feat(aws): add compliance CIS 4.0 (#6937)

2025-12-19 05:17:47 +00:00 · 2025-02-19 03:53:49 +01:00
parent d12ca6301a
commit 22b54b2d8d
6 changed files with 1521 additions and 2 deletions
--- a/README.md
+++ b/README.md
@@ -71,7 +71,7 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe

 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
-| AWS | 564 | 82 | 30 | 10 |
+| AWS | 564 | 82 | 31 | 10 |
 | GCP | 77 | 13 | 4 | 3 |
 | Azure | 140 | 18 | 5 | 3 |
 | Kubernetes | 83 | 7 | 2 | 7 |
--- a/dashboard/compliance/cis_4_0_aws.py
+++ b/dashboard/compliance/cis_4_0_aws.py
@@ -0,0 +1,24 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_cis
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ID",
+            "REQUIREMENTS_DESCRIPTION",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ].copy()
+
+    return get_section_containers_cis(
+        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
+    )
--- a/prowler/compliance/aws/cis_4.0_aws.json
+++ b/prowler/compliance/aws/cis_4.0_aws.json
--- a/prowler/lib/outputs/compliance/cis/cis_aws.py
+++ b/prowler/lib/outputs/compliance/cis/cis_aws.py
@@ -57,6 +57,7 @@ class AWSCIS(ComplianceOutput):
                            Requirements_Attributes_RemediationProcedure=attribute.RemediationProcedure,
                            Requirements_Attributes_AuditProcedure=attribute.AuditProcedure,
                            Requirements_Attributes_AdditionalInformation=attribute.AdditionalInformation,
+                            Requirements_Attributes_DefaultValue=attribute.DefaultValue,
                            Requirements_Attributes_References=attribute.References,
                            Status=finding.status,
                            StatusExtended=finding.status_extended,
@@ -88,6 +89,7 @@ class AWSCIS(ComplianceOutput):
                        Requirements_Attributes_RemediationProcedure=attribute.RemediationProcedure,
                        Requirements_Attributes_AuditProcedure=attribute.AuditProcedure,
                        Requirements_Attributes_AdditionalInformation=attribute.AdditionalInformation,
+                        Requirements_Attributes_DefaultValue=attribute.DefaultValue,
                        Requirements_Attributes_References=attribute.References,
                        Status="MANUAL",
                        StatusExtended="Manual check",
--- a/prowler/lib/outputs/compliance/cis/models.py
+++ b/prowler/lib/outputs/compliance/cis/models.py
@@ -25,6 +25,9 @@ class AWSCISModel(BaseModel):
    Requirements_Attributes_RemediationProcedure: str
    Requirements_Attributes_AuditProcedure: str
    Requirements_Attributes_AdditionalInformation: str
+    Requirements_Attributes_DefaultValue: Optional[
+        str
+    ]  # TODO Optional for now since it's not present in the CIS 1.5, 2.0 and 3.0 AWS benchmark
    Requirements_Attributes_References: str
    Status: str
    StatusExtended: str
--- a/tests/lib/outputs/compliance/cis/cis_aws_test.py
+++ b/tests/lib/outputs/compliance/cis/cis_aws_test.py