclusion standard.
- TA5715: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 4.14) [Updated]
  - INFO: Updated the inclusion standard.
T2376: Verify that log monitoring and configuration monitoring are enabled (Cloud) (3/3) [Added]
- TA5717: CIS AWS Foundation v1.4.0 (Level 1, Recommendation 4.15) [Updated]
  - INFO: Updated the inclusion standard.
- TA5813: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA5815: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA5821: CIS AWS Three-tier Web Architecture v1.0.0 (Level 1, Recommendation 4.8) [Updated]
  - INFO: Updated the inclusion standard.
- TA6097: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.4) [Updated]
  - INFO: Updated the inclusion standard.
- TA6099: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.5) [Updated]
  - INFO: Updated the inclusion standard.
- TA6101: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.6) [Updated]
  - INFO: Updated the inclusion standard.
- TA6103: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.7) [Updated]
  - INFO: Updated the inclusion standard.
- TA6105: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.8) [Updated]
  - INFO: Updated the inclusion standard.
- TA6107: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.9) [Updated]
  - INFO: Updated the inclusion standard.
- TA6109: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.10) [Updated]
  - INFO: Updated the inclusion standard.
- TA6111: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.11) [Updated]
  - INFO: Updated the inclusion standard.
- TA6113: CIS Google Cloud Platform Foundation v1.2.0 (Level 1, Recommendation 2.12) [Updated]
  - INFO: Updated the inclusion standard.
- TA6169: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.2) [Updated]
  - INFO: Updated the inclusion standard.
- TA6183: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.9) [Updated]
  - INFO: Updated the inclusion standard.
- TA6185: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.10) [Updated]
  - INFO: Updated the inclusion standard.
- TA6187: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.11) [Updated]
  - INFO: Updated the inclusion standard.
- TA6189: CIS Google Cloud Platform Foundation v1.2.0 (Level 2, Recommendation 6.2.12) [Updated]
  - INFO: Updated the inclusion standard.
T2377: Implement proper authentication and authorization (Containerization) (2/2) [Added]
- TA6027: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.4.1) [Updated]
  - INFO: Updated the inclusion standard.
- TA6037: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.2.6) [Updated]
  - INFO: Updated the inclusion standard.
- TA6039: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.2.9) [Updated]
  - INFO: Updated the inclusion standard.
- TA6051: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.6.3) [Updated]
  - INFO: Updated the inclusion standard.
- TA6056: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 5.5.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1682: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 1, Recommendation 5.4.1) [Updated]
  - INFO: Updated the inclusion standard.
- I1683: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.2.6) [Updated]
  - INFO: Updated the inclusion standard.
- I1684: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.2.9) [Updated]
  - INFO: Updated the inclusion standard.
- I1685: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 4.6.3) [Updated]
  - INFO: Updated the inclusion standard.
- I1686: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (Level 2, Recommendation 5.5.1) [Updated]
  - INFO: Updated the inclusion standard.
Changes to Project Properties and Profiles
- Q206: Privacy
  - Q160: Handles Personal Data
    - Q224: Privacy Regulations
      - A1255: California Civil Code (CCPA and CPRA) [Updated]
        
        INFO: Updated the text and description.
- Q289: Cloud Computing
  - Q290: Cloud Providers
    - A1159: Amazon Web Services (AWS) Content (Not Story-driven) [Updated]
      - INFO: Updated the text and description.
    - A1212: Google Cloud Content (Not Story-driven) [Updated]
      - INFO: Updated the text and description.
    - A1333: New Amazon Web Services (AWS) Content (Story-driven) [Updated]
      - INFO: Updated the text.
    - A1336: New Google Cloud Content (Story-driven) [Updated]
      - INFO: Updated the text.
- Q299: General
  - Q346: IaC Tools [Added]
    - A1338: Terraform [Added]
- Q331: US Federal and NIST
  - Q347: In-Scope for NIST SSDF compliance [Added]
    - A1339: Yes [Added]
New Just-in-Time Training
- Defending PHP (37)
- Defending JavaScript (24)
- OWASP Top 10 (42)
- OAuth Security Fundamentals (20)
- Defending Angular (27)
- OpSec Fundamentals (25)

2022

2022.4

2022.3

2022.2

results matching ""

No results matching ""