chore(release): 3.7.0

.github/workflows/pypi-release.yml

@@ -6,7 +6,6 @@ on:
 
 env:
   RELEASE_TAG: ${{ github.event.release.tag_name }}
-  GITHUB_BRANCH: master
 
 jobs:
   release-prowler-job:
@@ -17,8 +16,7 @@ jobs:
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3
-        with:
-          ref: ${{ env.GITHUB_BRANCH }}
+
       - name: Install dependencies
         run: |
           pipx install poetry
@@ -37,6 +35,8 @@ jobs:
           git commit -m "chore(release): ${{ env.RELEASE_TAG }}" --no-verify
           git tag -fa ${{ env.RELEASE_TAG }} -m "chore(release): ${{ env.RELEASE_TAG }}"
           git push -f origin ${{ env.RELEASE_TAG }}
+          git checkout -B release-${{ env.RELEASE_TAG }}
+          git push origin release-${{ env.RELEASE_TAG }}
           poetry build
       - name: Publish prowler package to PyPI
         run: |
@@ -48,6 +48,7 @@ jobs:
         with:
           token: ${{ secrets.PROWLER_ACCESS_TOKEN }}
           commit-message: "chore(release): update Prowler Version to ${{ env.RELEASE_TAG }}."
+          base: master
           branch: release-${{ env.RELEASE_TAG }}
           labels: "status/waiting-for-revision, severity/low"
           title: "chore(release): update Prowler Version to ${{ env.RELEASE_TAG }}"

.pre-commit-config.yaml

@@ -57,7 +57,7 @@ repos:
         args: ["--ignore=E266,W503,E203,E501,W605"]
 
   - repo: https://github.com/python-poetry/poetry
-    rev: 1.5.1 # add version here
+    rev: 1.4.0 # add version here
     hooks:
       - id: poetry-check
       - id: poetry-lock

README.md

@@ -35,13 +35,13 @@
 
 `Prowler` is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
 
-It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
+It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spainish National Security Schema) and your custom security frameworks.
 
 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.cloud/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.cloud/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
-| AWS | 287 | 56 -> `prowler aws --list-services` | 25 -> `prowler aws --list-compliance` | 5 -> `prowler aws --list-categories` |
-| GCP | 73 | 11 -> `prowler gcp --list-services` | 1 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
-| Azure | 23 | 4 -> `prowler azure --list-services` | CIS soon | 1 -> `prowler azure --list-categories` |
+| AWS | 283 | 55 -> `prowler aws --list-services` | 21 -> `prowler aws --list-compliance` | 5 -> `prowler aws --list-categories` |
+| GCP | 73 | 11 -> `prowler gcp --list-services` | 1 -> `prowler gcp --list-compliance` | 0 -> `prowler gcp --list-categories`|
+| Azure | 20 | 3 -> `prowler azure --list-services` | CIS soon | 1 -> `prowler azure --list-categories` |
 | Kubernetes | Planned | - | - | - |
 
 # 📖 Documentation

contrib/org-multi-account/serverless_codebuild/README.md

@@ -1,6 +1,6 @@
 # Organizational Prowler with Serverless
 
-Language: [Korean](README_kr.md)
+Langage: [Korean](README_kr.md)
 
 This project is created to apply prowler in a multi-account environment within AWS Organizations.
 CloudWatch triggers CodeBuild every fixed time.
@@ -18,12 +18,12 @@ For more information on how to use prowler, see [here](https://github.com/prowle
 2. **Master Account**
    1. Deploy [ProwlerRole.yaml](templates/ProwlerRole.yaml) stack to CloudFormation in a bid to create resources to master account itself.
       (The template will be also deployed for other member accounts as a StackSet)
-      - ProwlerCodeBuildAccount :  Audit Account ID where CodeBuild resides. (preferably Audit/Security account)
+      - ProwlerCodeBuildAccount :  Audit Acccount ID where CodeBuild resides. (preferably Audit/Security account)
       - ProwlerCodeBuildRole : Role name to use in CodeBuild service
       - ProwlerCrossAccountRole : Role name to assume for Cross account
       - ProwlerS3 : The S3 bucket name where reports will be put
    1. Create **StackSet** with [ProwlerRole.yaml](templates/ProwlerRole.yaml) to deploy Role into member accounts in AWS Organizations.
-      - ProwlerCodeBuildAccount :  Audit Account ID where CodeBuild resides. (preferably Audit/Security account)
+      - ProwlerCodeBuildAccount :  Audit Acccount ID where CodeBuild resides. (preferably Audit/Security account)
       - ProwlerCodeBuildRole : Role name to use in CodeBuild service
       - ProwlerCrossAccountRole : Role name to assume for Cross account
       - ProwlerS3 : The S3 bucket name where reports will be put
@@ -45,4 +45,4 @@ For more information on how to use prowler, see [here](https://github.com/prowle
       - ProwlerReportS3Account : The account where the report S3 bucket resides.
    1. If you'd like to change the scheduled time,
       1. You can change the cron expression of ScheduleExpression within [ProwlerCodeBuildStack.yaml](templates/ProwlerCodeBuildStack.yaml).
-      2. Alternatively, you can make changes directly from Events > Rules > ProwlerExecuteRule > Actions > Edit in CloudWatch console.
+      2. Alternatively, you can make changes directrly from Events > Rules > ProwlerExecuteRule > Actions > Edit in CloudWatch console.

contrib/org-multi-account/serverless_codebuild/README_kr.md

@@ -1,6 +1,6 @@
 # Organizational Prowler with Serverless
 
-Language: [English](README.md)
+Langage: [English](README.md)
 
 이 문서는 AWS Organization 내의 multi account 환경에서 prowler 를 적용하기 위해 작성된 문서입니다.
 일정 시간마다 CloudWatch는 CodeBuild 를 트리거합니다.
@@ -22,7 +22,7 @@ prowler 의 자세한 사용방법은 [이 곳](https://github.com/prowler-cloud
 
       [ProwlerRole.yaml](templates/ProwlerRole.yaml)
 
-      - ProwlerCodeBuildAccount : CodeBuild 가 있는 Audit Account ID
+      - ProwlerCodeBuildAccount : CodeBuild 가 있는 Audit Acccount ID
       - ProwlerCodeBuildRole : CodeBuild의 생성될 Role 이름
       - ProwlerCrossAccountRole : Cross account 용 Assume할 Role 이름
       - ProwlerS3 : report 가 저장될 S3 bucket 명
@@ -30,7 +30,7 @@ prowler 의 자세한 사용방법은 [이 곳](https://github.com/prowler-cloud
 
       [ProwlerRole.yaml](templates/ProwlerRole.yaml)
 
-      - ProwlerCodeBuildAccount : CodeBuild 가 있는 Audit Account
+      - ProwlerCodeBuildAccount : CodeBuild 가 있는 Audit Acccount
       - ProwlerCodeBuildRole : CodeBuild에서 사용할 Role 이름
       - ProwlerCrossAccountRole : Cross account 용 Assume할 Role 이름
       - ProwlerS3 : report 가 저장될 S3 bucket 명

contrib/terraform-kickstarter/readme.md

@@ -2,7 +2,7 @@
 
 ## Introduction
 
-The following demonstrates how to quickly install the resources necessary to perform a security baseline using Prowler.  The speed is based on the prebuilt terraform module that can configure all the resources necessary to run Prowler with the findings being sent to AWS Security Hub.
+The following demonstartes how to quickly install the resources necessary to perform a security baseline using Prowler.  The speed is based on the prebuilt terraform module that can configure all the resources necessuary to run Prowler with the findings being sent to AWS Security Hub.
 
 ## Install
 
@@ -24,7 +24,7 @@ Installing Prowler with Terraform is simple and can be completed in under 1 minu
 
   ![Prowler Install](https://prowler-docs.s3.amazonaws.com/Prowler-Terraform-Install.gif)
 
-   - It is likely an error will return related to the SecurityHub subscription.  This appears to be Terraform related and you can validate the configuration by navigating to the SecurityHub console.  Click Integrations and search for Prowler. Take note of the green check where it says *Accepting findings*
+   - It is likely an error will return related to the SecurityHub subscription.  This appears to be Terraform related and you can validate the configuration by navigating to the SecurityHub console.  Click Integreations and search for Prowler. Take note of the green check where it says *Accepting findings*
 
   ![Prowler Subscription](https://prowler-docs.s3.amazonaws.com/Validate-Prowler-Subscription.gif)
 

contrib/wazuh/README.md

@@ -92,7 +92,7 @@ To make sure rules are working fine, run `/var/ossec/bin/ossec-logtest` and copy
 ```
 You must see 3 phases goin on.
 
-To check if there is any error you can enable the debug mode of `modulesd` setting the `wazuh_modules.debug=0` variable to 2 in `/var/ossec/etc/internal_options.conf` file. Restart wazuh-manager and errors should appear in the `/var/ossec/logs/ossec.log` file.
+To check if there is any error you can enable the debug mode of `modulesd` setting the `wazuh_modules.debug=0` variable to 2 in `/var/ossec/etc/internal_options.conf` file. Restart wazun-manager and errors should appear in the `/var/ossec/logs/ossec.log` file.
 
 ## Thanks
 

docs/index.md

@@ -237,7 +237,7 @@ prowler azure --excluded-services defender iam
 prowler gcp --excluded-services kms
 ```
 
-More options and executions methods that will save your time in [Miscellaneous](tutorials/misc.md).
+More options and executions methods that will save your time in [Miscelaneous](tutorials/misc.md).
 
 You can always use `-h`/`--help` to access to the usage information and all the possible options:
 
@@ -268,7 +268,7 @@ prowler azure --sp-env-auth
 prowler azure --az-cli-auth
 
 # To use browser authentication
-prowler azure --browser-auth --tenant-id "XXXXXXXX"
+prowler azure --browser-auth
 
 # To use managed identity auth
 prowler azure --managed-identity-auth

docs/tutorials/aws/authentication.md

@@ -29,7 +29,3 @@ If your IAM entity enforces MFA you can use `--mfa` and Prowler will ask you to
 
 - ARN of your MFA device
 - TOTP (Time-Based One-Time Password)
-
-## STS Endpoint Region
-
-If you are using Prowler in AWS regions that are not enabled by default you need to use the argument `--sts-endpoint-region` to point the AWS STS API calls `assume-role` and `get-caller-identity` to the non-default region, e.g.: `prowler aws --sts-endpoint-region eu-south-2`.

docs/tutorials/aws/boto3-configuration.md

@@ -1,9 +1,7 @@
 # Boto3 Retrier Configuration
 
 Prowler's AWS Provider uses the Boto3 [Standard](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/retries.html) retry mode to assist in retrying client calls to AWS services when these kinds of errors or exceptions are experienced. This mode includes the following behaviours:
-
 - A default value of 3 for maximum retry attempts. This can be overwritten with the `--aws-retries-max-attempts 5` argument.
-
 - Retry attempts for an expanded list of errors/exceptions:
     ```
     # Transient errors/exceptions
@@ -28,7 +26,6 @@ Prowler's AWS Provider uses the Boto3 [Standard](https://boto3.amazonaws.com/v1/
     SlowDown
     EC2ThrottledException
     ```
-
 - Retry attempts on nondescriptive, transient error codes. Specifically, these HTTP status codes: 500, 502, 503, 504.
 
 - Any retry attempt will include an exponential backoff by a base factor of 2 for a maximum backoff time of 20 seconds.

docs/tutorials/aws/cloudshell.md

@@ -1,6 +1,6 @@
 # AWS CloudShell
 
-Prowler can be easily executed in AWS CloudShell but it has some prerequisites to be able to to so. AWS CloudShell is a container running with `Amazon Linux release 2 (Karoo)` that comes with Python 3.7, since Prowler requires Python >= 3.9 we need to first install a newer version of Python. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:
+Prowler can be easely executed in AWS CloudShell but it has some prerequsites to be able to to so. AWS CloudShell is a container running with `Amazon Linux release 2 (Karoo)` that comes with Python 3.7, since Prowler requires Python >= 3.9 we need to first install a newer version of Python. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:
 
 - First install all dependences and then Python, in this case we need to compile it because there is not a package available at the time this document is written:
 ```

docs/tutorials/aws/multiaccount.md

@@ -41,7 +41,7 @@ for accountId in $ACCOUNTS_LIST; do
 done
 ```
 
-## Scan multiple accounts from AWS Organizations in parallel
+## Scan mutiple accounts from AWS Organizations in parallel
 
 - Declare a variable with all the accounts to scan. To do so, get the list of your AWS accounts in your AWS Organization by running the following command (will create a variable with all your ACTIVE accounts). Remember to run that command with the permissions needed to get that information in your AWS Organizations Management account.
 

docs/tutorials/aws/organizations.md

@@ -1,19 +1,18 @@
 # AWS Organizations
-## Get AWS Account details from your AWS Organization
+## Get AWS Account details from your AWS Organization:
 
 Prowler allows you to get additional information of the scanned account in CSV and JSON outputs. When scanning a single account you get the Account ID as part of the output.
 
 If you have AWS Organizations Prowler can get your account details like Account Name, Email, ARN, Organization ID and Tags and you will have them next to every finding in the CSV and JSON outputs.
 
-In order to do that you can use the option `-O`/`--organizations-role <organizations_role_arn>`. See the following sample command:
+- In order to do that you can use the option `-O`/`--organizations-role <organizations_role_arn>`. See the following sample command:
 
-```shell
-prowler aws \
-  -O arn:aws:iam::<management_organizations_account_id>:role/<role_name>
 ```
-> Make sure the role in your AWS Organizations management account has the permissions `organizations:ListAccounts*` and `organizations:ListTagsForResource`.
+prowler aws -O arn:aws:iam::<management_organizations_account_id>:role/<role_name>
+```
+> Make sure the role in your AWS Organizatiosn management account has the permissions `organizations:ListAccounts*` and `organizations:ListTagsForResource`.
 
-In that command Prowler will scan the account and getting the account details from the AWS Organizations management account assuming a role and creating two reports with those details in JSON and CSV.
+- In that command Prowler will scan the account and getting the account details from the AWS Organizations management account assuming a role and creating two reports with those details in JSON and CSV.
 
 In the JSON output below (redacted) you can see tags coded in base64 to prevent breaking CSV or JSON due to its format:
 
@@ -31,28 +30,20 @@ The additional fields in CSV header output are as follow:
 ACCOUNT_DETAILS_EMAIL,ACCOUNT_DETAILS_NAME,ACCOUNT_DETAILS_ARN,ACCOUNT_DETAILS_ORG,ACCOUNT_DETAILS_TAGS
 ```
 
-## Extra: run Prowler across all accounts in AWS Organizations by assuming roles
+## Assume Role and across all accounts in AWS Organizations or just a list of accounts:
 
 If you want to run Prowler across all accounts of AWS Organizations you can do this:
 
-1. First get a list of accounts that are not suspended:
+- First get a list of accounts that are not suspended:
 
-    ```shell
-    ACCOUNTS_IN_ORGS=$(aws organizations list-accounts \
-      --query "Accounts[?Status=='ACTIVE'].Id" \
-      --output text \
-    )
-    ```
+```
+ACCOUNTS_IN_ORGS=$(aws organizations list-accounts --query Accounts[?Status==`ACTIVE`].Id --output text)
+```
 
-2. Then run Prowler to assume a role (same in all members) per each account:
+- Then run Prowler to assume a role (same in all members) per each account, in this example it is just running one particular check:
 
-    ```shell
-    for accountId in $ACCOUNTS_IN_ORGS;
-    do
-      prowler aws \
-        -O arn:aws:iam::<management_organizations_account_id>:role/<role_name> \
-        -R arn:aws:iam::"${accountId}":role/<role_name>;
-    done
-    ```
+```
+for accountId in $ACCOUNTS_IN_ORGS; do prowler aws -O arn:aws:iam::<management_organizations_account_id>:role/<role_name>; done
+```
 
-> Using the same for loop it can be scanned a list of accounts with a variable like `ACCOUNTS_LIST='11111111111 2222222222 333333333'`
+- Using the same for loop it can be scanned a list of accounts with a variable like `ACCOUNTS_LIST='11111111111 2222222222 333333333'`

docs/tutorials/aws/role-assumption.md

@@ -23,17 +23,13 @@ prowler aws -R arn:aws:iam::<account_id>:role/<role_name>
 prowler aws -T/--session-duration <seconds> -I/--external-id <external_id> -R arn:aws:iam::<account_id>:role/<role_name>
 ```
 
-## STS Endpoint Region
-
-If you are using Prowler in AWS regions that are not enabled by default you need to use the argument `--sts-endpoint-region` to point the AWS STS API calls `assume-role` and `get-caller-identity` to the non-default region, e.g.: `prowler aws --sts-endpoint-region eu-south-2`.
-
 ## Role MFA
 
 If your IAM Role has MFA configured you can use `--mfa` along with  `-R`/`--role <role_arn>` and Prowler will ask you to input the following values to get a new temporary session for the IAM Role provided:
-
 - ARN of your MFA device
 - TOTP (Time-Based One-Time Password)
 
+
 ## Create Role
 
 To create a role to be assumed in one or multiple accounts you can use either as CloudFormation Stack or StackSet the following [template](https://github.com/prowler-cloud/prowler/blob/master/permissions/create_role_to_assume_cfn.yaml) and adapt it.

docs/tutorials/aws/securityhub.md

@@ -29,7 +29,7 @@ prowler -S -f eu-west-1
 
 > **Note 1**: It is recommended to send only fails to Security Hub and that is possible adding `-q` to the command.
 
-> **Note 2**: Since Prowler perform checks to all regions by default you may need to filter by region when running Security Hub integration, as shown in the example above. Remember to enable Security Hub in the region or regions you need by calling `aws securityhub enable-security-hub --region <region>` and run Prowler with the option `-f <region>` (if no region is used it will try to push findings in all regions hubs). Prowler will send findings to the Security Hub on the region where the scanned resource is located.
+> **Note 2**: Since Prowler perform checks to all regions by default you may need to filter by region when runing Security Hub integration, as shown in the example above. Remember to enable Security Hub in the region or regions you need by calling `aws securityhub enable-security-hub --region <region>` and run Prowler with the option `-f <region>` (if no region is used it will try to push findings in all regions hubs). Prowler will send findings to the Security Hub on the region where the scanned resource is located.
 
 > **Note 3**: To have updated findings in Security Hub you have to run Prowler periodically. Once a day or every certain amount of hours.
 

docs/tutorials/aws/v2_to_v3_checks_mapping.md

@@ -1,6 +1,6 @@
 # Check mapping between Prowler v3 and v2
 
-Prowler v3 comes with different identifiers but we maintained the same checks that were implemented in v2. The reason for this change is because in previous versions of Prowler, check names were mostly based on CIS Benchmark for AWS. In v3 all checks are independent from any security framework and they have its own name and ID.
+Prowler v3 comes with different identifiers but we maintained the same checks that were implemented in v2. The reason for this change is because in previows versions of Prowler, check names were mostly based on CIS Benchmark for AWS. In v3 all checks are independent from any security framework and they have its own name and ID.
 
 If you need more information about how new compliance implementation works in Prowler v3 see [Compliance](../../compliance/) section.
 

docs/tutorials/configuration_file.md

@@ -1,14 +1,11 @@
 # Configuration File
-Several Prowler's checks have user configurable variables that can be modified in a common **configuration file**. This file can be found in the following [path](https://github.com/prowler-cloud/prowler/blob/master/prowler/config/config.yaml):
+Several Prowler's checks have user configurable variables that can be modified in a common **configuration file**.
+This file can be found in the following path:
 ```
 prowler/config/config.yaml
 ```
 
-Also you can input a custom configuration file using the `--config-file` argument.
-
-## AWS
-
-### Configurable Checks
+## Configurable Checks
 The following list includes all the checks with configurable variables that can be changed in the mentioned configuration yaml file:
 
 1. aws.ec2_elastic_ip_shodan
@@ -32,73 +29,48 @@ The following list includes all the checks with configurable variables that can
 - aws.awslambda_function_using_supported_runtimes
     - obsolete_lambda_runtimes (List of Strings)
 
-## Azure
+## Config Yaml File
 
-## GCP
+    # AWS EC2 Configuration
+    # aws.ec2_elastic_ip_shodan
+    shodan_api_key: null
+    # aws.ec2_securitygroup_with_many_ingress_egress_rules --> by default is 50 rules
+    max_security_group_rules: 50
+    # aws.ec2_instance_older_than_specific_days --> by default is 6 months (180 days)
+    max_ec2_instance_age_in_days: 180
 
-## Config YAML File Structure
-> This is the new Prowler configuration file format. The old one without provider keys is still compatible just for the AWS provider.
-```yaml
-# AWS Configuration
-aws:
-  # AWS EC2 Configuration
-  # aws.ec2_elastic_ip_shodan
-  shodan_api_key: null
-  # aws.ec2_securitygroup_with_many_ingress_egress_rules --> by default is 50 rules
-  max_security_group_rules: 50
-  # aws.ec2_instance_older_than_specific_days --> by default is 6 months (180 days)
-  max_ec2_instance_age_in_days: 180
+    # AWS VPC Configuration (vpc_endpoint_connections_trust_boundaries, vpc_endpoint_services_allowed_principals_trust_boundaries)
+    # Single account environment: No action required. The AWS account number will be automatically added by the checks.
+    # Multi account environment: Any additional trusted account number should be added as a space separated list, e.g.
+    # trusted_account_ids : ["123456789012", "098765432109", "678901234567"]
+    trusted_account_ids: []
 
-  # AWS VPC Configuration (vpc_endpoint_connections_trust_boundaries, vpc_endpoint_services_allowed_principals_trust_boundaries)
-  # Single account environment: No action required. The AWS account number will be automatically added by the checks.
-  # Multi account environment: Any additional trusted account number should be added as a space separated list, e.g.
-  # trusted_account_ids : ["123456789012", "098765432109", "678901234567"]
-  trusted_account_ids: []
+    # AWS Cloudwatch Configuration
+    # aws.cloudwatch_log_group_retention_policy_specific_days_enabled --> by default is 365 days
+    log_group_retention_days: 365
 
-  # AWS Cloudwatch Configuration
-  # aws.cloudwatch_log_group_retention_policy_specific_days_enabled --> by default is 365 days
-  log_group_retention_days: 365
+    # AWS AppStream Session Configuration
+    # aws.appstream_fleet_session_idle_disconnect_timeout
+    max_idle_disconnect_timeout_in_seconds: 600 # 10 Minutes
+    # aws.appstream_fleet_session_disconnect_timeout
+    max_disconnect_timeout_in_seconds: 300 # 5 Minutes
+    # aws.appstream_fleet_maximum_session_duration
+    max_session_duration_seconds: 36000 # 10 Hours
 
-  # AWS AppStream Session Configuration
-  # aws.appstream_fleet_session_idle_disconnect_timeout
-  max_idle_disconnect_timeout_in_seconds: 600 # 10 Minutes
-  # aws.appstream_fleet_session_disconnect_timeout
-  max_disconnect_timeout_in_seconds: 300 # 5 Minutes
-  # aws.appstream_fleet_maximum_session_duration
-  max_session_duration_seconds: 36000 # 10 Hours
-
-  # AWS Lambda Configuration
-  # aws.awslambda_function_using_supported_runtimes
-  obsolete_lambda_runtimes:
+    # AWS Lambda Configuration
+    # aws.awslambda_function_using_supported_runtimes
+    obsolete_lambda_runtimes:
     [
-      "python3.6",
-      "python2.7",
-      "nodejs4.3",
-      "nodejs4.3-edge",
-      "nodejs6.10",
-      "nodejs",
-      "nodejs8.10",
-      "nodejs10.x",
-      "dotnetcore1.0",
-      "dotnetcore2.0",
-      "dotnetcore2.1",
-      "ruby2.5",
+        "python3.6",
+        "python2.7",
+        "nodejs4.3",
+        "nodejs4.3-edge",
+        "nodejs6.10",
+        "nodejs",
+        "nodejs8.10",
+        "nodejs10.x",
+        "dotnetcore1.0",
+        "dotnetcore2.0",
+        "dotnetcore2.1",
+        "ruby2.5",
     ]
-
-  # AWS Organizations
-  # organizations_scp_check_deny_regions
-  # organizations_enabled_regions: [
-  #   'eu-central-1',
-  #   'eu-west-1',
-  #   "us-east-1"
-  # ]
-  organizations_enabled_regions: []
-  organizations_trusted_delegated_administrators: []
-
-# Azure Configuration
-azure:
-
-# GCP Configuration
-gcp:
-
-```

docs/tutorials/developer-guide.md

@@ -4,7 +4,7 @@ You can extend Prowler in many different ways, in most cases you will want to cr
 
 ## Get the code and install all dependencies
 
-First of all, you need a version of Python 3.9 or higher and also pip installed to be able to install all dependencies required. Once that is satisfied go a head and clone the repo:
+First of all, you need a version of Python 3.9 or higher and also pip installed to be able to install all dependencies requred. Once that is satisfied go a head and clone the repo:
 
 ```
 git clone https://github.com/prowler-cloud/prowler
@@ -229,7 +229,7 @@ If you want to create or contribute with your own security frameworks or add pub
 
 Each file version of a framework will have the following structure at high level with the case that each framework needs to be generally identified, one requirement can be also called one control but one requirement can be linked to multiple prowler checks.:
 
-- `Framework`: string. Distinguish name of the framework, like CIS
+- `Framework`: string. Indistiguish name of the framework, like CIS
 - `Provider`: string. Provider where the framework applies, such as AWS, Azure, OCI,...
 - `Version`: string. Version of the framework itself, like 1.4 for CIS.
 - `Requirements`: array of objects. Include all requirements or controls with the mapping to Prowler.
@@ -269,7 +269,7 @@ Finally, to have a proper output file for your reports, your framework data mode
 
 ## Contribute with documentation
 
-We use `mkdocs` to build this Prowler documentation site so you can easily contribute back with new docs or improving them.
+We use `mkdocs` to build this Prowler documentation site so you can easely contribute back with new docs or improving them.
 
 1. Install `mkdocs` with your favorite package manager.
 2. Inside the `prowler` repository folder run `mkdocs serve` and point your browser to `http://localhost:8000` and you will see live changes to your local copy of this documentation site.

docs/tutorials/pentesting.md

@@ -6,7 +6,7 @@ Prowler has some checks that analyse pentesting risks (Secrets, Internet Exposed
 
 Prowler uses `detect-secrets` library to search for any secrets that are stores in plaintext within your environment.
 
-The actual checks that have this functionality are:
+The actual checks that have this funcionality are:
 
 1. autoscaling_find_secrets_ec2_launch_configuration
 - awslambda_function_no_secrets_in_code

docs/tutorials/reporting.md

@@ -19,7 +19,7 @@ prowler <provider> -M csv json json-asff html -F <custom_report_name>
 ```console
 prowler <provider> -M csv json json-asff html -o <custom_report_directory>
 ```
-> Both flags can be used simultaneously to provide a custom directory and filename.
+> Both flags can be used simultainously to provide a custom directory and filename.
 ```console
 prowler <provider> -M csv json json-asff html -F <custom_report_name> -o <custom_report_directory>
 ```

mkdocs.yml

@@ -33,7 +33,7 @@ nav:
       - Reporting: tutorials/reporting.md
       - Compliance: tutorials/compliance.md
       - Quick Inventory: tutorials/quick-inventory.md
-      - Slack Integration: tutorials/integrations.md
+      - Integrations: tutorials/integrations.md
       - Configuration File: tutorials/configuration_file.md
       - Logging: tutorials/logging.md
       - Allowlist: tutorials/allowlist.md

poetry.lock

@@ -28,13 +28,13 @@ grapheme = "0.6.0"
 
 [[package]]
 name = "astroid"
-version = "2.15.6"
+version = "2.15.4"
 description = "An abstract syntax tree for Python with inference support."
 optional = false
 python-versions = ">=3.7.2"
 files = [
-    {file = "astroid-2.15.6-py3-none-any.whl", hash = "sha256:389656ca57b6108f939cf5d2f9a2a825a3be50ba9d589670f393236e0a03b91c"},
-    {file = "astroid-2.15.6.tar.gz", hash = "sha256:903f024859b7c7687d7a7f3a3f73b17301f8e42dfd9cc9df9d4418172d3e2dbd"},
+    {file = "astroid-2.15.4-py3-none-any.whl", hash = "sha256:a1b8543ef9d36ea777194bc9b17f5f8678d2c56ee6a45b2c2f17eec96f242347"},
+    {file = "astroid-2.15.4.tar.gz", hash = "sha256:c81e1c7fbac615037744d067a9bb5f9aeb655edf59b63ee8b59585475d6f80d8"},
 ]
 
 [package.dependencies]
@@ -87,13 +87,13 @@ files = [
 
 [[package]]
 name = "azure-core"
-version = "1.28.0"
+version = "1.26.4"
 description = "Microsoft Azure Core Library for Python"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "azure-core-1.28.0.zip", hash = "sha256:e9eefc66fc1fde56dab6f04d4e5d12c60754d5a9fa49bdcfd8534fc96ed936bd"},
-    {file = "azure_core-1.28.0-py3-none-any.whl", hash = "sha256:dec36dfc8eb0b052a853f30c07437effec2f9e3e1fc8f703d9bdaa5cfc0043d9"},
+    {file = "azure-core-1.26.4.zip", hash = "sha256:075fe06b74c3007950dd93d49440c2f3430fd9b4a5a2756ec8c79454afc989c6"},
+    {file = "azure_core-1.26.4-py3-none-any.whl", hash = "sha256:d9664b4bc2675d72fba461a285ac43ae33abb2967014a955bf136d9703a2ab3c"},
 ]
 
 [package.dependencies]
@@ -124,19 +124,19 @@ six = ">=1.12.0"
 
 [[package]]
 name = "azure-mgmt-authorization"
-version = "4.0.0"
+version = "3.0.0"
 description = "Microsoft Azure Authorization Management Client Library for Python"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "azure-mgmt-authorization-4.0.0.zip", hash = "sha256:69b85abc09ae64fc72975bd43431170d8c7eb5d166754b98aac5f3845de57dc4"},
-    {file = "azure_mgmt_authorization-4.0.0-py3-none-any.whl", hash = "sha256:d8feeb3842e6ddf1a370963ca4f61fb6edc124e8997b807dd025bc9b2379cd1a"},
+    {file = "azure-mgmt-authorization-3.0.0.zip", hash = "sha256:0a5d7f683bf3372236b841cdbd4677f6b08ed7ce41b999c3e644d4286252057d"},
+    {file = "azure_mgmt_authorization-3.0.0-py3-none-any.whl", hash = "sha256:b3f9e584b87d5cc39d41283211237945e620c0b868394880aeded80a126b2c40"},
 ]
 
 [package.dependencies]
 azure-common = ">=1.1,<2.0"
 azure-mgmt-core = ">=1.3.2,<2.0.0"
-isodate = ">=0.6.1,<1.0.0"
+msrest = ">=0.7.1"
 
 [[package]]
 name = "azure-mgmt-core"
@@ -168,22 +168,6 @@ azure-common = ">=1.1,<2.0"
 azure-mgmt-core = ">=1.3.2,<2.0.0"
 isodate = ">=0.6.1,<1.0.0"
 
-[[package]]
-name = "azure-mgmt-sql"
-version = "3.0.1"
-description = "Microsoft Azure SQL Management Client Library for Python"
-optional = false
-python-versions = "*"
-files = [
-    {file = "azure-mgmt-sql-3.0.1.zip", hash = "sha256:129042cc011225e27aee6ef2697d585fa5722e5d1aeb0038af6ad2451a285457"},
-    {file = "azure_mgmt_sql-3.0.1-py2.py3-none-any.whl", hash = "sha256:1d1dd940d4d41be4ee319aad626341251572a5bf4a2addec71779432d9a1381f"},
-]
-
-[package.dependencies]
-azure-common = ">=1.1,<2.0"
-azure-mgmt-core = ">=1.2.0,<2.0.0"
-msrest = ">=0.6.21"
-
 [[package]]
 name = "azure-mgmt-storage"
 version = "21.0.0"
@@ -218,23 +202,23 @@ msrest = ">=0.7.1"
 
 [[package]]
 name = "azure-storage-blob"
-version = "12.17.0"
+version = "12.16.0"
 description = "Microsoft Azure Blob Storage Client Library for Python"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "azure-storage-blob-12.17.0.zip", hash = "sha256:c14b785a17050b30fc326a315bdae6bc4a078855f4f94a4c303ad74a48dc8c63"},
-    {file = "azure_storage_blob-12.17.0-py3-none-any.whl", hash = "sha256:0016e0c549a80282d7b4920c03f2f4ba35c53e6e3c7dbcd2a4a8c8eb3882c1e7"},
+    {file = "azure-storage-blob-12.16.0.zip", hash = "sha256:43b45f19a518a5c6895632f263b3825ebc23574f25cc84b66e1630a6160e466f"},
+    {file = "azure_storage_blob-12.16.0-py3-none-any.whl", hash = "sha256:91bb192b2a97939c4259c72373bac0f41e30810bbc853d5184f0f45904eacafd"},
 ]
 
 [package.dependencies]
-azure-core = ">=1.28.0,<2.0.0"
+azure-core = ">=1.26.0,<2.0.0"
 cryptography = ">=2.1.4"
 isodate = ">=0.6.1"
-typing-extensions = ">=4.3.0"
+typing-extensions = ">=4.0.1"
 
 [package.extras]
-aio = ["azure-core[aio] (>=1.28.0,<2.0.0)"]
+aio = ["azure-core[aio] (>=1.26.0,<2.0.0)"]
 
 [[package]]
 name = "bandit"
@@ -296,17 +280,17 @@ uvloop = ["uvloop (>=0.15.2)"]
 
 [[package]]
 name = "boto3"
-version = "1.26.165"
+version = "1.26.161"
 description = "The AWS SDK for Python"
 optional = false
 python-versions = ">= 3.7"
 files = [
-    {file = "boto3-1.26.165-py3-none-any.whl", hash = "sha256:fa85b67147c8dc99b6e7c699fc086103f958f9677db934f70659e6e6a72a818c"},
-    {file = "boto3-1.26.165.tar.gz", hash = "sha256:9e7242b9059d937f34264125fecd844cb5e01acce6be093f6c44869fdf7c6e30"},
+    {file = "boto3-1.26.161-py3-none-any.whl", hash = "sha256:f66e5c9dbe7f34383bcf64fa6070771355c11a44dd75c7f1279f2f37e1c89183"},
+    {file = "boto3-1.26.161.tar.gz", hash = "sha256:662731e464d14af1035f44fc6a46b0e3112ee011ac0a5ed416d205daa3e15f25"},
 ]
 
 [package.dependencies]
-botocore = ">=1.29.165,<1.30.0"
+botocore = ">=1.29.161,<1.30.0"
 jmespath = ">=0.7.1,<2.0.0"
 s3transfer = ">=0.6.0,<0.7.0"
 
@@ -345,13 +329,13 @@ files = [
 
 [[package]]
 name = "certifi"
-version = "2023.7.22"
+version = "2023.5.7"
 description = "Python package for providing Mozilla's CA Bundle."
 optional = false
 python-versions = ">=3.6"
 files = [
-    {file = "certifi-2023.7.22-py3-none-any.whl", hash = "sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9"},
-    {file = "certifi-2023.7.22.tar.gz", hash = "sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082"},
+    {file = "certifi-2023.5.7-py3-none-any.whl", hash = "sha256:c6c2e98f5c7869efca1f8916fed228dd91539f9f1b444c314c06eef02980c716"},
+    {file = "certifi-2023.5.7.tar.gz", hash = "sha256:0f0d56dc5a6ad56fd4ba36484d6cc34451e1c6548c61daad8c320169f91eddc7"},
 ]
 
 [[package]]
@@ -641,34 +625,30 @@ toml = ["tomli"]
 
 [[package]]
 name = "cryptography"
-version = "41.0.3"
+version = "41.0.0"
 description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "cryptography-41.0.3-cp37-abi3-macosx_10_12_universal2.whl", hash = "sha256:652627a055cb52a84f8c448185922241dd5217443ca194d5739b44612c5e6507"},
-    {file = "cryptography-41.0.3-cp37-abi3-macosx_10_12_x86_64.whl", hash = "sha256:8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922"},
-    {file = "cryptography-41.0.3-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4fd871184321100fb400d759ad0cddddf284c4b696568204d281c902fc7b0d81"},
-    {file = "cryptography-41.0.3-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:84537453d57f55a50a5b6835622ee405816999a7113267739a1b4581f83535bd"},
-    {file = "cryptography-41.0.3-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:3fb248989b6363906827284cd20cca63bb1a757e0a2864d4c1682a985e3dca47"},
-    {file = "cryptography-41.0.3-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:42cb413e01a5d36da9929baa9d70ca90d90b969269e5a12d39c1e0d475010116"},
-    {file = "cryptography-41.0.3-cp37-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:aeb57c421b34af8f9fe830e1955bf493a86a7996cc1338fe41b30047d16e962c"},
-    {file = "cryptography-41.0.3-cp37-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:6af1c6387c531cd364b72c28daa29232162010d952ceb7e5ca8e2827526aceae"},
-    {file = "cryptography-41.0.3-cp37-abi3-win32.whl", hash = "sha256:0d09fb5356f975974dbcb595ad2d178305e5050656affb7890a1583f5e02a306"},
-    {file = "cryptography-41.0.3-cp37-abi3-win_amd64.whl", hash = "sha256:a983e441a00a9d57a4d7c91b3116a37ae602907a7618b882c8013b5762e80574"},
-    {file = "cryptography-41.0.3-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:5259cb659aa43005eb55a0e4ff2c825ca111a0da1814202c64d28a985d33b087"},
-    {file = "cryptography-41.0.3-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:67e120e9a577c64fe1f611e53b30b3e69744e5910ff3b6e97e935aeb96005858"},
-    {file = "cryptography-41.0.3-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:7efe8041897fe7a50863e51b77789b657a133c75c3b094e51b5e4b5cec7bf906"},
-    {file = "cryptography-41.0.3-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:ce785cf81a7bdade534297ef9e490ddff800d956625020ab2ec2780a556c313e"},
-    {file = "cryptography-41.0.3-pp38-pypy38_pp73-macosx_10_12_x86_64.whl", hash = "sha256:57a51b89f954f216a81c9d057bf1a24e2f36e764a1ca9a501a6964eb4a6800dd"},
-    {file = "cryptography-41.0.3-pp38-pypy38_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:4c2f0d35703d61002a2bbdcf15548ebb701cfdd83cdc12471d2bae80878a4207"},
-    {file = "cryptography-41.0.3-pp38-pypy38_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:23c2d778cf829f7d0ae180600b17e9fceea3c2ef8b31a99e3c694cbbf3a24b84"},
-    {file = "cryptography-41.0.3-pp38-pypy38_pp73-win_amd64.whl", hash = "sha256:95dd7f261bb76948b52a5330ba5202b91a26fbac13ad0e9fc8a3ac04752058c7"},
-    {file = "cryptography-41.0.3-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:41d7aa7cdfded09b3d73a47f429c298e80796c8e825ddfadc84c8a7f12df212d"},
-    {file = "cryptography-41.0.3-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:d0d651aa754ef58d75cec6edfbd21259d93810b73f6ec246436a21b7841908de"},
-    {file = "cryptography-41.0.3-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:ab8de0d091acbf778f74286f4989cf3d1528336af1b59f3e5d2ebca8b5fe49e1"},
-    {file = "cryptography-41.0.3-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:a74fbcdb2a0d46fe00504f571a2a540532f4c188e6ccf26f1f178480117b33c4"},
-    {file = "cryptography-41.0.3.tar.gz", hash = "sha256:6d192741113ef5e30d89dcb5b956ef4e1578f304708701b8b73d38e3e1461f34"},
+    {file = "cryptography-41.0.0-cp37-abi3-macosx_10_12_universal2.whl", hash = "sha256:3c5ef25d060c80d6d9f7f9892e1d41bb1c79b78ce74805b8cb4aa373cb7d5ec8"},
+    {file = "cryptography-41.0.0-cp37-abi3-macosx_10_12_x86_64.whl", hash = "sha256:8362565b3835ceacf4dc8f3b56471a2289cf51ac80946f9087e66dc283a810e0"},
+    {file = "cryptography-41.0.0-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3680248309d340fda9611498a5319b0193a8dbdb73586a1acf8109d06f25b92d"},
+    {file = "cryptography-41.0.0-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:84a165379cb9d411d58ed739e4af3396e544eac190805a54ba2e0322feb55c46"},
+    {file = "cryptography-41.0.0-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:4ab14d567f7bbe7f1cdff1c53d5324ed4d3fc8bd17c481b395db224fb405c237"},
+    {file = "cryptography-41.0.0-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:9f65e842cb02550fac96536edb1d17f24c0a338fd84eaf582be25926e993dde4"},
+    {file = "cryptography-41.0.0-cp37-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:b7f2f5c525a642cecad24ee8670443ba27ac1fab81bba4cc24c7b6b41f2d0c75"},
+    {file = "cryptography-41.0.0-cp37-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:7d92f0248d38faa411d17f4107fc0bce0c42cae0b0ba5415505df72d751bf62d"},
+    {file = "cryptography-41.0.0-cp37-abi3-win32.whl", hash = "sha256:34d405ea69a8b34566ba3dfb0521379b210ea5d560fafedf9f800a9a94a41928"},
+    {file = "cryptography-41.0.0-cp37-abi3-win_amd64.whl", hash = "sha256:344c6de9f8bda3c425b3a41b319522ba3208551b70c2ae00099c205f0d9fd3be"},
+    {file = "cryptography-41.0.0-pp38-pypy38_pp73-macosx_10_12_x86_64.whl", hash = "sha256:88ff107f211ea696455ea8d911389f6d2b276aabf3231bf72c8853d22db755c5"},
+    {file = "cryptography-41.0.0-pp38-pypy38_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:b846d59a8d5a9ba87e2c3d757ca019fa576793e8758174d3868aecb88d6fc8eb"},
+    {file = "cryptography-41.0.0-pp38-pypy38_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:f5d0bf9b252f30a31664b6f64432b4730bb7038339bd18b1fafe129cfc2be9be"},
+    {file = "cryptography-41.0.0-pp38-pypy38_pp73-win_amd64.whl", hash = "sha256:5c1f7293c31ebc72163a9a0df246f890d65f66b4a40d9ec80081969ba8c78cc9"},
+    {file = "cryptography-41.0.0-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:bf8fc66012ca857d62f6a347007e166ed59c0bc150cefa49f28376ebe7d992a2"},
+    {file = "cryptography-41.0.0-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:a4fc68d1c5b951cfb72dfd54702afdbbf0fb7acdc9b7dc4301bbf2225a27714d"},
+    {file = "cryptography-41.0.0-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:14754bcdae909d66ff24b7b5f166d69340ccc6cb15731670435efd5719294895"},
+    {file = "cryptography-41.0.0-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:0ddaee209d1cf1f180f1efa338a68c4621154de0afaef92b89486f5f96047c55"},
+    {file = "cryptography-41.0.0.tar.gz", hash = "sha256:6b71f64beeea341c9b4f963b48ee3b62d62d57ba93eb120e1196b31dc1025e78"},
 ]
 
 [package.dependencies]
@@ -787,19 +767,19 @@ testing = ["pre-commit"]
 
 [[package]]
 name = "flake8"
-version = "6.1.0"
+version = "6.0.0"
 description = "the modular source code checker: pep8 pyflakes and co"
 optional = false
 python-versions = ">=3.8.1"
 files = [
-    {file = "flake8-6.1.0-py2.py3-none-any.whl", hash = "sha256:ffdfce58ea94c6580c77888a86506937f9a1a227dfcd15f245d694ae20a6b6e5"},
-    {file = "flake8-6.1.0.tar.gz", hash = "sha256:d5b3857f07c030bdb5bf41c7f53799571d75c4491748a3adcd47de929e34cd23"},
+    {file = "flake8-6.0.0-py2.py3-none-any.whl", hash = "sha256:3833794e27ff64ea4e9cf5d410082a8b97ff1a06c16aa3d2027339cd0f1195c7"},
+    {file = "flake8-6.0.0.tar.gz", hash = "sha256:c61007e76655af75e6785a931f452915b371dc48f56efd765247c8fe68f2b181"},
 ]
 
 [package.dependencies]
 mccabe = ">=0.7.0,<0.8.0"
-pycodestyle = ">=2.11.0,<2.12.0"
-pyflakes = ">=3.1.0,<3.2.0"
+pycodestyle = ">=2.10.0,<2.11.0"
+pyflakes = ">=3.0.0,<3.1.0"
 
 [[package]]
 name = "freezegun"
@@ -884,13 +864,13 @@ grpcio-gcp = ["grpcio-gcp (>=0.2.2,<1.0dev)"]
 
 [[package]]
 name = "google-api-python-client"
-version = "2.95.0"
+version = "2.91.0"
 description = "Google API Client Library for Python"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "google-api-python-client-2.95.0.tar.gz", hash = "sha256:d2731ede12f79e53fbe11fdb913dfe986440b44c0a28431c78a8ec275f4c1541"},
-    {file = "google_api_python_client-2.95.0-py2.py3-none-any.whl", hash = "sha256:a8aab2da678f42a01f2f52108f787fef4310f23f9dd917c4e64664c3f0c885ba"},
+    {file = "google-api-python-client-2.91.0.tar.gz", hash = "sha256:d9385ad6e7f95eecd40f7c81e3abfe4b6ad3a84f2c16bcdb66fb7b8dd814ed56"},
+    {file = "google_api_python_client-2.91.0-py2.py3-none-any.whl", hash = "sha256:6959d21d4b20c0f65c69662ca7b6a8a02fc08f3e7f72d70b28ae3e6e3a5f9ab2"},
 ]
 
 [package.dependencies]
@@ -1086,20 +1066,18 @@ files = [
 
 [[package]]
 name = "jsonschema"
-version = "4.18.0"
+version = "4.17.3"
 description = "An implementation of JSON Schema validation for Python"
 optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.7"
 files = [
-    {file = "jsonschema-4.18.0-py3-none-any.whl", hash = "sha256:b508dd6142bd03f4c3670534c80af68cd7bbff9ea830b9cf2625d4a3c49ddf60"},
-    {file = "jsonschema-4.18.0.tar.gz", hash = "sha256:8caf5b57a990a98e9b39832ef3cb35c176fe331414252b6e1b26fd5866f891a4"},
+    {file = "jsonschema-4.17.3-py3-none-any.whl", hash = "sha256:a870ad254da1a8ca84b6a2905cac29d265f805acc57af304784962a2aa6508f6"},
+    {file = "jsonschema-4.17.3.tar.gz", hash = "sha256:0f864437ab8b6076ba6707453ef8f98a6a0d512a80e93f8abdb676f737ecb60d"},
 ]
 
 [package.dependencies]
-attrs = ">=22.2.0"
-jsonschema-specifications = ">=2023.03.6"
-referencing = ">=0.28.4"
-rpds-py = ">=0.7.1"
+attrs = ">=17.4.0"
+pyrsistent = ">=0.14.0,<0.17.0 || >0.17.0,<0.17.1 || >0.17.1,<0.17.2 || >0.17.2"
 
 [package.extras]
 format = ["fqdn", "idna", "isoduration", "jsonpointer (>1.13)", "rfc3339-validator", "rfc3987", "uri-template", "webcolors (>=1.11)"]
@@ -1107,34 +1085,20 @@ format-nongpl = ["fqdn", "idna", "isoduration", "jsonpointer (>1.13)", "rfc3339-
 
 [[package]]
 name = "jsonschema-spec"
-version = "0.2.3"
+version = "0.1.4"
 description = "JSONSchema Spec with object-oriented paths"
 optional = false
-python-versions = ">=3.8.0,<4.0.0"
+python-versions = ">=3.7.0,<4.0.0"
 files = [
-    {file = "jsonschema_spec-0.2.3-py3-none-any.whl", hash = "sha256:ee005ddeca73229560ac2b8f1849590929c4b2cd17a932b229b03566e517f2a6"},
-    {file = "jsonschema_spec-0.2.3.tar.gz", hash = "sha256:e01b8b100f0676177b0b39027a5cab7e7a16ce4316a3d0d15e576293d954fafc"},
+    {file = "jsonschema_spec-0.1.4-py3-none-any.whl", hash = "sha256:34471d8b60e1f06d174236c4d3cf9590fbf3cff1cc733b28d15cd83672bcd062"},
+    {file = "jsonschema_spec-0.1.4.tar.gz", hash = "sha256:824c743197bbe2104fcc6dce114a4082bf7f7efdebf16683510cb0ec6d8d53d0"},
 ]
 
 [package.dependencies]
+jsonschema = ">=4.0.0,<4.18.0"
 pathable = ">=0.4.1,<0.5.0"
 PyYAML = ">=5.1"
-referencing = ">=0.28.0,<0.30.0"
-requests = ">=2.31.0,<3.0.0"
-
-[[package]]
-name = "jsonschema-specifications"
-version = "2023.6.1"
-description = "The JSON Schema meta-schemas and vocabularies, exposed as a Registry"
-optional = false
-python-versions = ">=3.8"
-files = [
-    {file = "jsonschema_specifications-2023.6.1-py3-none-any.whl", hash = "sha256:3d2b82663aff01815f744bb5c7887e2121a63399b49b104a3c96145474d091d7"},
-    {file = "jsonschema_specifications-2023.6.1.tar.gz", hash = "sha256:ca1c4dd059a9e7b34101cf5b3ab7ff1d18b139f35950d598d629837ef66e8f28"},
-]
-
-[package.dependencies]
-referencing = ">=0.28.0"
+typing-extensions = ">=4.3.0,<5.0.0"
 
 [[package]]
 name = "lazy-object-proxy"
@@ -1316,13 +1280,13 @@ files = [
 
 [[package]]
 name = "mkdocs"
-version = "1.5.2"
+version = "1.4.3"
 description = "Project documentation with Markdown."
 optional = true
 python-versions = ">=3.7"
 files = [
-    {file = "mkdocs-1.5.2-py3-none-any.whl", hash = "sha256:60a62538519c2e96fe8426654a67ee177350451616118a41596ae7c876bb7eac"},
-    {file = "mkdocs-1.5.2.tar.gz", hash = "sha256:70d0da09c26cff288852471be03c23f0f521fc15cf16ac89c7a3bfb9ae8d24f9"},
+    {file = "mkdocs-1.4.3-py3-none-any.whl", hash = "sha256:6ee46d309bda331aac915cd24aab882c179a933bd9e77b80ce7d2eaaa3f689dd"},
+    {file = "mkdocs-1.4.3.tar.gz", hash = "sha256:5955093bbd4dd2e9403c5afaf57324ad8b04f16886512a3ee6ef828956481c57"},
 ]
 
 [package.dependencies]
@@ -1331,29 +1295,26 @@ colorama = {version = ">=0.4", markers = "platform_system == \"Windows\""}
 ghp-import = ">=1.0"
 importlib-metadata = {version = ">=4.3", markers = "python_version < \"3.10\""}
 jinja2 = ">=2.11.1"
-markdown = ">=3.2.1"
-markupsafe = ">=2.0.1"
+markdown = ">=3.2.1,<3.4"
 mergedeep = ">=1.3.4"
 packaging = ">=20.5"
-pathspec = ">=0.11.1"
-platformdirs = ">=2.2.0"
 pyyaml = ">=5.1"
 pyyaml-env-tag = ">=0.1"
 watchdog = ">=2.0"
 
 [package.extras]
 i18n = ["babel (>=2.9.0)"]
-min-versions = ["babel (==2.9.0)", "click (==7.0)", "colorama (==0.4)", "ghp-import (==1.0)", "importlib-metadata (==4.3)", "jinja2 (==2.11.1)", "markdown (==3.2.1)", "markupsafe (==2.0.1)", "mergedeep (==1.3.4)", "packaging (==20.5)", "pathspec (==0.11.1)", "platformdirs (==2.2.0)", "pyyaml (==5.1)", "pyyaml-env-tag (==0.1)", "typing-extensions (==3.10)", "watchdog (==2.0)"]
+min-versions = ["babel (==2.9.0)", "click (==7.0)", "colorama (==0.4)", "ghp-import (==1.0)", "importlib-metadata (==4.3)", "jinja2 (==2.11.1)", "markdown (==3.2.1)", "markupsafe (==2.0.1)", "mergedeep (==1.3.4)", "packaging (==20.5)", "pyyaml (==5.1)", "pyyaml-env-tag (==0.1)", "typing-extensions (==3.10)", "watchdog (==2.0)"]
 
 [[package]]
 name = "mkdocs-material"
-version = "9.1.20"
+version = "9.1.18"
 description = "Documentation that simply works"
 optional = true
 python-versions = ">=3.7"
 files = [
-    {file = "mkdocs_material-9.1.20-py3-none-any.whl", hash = "sha256:152db66f667825d5aa3398386fe4d227640ec393c31e7cf109b114a569fc40fc"},
-    {file = "mkdocs_material-9.1.20.tar.gz", hash = "sha256:91621b6a6002138c72d50a0beef20ed12cf367d2af27d1f53382562b3a9625c7"},
+    {file = "mkdocs_material-9.1.18-py3-none-any.whl", hash = "sha256:5bcf8fb79ac2f253c0ffe93fa181cba87718c6438f459dc4180ac7418cc9a450"},
+    {file = "mkdocs_material-9.1.18.tar.gz", hash = "sha256:981dd39979723d4cda7cfc77bbbe5e54922d5761a7af23fb8ba9edb52f114b13"},
 ]
 
 [package.dependencies]
@@ -1396,13 +1357,13 @@ test = ["pytest", "pytest-cov"]
 
 [[package]]
 name = "moto"
-version = "4.1.14"
+version = "4.1.12"
 description = ""
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "moto-4.1.14-py2.py3-none-any.whl", hash = "sha256:7d3bd748a34641715ba469c761f72fb8ec18f349987c98f5a0f9be85a07a9911"},
-    {file = "moto-4.1.14.tar.gz", hash = "sha256:545afeb4df94dfa730e2d7e87366dc26b4a33c2891f462cbb049f040c80ed1ec"},
+    {file = "moto-4.1.12-py2.py3-none-any.whl", hash = "sha256:6f40141ff2f3a309c19faa169433afdf48d28733d328b08a843021ae36f005d9"},
+    {file = "moto-4.1.12.tar.gz", hash = "sha256:25577e4cf55f05235f4efe78bcfeb5a7704fb75c16b426a5de2fc1e6b7b8545b"},
 ]
 
 [package.dependencies]
@@ -1417,17 +1378,17 @@ werkzeug = ">=0.5,<2.2.0 || >2.2.0,<2.2.1 || >2.2.1"
 xmltodict = "*"
 
 [package.extras]
-all = ["PyYAML (>=5.1)", "aws-xray-sdk (>=0.93,!=0.96)", "cfn-lint (>=0.40.0)", "docker (>=3.0.0)", "ecdsa (!=0.15)", "graphql-core", "jsondiff (>=1.1.2)", "openapi-spec-validator (>=0.2.8)", "py-partiql-parser (==0.3.6)", "pyparsing (>=3.0.7)", "python-jose[cryptography] (>=3.1.0,<4.0.0)", "setuptools", "sshpubkeys (>=3.1.0)"]
+all = ["PyYAML (>=5.1)", "aws-xray-sdk (>=0.93,!=0.96)", "cfn-lint (>=0.40.0)", "docker (>=3.0.0)", "ecdsa (!=0.15)", "graphql-core", "jsondiff (>=1.1.2)", "openapi-spec-validator (>=0.2.8)", "py-partiql-parser (==0.3.3)", "pyparsing (>=3.0.7)", "python-jose[cryptography] (>=3.1.0,<4.0.0)", "setuptools", "sshpubkeys (>=3.1.0)"]
 apigateway = ["PyYAML (>=5.1)", "ecdsa (!=0.15)", "openapi-spec-validator (>=0.2.8)", "python-jose[cryptography] (>=3.1.0,<4.0.0)"]
 apigatewayv2 = ["PyYAML (>=5.1)"]
 appsync = ["graphql-core"]
 awslambda = ["docker (>=3.0.0)"]
 batch = ["docker (>=3.0.0)"]
-cloudformation = ["PyYAML (>=5.1)", "aws-xray-sdk (>=0.93,!=0.96)", "cfn-lint (>=0.40.0)", "docker (>=3.0.0)", "ecdsa (!=0.15)", "graphql-core", "jsondiff (>=1.1.2)", "openapi-spec-validator (>=0.2.8)", "py-partiql-parser (==0.3.6)", "pyparsing (>=3.0.7)", "python-jose[cryptography] (>=3.1.0,<4.0.0)", "setuptools", "sshpubkeys (>=3.1.0)"]
+cloudformation = ["PyYAML (>=5.1)", "aws-xray-sdk (>=0.93,!=0.96)", "cfn-lint (>=0.40.0)", "docker (>=3.0.0)", "ecdsa (!=0.15)", "graphql-core", "jsondiff (>=1.1.2)", "openapi-spec-validator (>=0.2.8)", "py-partiql-parser (==0.3.3)", "pyparsing (>=3.0.7)", "python-jose[cryptography] (>=3.1.0,<4.0.0)", "setuptools", "sshpubkeys (>=3.1.0)"]
 cognitoidp = ["ecdsa (!=0.15)", "python-jose[cryptography] (>=3.1.0,<4.0.0)"]
 ds = ["sshpubkeys (>=3.1.0)"]
-dynamodb = ["docker (>=3.0.0)", "py-partiql-parser (==0.3.6)"]
-dynamodbstreams = ["docker (>=3.0.0)", "py-partiql-parser (==0.3.6)"]
+dynamodb = ["docker (>=3.0.0)", "py-partiql-parser (==0.3.3)"]
+dynamodbstreams = ["docker (>=3.0.0)", "py-partiql-parser (==0.3.3)"]
 ebs = ["sshpubkeys (>=3.1.0)"]
 ec2 = ["sshpubkeys (>=3.1.0)"]
 efs = ["sshpubkeys (>=3.1.0)"]
@@ -1435,9 +1396,8 @@ eks = ["sshpubkeys (>=3.1.0)"]
 glue = ["pyparsing (>=3.0.7)"]
 iotdata = ["jsondiff (>=1.1.2)"]
 route53resolver = ["sshpubkeys (>=3.1.0)"]
-s3 = ["PyYAML (>=5.1)", "py-partiql-parser (==0.3.6)"]
-s3crc32c = ["PyYAML (>=5.1)", "crc32c", "py-partiql-parser (==0.3.6)"]
-server = ["PyYAML (>=5.1)", "aws-xray-sdk (>=0.93,!=0.96)", "cfn-lint (>=0.40.0)", "docker (>=3.0.0)", "ecdsa (!=0.15)", "flask (!=2.2.0,!=2.2.1)", "flask-cors", "graphql-core", "jsondiff (>=1.1.2)", "openapi-spec-validator (>=0.2.8)", "py-partiql-parser (==0.3.6)", "pyparsing (>=3.0.7)", "python-jose[cryptography] (>=3.1.0,<4.0.0)", "setuptools", "sshpubkeys (>=3.1.0)"]
+s3 = ["PyYAML (>=5.1)", "py-partiql-parser (==0.3.3)"]
+server = ["PyYAML (>=5.1)", "aws-xray-sdk (>=0.93,!=0.96)", "cfn-lint (>=0.40.0)", "docker (>=3.0.0)", "ecdsa (!=0.15)", "flask (!=2.2.0,!=2.2.1)", "flask-cors", "graphql-core", "jsondiff (>=1.1.2)", "openapi-spec-validator (>=0.2.8)", "py-partiql-parser (==0.3.3)", "pyparsing (>=3.0.7)", "python-jose[cryptography] (>=3.1.0,<4.0.0)", "setuptools", "sshpubkeys (>=3.1.0)"]
 ssm = ["PyYAML (>=5.1)"]
 xray = ["aws-xray-sdk (>=0.93,!=0.96)", "setuptools"]
 
@@ -1539,36 +1499,38 @@ signedtoken = ["cryptography (>=3.0.0)", "pyjwt (>=2.0.0,<3)"]
 
 [[package]]
 name = "openapi-schema-validator"
-version = "0.6.0"
+version = "0.4.4"
 description = "OpenAPI schema validation for Python"
 optional = false
-python-versions = ">=3.8.0,<4.0.0"
+python-versions = ">=3.7.0,<4.0.0"
 files = [
-    {file = "openapi_schema_validator-0.6.0-py3-none-any.whl", hash = "sha256:9e95b95b621efec5936245025df0d6a7ffacd1551e91d09196b3053040c931d7"},
-    {file = "openapi_schema_validator-0.6.0.tar.gz", hash = "sha256:921b7c1144b856ca3813e41ecff98a4050f7611824dfc5c6ead7072636af0520"},
+    {file = "openapi_schema_validator-0.4.4-py3-none-any.whl", hash = "sha256:79f37f38ef9fd5206b924ed7a6f382cea7b649b3b56383c47f1906082b7b9015"},
+    {file = "openapi_schema_validator-0.4.4.tar.gz", hash = "sha256:c573e2be2c783abae56c5a1486ab716ca96e09d1c3eab56020d1dc680aa57bf8"},
 ]
 
 [package.dependencies]
-jsonschema = ">=4.18.0,<5.0.0"
-jsonschema-specifications = ">=2023.5.2,<2024.0.0"
+jsonschema = ">=4.0.0,<4.18.0"
 rfc3339-validator = "*"
 
+[package.extras]
+docs = ["sphinx (>=5.3.0,<6.0.0)", "sphinx-immaterial (>=0.11.0,<0.12.0)"]
+
 [[package]]
 name = "openapi-spec-validator"
-version = "0.6.0"
+version = "0.5.7"
 description = "OpenAPI 2.0 (aka Swagger) and OpenAPI 3 spec validator"
 optional = false
-python-versions = ">=3.8.0,<4.0.0"
+python-versions = ">=3.7.0,<4.0.0"
 files = [
-    {file = "openapi_spec_validator-0.6.0-py3-none-any.whl", hash = "sha256:675f1a3c0d0d8eff9116694acde88bcd4613a95bf5240270724d9d78c78f26d6"},
-    {file = "openapi_spec_validator-0.6.0.tar.gz", hash = "sha256:68c4c212c88ef14c6b1a591b895bf742c455783c7ebba2507abd7dbc1365a616"},
+    {file = "openapi_spec_validator-0.5.7-py3-none-any.whl", hash = "sha256:8712d2879db7692974ef89c47a3ebfc79436442921ec3a826ac0ce80cde8c549"},
+    {file = "openapi_spec_validator-0.5.7.tar.gz", hash = "sha256:6c2d42180045a80fd6314de848b94310bdb0fa4949f4b099578b69f79d9fa5ac"},
 ]
 
 [package.dependencies]
-jsonschema = ">=4.18.0,<5.0.0"
-jsonschema-spec = ">=0.2.3,<0.3.0"
+jsonschema = ">=4.0.0,<4.18.0"
+jsonschema-spec = ">=0.1.1,<0.2.0"
 lazy-object-proxy = ">=1.7.1,<2.0.0"
-openapi-schema-validator = ">=0.6.0,<0.7.0"
+openapi-schema-validator = ">=0.4.2,<0.5.0"
 
 [[package]]
 name = "packaging"
@@ -1715,13 +1677,13 @@ pyasn1 = ">=0.4.6,<0.6.0"
 
 [[package]]
 name = "pycodestyle"
-version = "2.11.0"
+version = "2.10.0"
 description = "Python style guide checker"
 optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.6"
 files = [
-    {file = "pycodestyle-2.11.0-py2.py3-none-any.whl", hash = "sha256:5d1013ba8dc7895b548be5afb05740ca82454fd899971563d2ef625d090326f8"},
-    {file = "pycodestyle-2.11.0.tar.gz", hash = "sha256:259bcc17857d8a8b3b4a2327324b79e5f020a13c16074670f9c8c8f872ea76d0"},
+    {file = "pycodestyle-2.10.0-py2.py3-none-any.whl", hash = "sha256:8a4eaf0d0495c7395bdab3589ac2db602797d76207242c17d470186815706610"},
+    {file = "pycodestyle-2.10.0.tar.gz", hash = "sha256:347187bdb476329d98f695c213d7295a846d1152ff4fe9bacb8a9590b8ee7053"},
 ]
 
 [[package]]
@@ -1737,47 +1699,47 @@ files = [
 
 [[package]]
 name = "pydantic"
-version = "1.10.12"
+version = "1.10.9"
 description = "Data validation and settings management using python type hints"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "pydantic-1.10.12-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:a1fcb59f2f355ec350073af41d927bf83a63b50e640f4dbaa01053a28b7a7718"},
-    {file = "pydantic-1.10.12-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:b7ccf02d7eb340b216ec33e53a3a629856afe1c6e0ef91d84a4e6f2fb2ca70fe"},
-    {file = "pydantic-1.10.12-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8fb2aa3ab3728d950bcc885a2e9eff6c8fc40bc0b7bb434e555c215491bcf48b"},
-    {file = "pydantic-1.10.12-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:771735dc43cf8383959dc9b90aa281f0b6092321ca98677c5fb6125a6f56d58d"},
-    {file = "pydantic-1.10.12-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:ca48477862372ac3770969b9d75f1bf66131d386dba79506c46d75e6b48c1e09"},
-    {file = "pydantic-1.10.12-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:a5e7add47a5b5a40c49b3036d464e3c7802f8ae0d1e66035ea16aa5b7a3923ed"},
-    {file = "pydantic-1.10.12-cp310-cp310-win_amd64.whl", hash = "sha256:e4129b528c6baa99a429f97ce733fff478ec955513630e61b49804b6cf9b224a"},
-    {file = "pydantic-1.10.12-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:b0d191db0f92dfcb1dec210ca244fdae5cbe918c6050b342d619c09d31eea0cc"},
-    {file = "pydantic-1.10.12-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:795e34e6cc065f8f498c89b894a3c6da294a936ee71e644e4bd44de048af1405"},
-    {file = "pydantic-1.10.12-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:69328e15cfda2c392da4e713443c7dbffa1505bc9d566e71e55abe14c97ddc62"},
-    {file = "pydantic-1.10.12-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:2031de0967c279df0d8a1c72b4ffc411ecd06bac607a212892757db7462fc494"},
-    {file = "pydantic-1.10.12-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:ba5b2e6fe6ca2b7e013398bc7d7b170e21cce322d266ffcd57cca313e54fb246"},
-    {file = "pydantic-1.10.12-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:2a7bac939fa326db1ab741c9d7f44c565a1d1e80908b3797f7f81a4f86bc8d33"},
-    {file = "pydantic-1.10.12-cp311-cp311-win_amd64.whl", hash = "sha256:87afda5539d5140cb8ba9e8b8c8865cb5b1463924d38490d73d3ccfd80896b3f"},
-    {file = "pydantic-1.10.12-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:549a8e3d81df0a85226963611950b12d2d334f214436a19537b2efed61b7639a"},
-    {file = "pydantic-1.10.12-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:598da88dfa127b666852bef6d0d796573a8cf5009ffd62104094a4fe39599565"},
-    {file = "pydantic-1.10.12-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ba5c4a8552bff16c61882db58544116d021d0b31ee7c66958d14cf386a5b5350"},
-    {file = "pydantic-1.10.12-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:c79e6a11a07da7374f46970410b41d5e266f7f38f6a17a9c4823db80dadf4303"},
-    {file = "pydantic-1.10.12-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:ab26038b8375581dc832a63c948f261ae0aa21f1d34c1293469f135fa92972a5"},
-    {file = "pydantic-1.10.12-cp37-cp37m-win_amd64.whl", hash = "sha256:e0a16d274b588767602b7646fa05af2782576a6cf1022f4ba74cbb4db66f6ca8"},
-    {file = "pydantic-1.10.12-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:6a9dfa722316f4acf4460afdf5d41d5246a80e249c7ff475c43a3a1e9d75cf62"},
-    {file = "pydantic-1.10.12-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:a73f489aebd0c2121ed974054cb2759af8a9f747de120acd2c3394cf84176ccb"},
-    {file = "pydantic-1.10.12-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6b30bcb8cbfccfcf02acb8f1a261143fab622831d9c0989707e0e659f77a18e0"},
-    {file = "pydantic-1.10.12-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:2fcfb5296d7877af406ba1547dfde9943b1256d8928732267e2653c26938cd9c"},
-    {file = "pydantic-1.10.12-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:2f9a6fab5f82ada41d56b0602606a5506aab165ca54e52bc4545028382ef1c5d"},
-    {file = "pydantic-1.10.12-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:dea7adcc33d5d105896401a1f37d56b47d443a2b2605ff8a969a0ed5543f7e33"},
-    {file = "pydantic-1.10.12-cp38-cp38-win_amd64.whl", hash = "sha256:1eb2085c13bce1612da8537b2d90f549c8cbb05c67e8f22854e201bde5d98a47"},
-    {file = "pydantic-1.10.12-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:ef6c96b2baa2100ec91a4b428f80d8f28a3c9e53568219b6c298c1125572ebc6"},
-    {file = "pydantic-1.10.12-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:6c076be61cd0177a8433c0adcb03475baf4ee91edf5a4e550161ad57fc90f523"},
-    {file = "pydantic-1.10.12-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2d5a58feb9a39f481eda4d5ca220aa8b9d4f21a41274760b9bc66bfd72595b86"},
-    {file = "pydantic-1.10.12-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e5f805d2d5d0a41633651a73fa4ecdd0b3d7a49de4ec3fadf062fe16501ddbf1"},
-    {file = "pydantic-1.10.12-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:1289c180abd4bd4555bb927c42ee42abc3aee02b0fb2d1223fb7c6e5bef87dbe"},
-    {file = "pydantic-1.10.12-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:5d1197e462e0364906cbc19681605cb7c036f2475c899b6f296104ad42b9f5fb"},
-    {file = "pydantic-1.10.12-cp39-cp39-win_amd64.whl", hash = "sha256:fdbdd1d630195689f325c9ef1a12900524dceb503b00a987663ff4f58669b93d"},
-    {file = "pydantic-1.10.12-py3-none-any.whl", hash = "sha256:b749a43aa51e32839c9d71dc67eb1e4221bb04af1033a32e3923d46f9effa942"},
-    {file = "pydantic-1.10.12.tar.gz", hash = "sha256:0fe8a415cea8f340e7a9af9c54fc71a649b43e8ca3cc732986116b3cb135d303"},
+    {file = "pydantic-1.10.9-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:e692dec4a40bfb40ca530e07805b1208c1de071a18d26af4a2a0d79015b352ca"},
+    {file = "pydantic-1.10.9-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:3c52eb595db83e189419bf337b59154bdcca642ee4b2a09e5d7797e41ace783f"},
+    {file = "pydantic-1.10.9-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:939328fd539b8d0edf244327398a667b6b140afd3bf7e347cf9813c736211896"},
+    {file = "pydantic-1.10.9-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b48d3d634bca23b172f47f2335c617d3fcb4b3ba18481c96b7943a4c634f5c8d"},
+    {file = "pydantic-1.10.9-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:f0b7628fb8efe60fe66fd4adadd7ad2304014770cdc1f4934db41fe46cc8825f"},
+    {file = "pydantic-1.10.9-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:e1aa5c2410769ca28aa9a7841b80d9d9a1c5f223928ca8bec7e7c9a34d26b1d4"},
+    {file = "pydantic-1.10.9-cp310-cp310-win_amd64.whl", hash = "sha256:eec39224b2b2e861259d6f3c8b6290d4e0fbdce147adb797484a42278a1a486f"},
+    {file = "pydantic-1.10.9-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:d111a21bbbfd85c17248130deac02bbd9b5e20b303338e0dbe0faa78330e37e0"},
+    {file = "pydantic-1.10.9-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:2e9aec8627a1a6823fc62fb96480abe3eb10168fd0d859ee3d3b395105ae19a7"},
+    {file = "pydantic-1.10.9-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:07293ab08e7b4d3c9d7de4949a0ea571f11e4557d19ea24dd3ae0c524c0c334d"},
+    {file = "pydantic-1.10.9-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7ee829b86ce984261d99ff2fd6e88f2230068d96c2a582f29583ed602ef3fc2c"},
+    {file = "pydantic-1.10.9-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:4b466a23009ff5cdd7076eb56aca537c745ca491293cc38e72bf1e0e00de5b91"},
+    {file = "pydantic-1.10.9-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:7847ca62e581e6088d9000f3c497267868ca2fa89432714e21a4fb33a04d52e8"},
+    {file = "pydantic-1.10.9-cp311-cp311-win_amd64.whl", hash = "sha256:7845b31959468bc5b78d7b95ec52fe5be32b55d0d09983a877cca6aedc51068f"},
+    {file = "pydantic-1.10.9-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:517a681919bf880ce1dac7e5bc0c3af1e58ba118fd774da2ffcd93c5f96eaece"},
+    {file = "pydantic-1.10.9-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:67195274fd27780f15c4c372f4ba9a5c02dad6d50647b917b6a92bf00b3d301a"},
+    {file = "pydantic-1.10.9-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:2196c06484da2b3fded1ab6dbe182bdabeb09f6318b7fdc412609ee2b564c49a"},
+    {file = "pydantic-1.10.9-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:6257bb45ad78abacda13f15bde5886efd6bf549dd71085e64b8dcf9919c38b60"},
+    {file = "pydantic-1.10.9-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:3283b574b01e8dbc982080d8287c968489d25329a463b29a90d4157de4f2baaf"},
+    {file = "pydantic-1.10.9-cp37-cp37m-win_amd64.whl", hash = "sha256:5f8bbaf4013b9a50e8100333cc4e3fa2f81214033e05ac5aa44fa24a98670a29"},
+    {file = "pydantic-1.10.9-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:b9cd67fb763248cbe38f0593cd8611bfe4b8ad82acb3bdf2b0898c23415a1f82"},
+    {file = "pydantic-1.10.9-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:f50e1764ce9353be67267e7fd0da08349397c7db17a562ad036aa7c8f4adfdb6"},
+    {file = "pydantic-1.10.9-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:73ef93e5e1d3c8e83f1ff2e7fdd026d9e063c7e089394869a6e2985696693766"},
+    {file = "pydantic-1.10.9-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:128d9453d92e6e81e881dd7e2484e08d8b164da5507f62d06ceecf84bf2e21d3"},
+    {file = "pydantic-1.10.9-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:ad428e92ab68798d9326bb3e5515bc927444a3d71a93b4a2ca02a8a5d795c572"},
+    {file = "pydantic-1.10.9-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:fab81a92f42d6d525dd47ced310b0c3e10c416bbfae5d59523e63ea22f82b31e"},
+    {file = "pydantic-1.10.9-cp38-cp38-win_amd64.whl", hash = "sha256:963671eda0b6ba6926d8fc759e3e10335e1dc1b71ff2a43ed2efd6996634dafb"},
+    {file = "pydantic-1.10.9-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:970b1bdc6243ef663ba5c7e36ac9ab1f2bfecb8ad297c9824b542d41a750b298"},
+    {file = "pydantic-1.10.9-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:7e1d5290044f620f80cf1c969c542a5468f3656de47b41aa78100c5baa2b8276"},
+    {file = "pydantic-1.10.9-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:83fcff3c7df7adff880622a98022626f4f6dbce6639a88a15a3ce0f96466cb60"},
+    {file = "pydantic-1.10.9-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0da48717dc9495d3a8f215e0d012599db6b8092db02acac5e0d58a65248ec5bc"},
+    {file = "pydantic-1.10.9-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:0a2aabdc73c2a5960e87c3ffebca6ccde88665616d1fd6d3db3178ef427b267a"},
+    {file = "pydantic-1.10.9-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:9863b9420d99dfa9c064042304868e8ba08e89081428a1c471858aa2af6f57c4"},
+    {file = "pydantic-1.10.9-cp39-cp39-win_amd64.whl", hash = "sha256:e7c9900b43ac14110efa977be3da28931ffc74c27e96ee89fbcaaf0b0fe338e1"},
+    {file = "pydantic-1.10.9-py3-none-any.whl", hash = "sha256:6cafde02f6699ce4ff643417d1a9223716ec25e228ddc3b436fe7e2d25a1f305"},
+    {file = "pydantic-1.10.9.tar.gz", hash = "sha256:95c70da2cd3b6ddf3b9645ecaa8d98f3d80c606624b6d245558d202cd23ea3be"},
 ]
 
 [package.dependencies]
@@ -1789,13 +1751,13 @@ email = ["email-validator (>=1.0.3)"]
 
 [[package]]
 name = "pyflakes"
-version = "3.1.0"
+version = "3.0.1"
 description = "passive checker of Python programs"
 optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.6"
 files = [
-    {file = "pyflakes-3.1.0-py2.py3-none-any.whl", hash = "sha256:4132f6d49cb4dae6819e5379898f2b8cce3c5f23994194c24b77d5da2e36f774"},
-    {file = "pyflakes-3.1.0.tar.gz", hash = "sha256:a0aae034c444db0071aa077972ba4768d40c830d9539fd45bf4cd3f8f6992efc"},
+    {file = "pyflakes-3.0.1-py2.py3-none-any.whl", hash = "sha256:ec55bf7fe21fff7f1ad2f7da62363d749e2a470500eab1b555334b67aa1ef8cf"},
+    {file = "pyflakes-3.0.1.tar.gz", hash = "sha256:ec8b276a6b60bd80defed25add7e439881c19e64850afd9b346283d4165fd0fd"},
 ]
 
 [[package]]
@@ -1834,17 +1796,17 @@ tests = ["coverage[toml] (==5.0.4)", "pytest (>=6.0.0,<7.0.0)"]
 
 [[package]]
 name = "pylint"
-version = "2.17.5"
+version = "2.17.4"
 description = "python code static checker"
 optional = false
 python-versions = ">=3.7.2"
 files = [
-    {file = "pylint-2.17.5-py3-none-any.whl", hash = "sha256:73995fb8216d3bed149c8d51bba25b2c52a8251a2c8ac846ec668ce38fab5413"},
-    {file = "pylint-2.17.5.tar.gz", hash = "sha256:f7b601cbc06fef7e62a754e2b41294c2aa31f1cb659624b9a85bcba29eaf8252"},
+    {file = "pylint-2.17.4-py3-none-any.whl", hash = "sha256:7a1145fb08c251bdb5cca11739722ce64a63db479283d10ce718b2460e54123c"},
+    {file = "pylint-2.17.4.tar.gz", hash = "sha256:5dcf1d9e19f41f38e4e85d10f511e5b9c35e1aa74251bf95cdd8cb23584e2db1"},
 ]
 
 [package.dependencies]
-astroid = ">=2.15.6,<=2.17.0-dev0"
+astroid = ">=2.15.4,<=2.17.0-dev0"
 colorama = {version = ">=0.4.5", markers = "sys_platform == \"win32\""}
 dill = [
     {version = ">=0.2", markers = "python_version < \"3.11\""},
@@ -1890,6 +1852,42 @@ files = [
 [package.extras]
 diagrams = ["jinja2", "railroad-diagrams"]
 
+[[package]]
+name = "pyrsistent"
+version = "0.19.3"
+description = "Persistent/Functional/Immutable data structures"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "pyrsistent-0.19.3-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:20460ac0ea439a3e79caa1dbd560344b64ed75e85d8703943e0b66c2a6150e4a"},
+    {file = "pyrsistent-0.19.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4c18264cb84b5e68e7085a43723f9e4c1fd1d935ab240ce02c0324a8e01ccb64"},
+    {file = "pyrsistent-0.19.3-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4b774f9288dda8d425adb6544e5903f1fb6c273ab3128a355c6b972b7df39dcf"},
+    {file = "pyrsistent-0.19.3-cp310-cp310-win32.whl", hash = "sha256:5a474fb80f5e0d6c9394d8db0fc19e90fa540b82ee52dba7d246a7791712f74a"},
+    {file = "pyrsistent-0.19.3-cp310-cp310-win_amd64.whl", hash = "sha256:49c32f216c17148695ca0e02a5c521e28a4ee6c5089f97e34fe24163113722da"},
+    {file = "pyrsistent-0.19.3-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:f0774bf48631f3a20471dd7c5989657b639fd2d285b861237ea9e82c36a415a9"},
+    {file = "pyrsistent-0.19.3-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3ab2204234c0ecd8b9368dbd6a53e83c3d4f3cab10ecaf6d0e772f456c442393"},
+    {file = "pyrsistent-0.19.3-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e42296a09e83028b3476f7073fcb69ffebac0e66dbbfd1bd847d61f74db30f19"},
+    {file = "pyrsistent-0.19.3-cp311-cp311-win32.whl", hash = "sha256:64220c429e42a7150f4bfd280f6f4bb2850f95956bde93c6fda1b70507af6ef3"},
+    {file = "pyrsistent-0.19.3-cp311-cp311-win_amd64.whl", hash = "sha256:016ad1afadf318eb7911baa24b049909f7f3bb2c5b1ed7b6a8f21db21ea3faa8"},
+    {file = "pyrsistent-0.19.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c4db1bd596fefd66b296a3d5d943c94f4fac5bcd13e99bffe2ba6a759d959a28"},
+    {file = "pyrsistent-0.19.3-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:aeda827381f5e5d65cced3024126529ddc4289d944f75e090572c77ceb19adbf"},
+    {file = "pyrsistent-0.19.3-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:42ac0b2f44607eb92ae88609eda931a4f0dfa03038c44c772e07f43e738bcac9"},
+    {file = "pyrsistent-0.19.3-cp37-cp37m-win32.whl", hash = "sha256:e8f2b814a3dc6225964fa03d8582c6e0b6650d68a232df41e3cc1b66a5d2f8d1"},
+    {file = "pyrsistent-0.19.3-cp37-cp37m-win_amd64.whl", hash = "sha256:c9bb60a40a0ab9aba40a59f68214eed5a29c6274c83b2cc206a359c4a89fa41b"},
+    {file = "pyrsistent-0.19.3-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:a2471f3f8693101975b1ff85ffd19bb7ca7dd7c38f8a81701f67d6b4f97b87d8"},
+    {file = "pyrsistent-0.19.3-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cc5d149f31706762c1f8bda2e8c4f8fead6e80312e3692619a75301d3dbb819a"},
+    {file = "pyrsistent-0.19.3-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3311cb4237a341aa52ab8448c27e3a9931e2ee09561ad150ba94e4cfd3fc888c"},
+    {file = "pyrsistent-0.19.3-cp38-cp38-win32.whl", hash = "sha256:f0e7c4b2f77593871e918be000b96c8107da48444d57005b6a6bc61fb4331b2c"},
+    {file = "pyrsistent-0.19.3-cp38-cp38-win_amd64.whl", hash = "sha256:c147257a92374fde8498491f53ffa8f4822cd70c0d85037e09028e478cababb7"},
+    {file = "pyrsistent-0.19.3-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:b735e538f74ec31378f5a1e3886a26d2ca6351106b4dfde376a26fc32a044edc"},
+    {file = "pyrsistent-0.19.3-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:99abb85579e2165bd8522f0c0138864da97847875ecbd45f3e7e2af569bfc6f2"},
+    {file = "pyrsistent-0.19.3-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3a8cb235fa6d3fd7aae6a4f1429bbb1fec1577d978098da1252f0489937786f3"},
+    {file = "pyrsistent-0.19.3-cp39-cp39-win32.whl", hash = "sha256:c74bed51f9b41c48366a286395c67f4e894374306b197e62810e0fdaf2364da2"},
+    {file = "pyrsistent-0.19.3-cp39-cp39-win_amd64.whl", hash = "sha256:878433581fc23e906d947a6814336eee031a00e6defba224234169ae3d3d6a98"},
+    {file = "pyrsistent-0.19.3-py3-none-any.whl", hash = "sha256:ccf0d6bd208f8111179f0c26fdf84ed7c3891982f2edaeae7422575f47e66b64"},
+    {file = "pyrsistent-0.19.3.tar.gz", hash = "sha256:1a2994773706bbb4995c31a97bc94f1418314923bd1048c6d964837040376440"},
+]
+
 [[package]]
 name = "pytest"
 version = "7.4.0"
@@ -1914,13 +1912,13 @@ testing = ["argcomplete", "attrs (>=19.2.0)", "hypothesis (>=3.56)", "mock", "no
 
 [[package]]
 name = "pytest-randomly"
-version = "3.13.0"
+version = "3.12.0"
 description = "Pytest plugin to randomly order tests and control random.seed."
 optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.7"
 files = [
-    {file = "pytest_randomly-3.13.0-py3-none-any.whl", hash = "sha256:e78d898ef4066f89744e5075083aa7fb6f0de07ffd70ca9c4435cda590cf1eac"},
-    {file = "pytest_randomly-3.13.0.tar.gz", hash = "sha256:079c78b94693189879fbd7304de4e147304f0811fa96249ea5619f2f1cd33df0"},
+    {file = "pytest-randomly-3.12.0.tar.gz", hash = "sha256:d60c2db71ac319aee0fc6c4110a7597d611a8b94a5590918bfa8583f00caccb2"},
+    {file = "pytest_randomly-3.12.0-py3-none-any.whl", hash = "sha256:f4f2e803daf5d1ba036cc22bf4fe9dbbf99389ec56b00e5cba732fb5c1d07fdd"},
 ]
 
 [package.dependencies]
@@ -2047,21 +2045,6 @@ files = [
 [package.dependencies]
 pyyaml = "*"
 
-[[package]]
-name = "referencing"
-version = "0.29.1"
-description = "JSON Referencing + Python"
-optional = false
-python-versions = ">=3.8"
-files = [
-    {file = "referencing-0.29.1-py3-none-any.whl", hash = "sha256:d3c8f323ee1480095da44d55917cfb8278d73d6b4d5f677e3e40eb21314ac67f"},
-    {file = "referencing-0.29.1.tar.gz", hash = "sha256:90cb53782d550ba28d2166ef3f55731f38397def8832baac5d45235f1995e35e"},
-]
-
-[package.dependencies]
-attrs = ">=22.2.0"
-rpds-py = ">=0.7.0"
-
 [[package]]
 name = "regex"
 version = "2023.5.5"
@@ -2250,112 +2233,6 @@ pygments = ">=2.13.0,<3.0.0"
 [package.extras]
 jupyter = ["ipywidgets (>=7.5.1,<9)"]
 
-[[package]]
-name = "rpds-py"
-version = "0.8.10"
-description = "Python bindings to Rust's persistent data structures (rpds)"
-optional = false
-python-versions = ">=3.8"
-files = [
-    {file = "rpds_py-0.8.10-cp310-cp310-macosx_10_7_x86_64.whl", hash = "sha256:93d06cccae15b3836247319eee7b6f1fdcd6c10dabb4e6d350d27bd0bdca2711"},
-    {file = "rpds_py-0.8.10-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:3816a890a6a9e9f1de250afa12ca71c9a7a62f2b715a29af6aaee3aea112c181"},
-    {file = "rpds_py-0.8.10-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a7c6304b894546b5a6bdc0fe15761fa53fe87d28527a7142dae8de3c663853e1"},
-    {file = "rpds_py-0.8.10-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:ad3bfb44c8840fb4be719dc58e229f435e227fbfbe133dc33f34981ff622a8f8"},
-    {file = "rpds_py-0.8.10-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:14f1c356712f66653b777ecd8819804781b23dbbac4eade4366b94944c9e78ad"},
-    {file = "rpds_py-0.8.10-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:82bb361cae4d0a627006dadd69dc2f36b7ad5dc1367af9d02e296ec565248b5b"},
-    {file = "rpds_py-0.8.10-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b2e3c4f2a8e3da47f850d7ea0d7d56720f0f091d66add889056098c4b2fd576c"},
-    {file = "rpds_py-0.8.10-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:15a90d0ac11b4499171067ae40a220d1ca3cb685ec0acc356d8f3800e07e4cb8"},
-    {file = "rpds_py-0.8.10-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:70bb9c8004b97b4ef7ae56a2aa56dfaa74734a0987c78e7e85f00004ab9bf2d0"},
-    {file = "rpds_py-0.8.10-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:d64f9f88d5203274a002b54442cafc9c7a1abff2a238f3e767b70aadf919b451"},
-    {file = "rpds_py-0.8.10-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:ccbbd276642788c4376fbe8d4e6c50f0fb4972ce09ecb051509062915891cbf0"},
-    {file = "rpds_py-0.8.10-cp310-none-win32.whl", hash = "sha256:fafc0049add8043ad07ab5382ee80d80ed7e3699847f26c9a5cf4d3714d96a84"},
-    {file = "rpds_py-0.8.10-cp310-none-win_amd64.whl", hash = "sha256:915031002c86a5add7c6fd4beb601b2415e8a1c956590a5f91d825858e92fe6e"},
-    {file = "rpds_py-0.8.10-cp311-cp311-macosx_10_7_x86_64.whl", hash = "sha256:84eb541a44f7a18f07a6bfc48b95240739e93defe1fdfb4f2a295f37837945d7"},
-    {file = "rpds_py-0.8.10-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:f59996d0550894affaad8743e97b9b9c98f638b221fac12909210ec3d9294786"},
-    {file = "rpds_py-0.8.10-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f9adb5664b78fcfcd830000416c8cc69853ef43cb084d645b3f1f0296edd9bae"},
-    {file = "rpds_py-0.8.10-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:f96f3f98fbff7af29e9edf9a6584f3c1382e7788783d07ba3721790625caa43e"},
-    {file = "rpds_py-0.8.10-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:376b8de737401050bd12810003d207e824380be58810c031f10ec563ff6aef3d"},
-    {file = "rpds_py-0.8.10-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5d1c2bc319428d50b3e0fa6b673ab8cc7fa2755a92898db3a594cbc4eeb6d1f7"},
-    {file = "rpds_py-0.8.10-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:73a1e48430f418f0ac3dfd87860e4cc0d33ad6c0f589099a298cb53724db1169"},
-    {file = "rpds_py-0.8.10-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:134ec8f14ca7dbc6d9ae34dac632cdd60939fe3734b5d287a69683c037c51acb"},
-    {file = "rpds_py-0.8.10-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:4b519bac7c09444dd85280fd60f28c6dde4389c88dddf4279ba9b630aca3bbbe"},
-    {file = "rpds_py-0.8.10-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:9cd57981d9fab04fc74438d82460f057a2419974d69a96b06a440822d693b3c0"},
-    {file = "rpds_py-0.8.10-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:69d089c026f6a8b9d64a06ff67dc3be196707b699d7f6ca930c25f00cf5e30d8"},
-    {file = "rpds_py-0.8.10-cp311-none-win32.whl", hash = "sha256:220bdcad2d2936f674650d304e20ac480a3ce88a40fe56cd084b5780f1d104d9"},
-    {file = "rpds_py-0.8.10-cp311-none-win_amd64.whl", hash = "sha256:6c6a0225b8501d881b32ebf3f5807a08ad3685b5eb5f0a6bfffd3a6e039b2055"},
-    {file = "rpds_py-0.8.10-cp312-cp312-macosx_10_7_x86_64.whl", hash = "sha256:e3d0cd3dff0e7638a7b5390f3a53057c4e347f4ef122ee84ed93fc2fb7ea4aa2"},
-    {file = "rpds_py-0.8.10-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:d77dff3a5aa5eedcc3da0ebd10ff8e4969bc9541aa3333a8d41715b429e99f47"},
-    {file = "rpds_py-0.8.10-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:41c89a366eae49ad9e65ed443a8f94aee762931a1e3723749d72aeac80f5ef2f"},
-    {file = "rpds_py-0.8.10-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:3793c21494bad1373da517001d0849eea322e9a049a0e4789e50d8d1329df8e7"},
-    {file = "rpds_py-0.8.10-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:805a5f3f05d186c5d50de2e26f765ba7896d0cc1ac5b14ffc36fae36df5d2f10"},
-    {file = "rpds_py-0.8.10-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b01b39ad5411563031ea3977bbbc7324d82b088e802339e6296f082f78f6115c"},
-    {file = "rpds_py-0.8.10-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f3f1e860be21f3e83011116a65e7310486300e08d9a3028e73e8d13bb6c77292"},
-    {file = "rpds_py-0.8.10-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:a13c8e56c46474cd5958d525ce6a9996727a83d9335684e41f5192c83deb6c58"},
-    {file = "rpds_py-0.8.10-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:93d99f957a300d7a4ced41615c45aeb0343bb8f067c42b770b505de67a132346"},
-    {file = "rpds_py-0.8.10-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:148b0b38d719c0760e31ce9285a9872972bdd7774969a4154f40c980e5beaca7"},
-    {file = "rpds_py-0.8.10-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:3cc5e5b5514796f45f03a568981971b12a3570f3de2e76114f7dc18d4b60a3c4"},
-    {file = "rpds_py-0.8.10-cp38-cp38-macosx_10_7_x86_64.whl", hash = "sha256:e8e24b210a4deb5a7744971f8f77393005bae7f873568e37dfd9effe808be7f7"},
-    {file = "rpds_py-0.8.10-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:b41941583adce4242af003d2a8337b066ba6148ca435f295f31ac6d9e4ea2722"},
-    {file = "rpds_py-0.8.10-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3c490204e16bca4f835dba8467869fe7295cdeaa096e4c5a7af97f3454a97991"},
-    {file = "rpds_py-0.8.10-cp38-cp38-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:1ee45cd1d84beed6cbebc839fd85c2e70a3a1325c8cfd16b62c96e2ffb565eca"},
-    {file = "rpds_py-0.8.10-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:4a8ca409f1252e1220bf09c57290b76cae2f14723746215a1e0506472ebd7bdf"},
-    {file = "rpds_py-0.8.10-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:96b293c0498c70162effb13100624c5863797d99df75f2f647438bd10cbf73e4"},
-    {file = "rpds_py-0.8.10-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b4627520a02fccbd324b33c7a83e5d7906ec746e1083a9ac93c41ac7d15548c7"},
-    {file = "rpds_py-0.8.10-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:e39d7ab0c18ac99955b36cd19f43926450baba21e3250f053e0704d6ffd76873"},
-    {file = "rpds_py-0.8.10-cp38-cp38-musllinux_1_2_aarch64.whl", hash = "sha256:ba9f1d1ebe4b63801977cec7401f2d41e888128ae40b5441270d43140efcad52"},
-    {file = "rpds_py-0.8.10-cp38-cp38-musllinux_1_2_i686.whl", hash = "sha256:802f42200d8caf7f25bbb2a6464cbd83e69d600151b7e3b49f49a47fa56b0a38"},
-    {file = "rpds_py-0.8.10-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:d19db6ba816e7f59fc806c690918da80a7d186f00247048cd833acdab9b4847b"},
-    {file = "rpds_py-0.8.10-cp38-none-win32.whl", hash = "sha256:7947e6e2c2ad68b1c12ee797d15e5f8d0db36331200b0346871492784083b0c6"},
-    {file = "rpds_py-0.8.10-cp38-none-win_amd64.whl", hash = "sha256:fa326b3505d5784436d9433b7980171ab2375535d93dd63fbcd20af2b5ca1bb6"},
-    {file = "rpds_py-0.8.10-cp39-cp39-macosx_10_7_x86_64.whl", hash = "sha256:7b38a9ac96eeb6613e7f312cd0014de64c3f07000e8bf0004ad6ec153bac46f8"},
-    {file = "rpds_py-0.8.10-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:c4d42e83ddbf3445e6514f0aff96dca511421ed0392d9977d3990d9f1ba6753c"},
-    {file = "rpds_py-0.8.10-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1b21575031478609db6dbd1f0465e739fe0e7f424a8e7e87610a6c7f68b4eb16"},
-    {file = "rpds_py-0.8.10-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:574868858a7ff6011192c023a5289158ed20e3f3b94b54f97210a773f2f22921"},
-    {file = "rpds_py-0.8.10-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ae40f4a70a1f40939d66ecbaf8e7edc144fded190c4a45898a8cfe19d8fc85ea"},
-    {file = "rpds_py-0.8.10-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:37f7ee4dc86db7af3bac6d2a2cedbecb8e57ce4ed081f6464510e537589f8b1e"},
-    {file = "rpds_py-0.8.10-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:695f642a3a5dbd4ad2ffbbacf784716ecd87f1b7a460843b9ddf965ccaeafff4"},
-    {file = "rpds_py-0.8.10-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:f43ab4cb04bde6109eb2555528a64dfd8a265cc6a9920a67dcbde13ef53a46c8"},
-    {file = "rpds_py-0.8.10-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:a11ab0d97be374efd04f640c04fe5c2d3dabc6dfb998954ea946ee3aec97056d"},
-    {file = "rpds_py-0.8.10-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:92cf5b3ee60eef41f41e1a2cabca466846fb22f37fc580ffbcb934d1bcab225a"},
-    {file = "rpds_py-0.8.10-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:ceaac0c603bf5ac2f505a78b2dcab78d3e6b706be6596c8364b64cc613d208d2"},
-    {file = "rpds_py-0.8.10-cp39-none-win32.whl", hash = "sha256:dd4f16e57c12c0ae17606c53d1b57d8d1c8792efe3f065a37cb3341340599d49"},
-    {file = "rpds_py-0.8.10-cp39-none-win_amd64.whl", hash = "sha256:c03a435d26c3999c2a8642cecad5d1c4d10c961817536af52035f6f4ee2f5dd0"},
-    {file = "rpds_py-0.8.10-pp310-pypy310_pp73-macosx_10_7_x86_64.whl", hash = "sha256:0da53292edafecba5e1d8c1218f99babf2ed0bf1c791d83c0ab5c29b57223068"},
-    {file = "rpds_py-0.8.10-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:7d20a8ed227683401cc508e7be58cba90cc97f784ea8b039c8cd01111e6043e0"},
-    {file = "rpds_py-0.8.10-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:97cab733d303252f7c2f7052bf021a3469d764fc2b65e6dbef5af3cbf89d4892"},
-    {file = "rpds_py-0.8.10-pp310-pypy310_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:8c398fda6df361a30935ab4c4bccb7f7a3daef2964ca237f607c90e9f3fdf66f"},
-    {file = "rpds_py-0.8.10-pp310-pypy310_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:2eb4b08c45f8f8d8254cdbfacd3fc5d6b415d64487fb30d7380b0d0569837bf1"},
-    {file = "rpds_py-0.8.10-pp310-pypy310_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:e7dfb1cbb895810fa2b892b68153c17716c6abaa22c7dc2b2f6dcf3364932a1c"},
-    {file = "rpds_py-0.8.10-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:89c92b74e8bf6f53a6f4995fd52f4bd510c12f103ee62c99e22bc9e05d45583c"},
-    {file = "rpds_py-0.8.10-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:e9c0683cb35a9b5881b41bc01d5568ffc667910d9dbc632a1fba4e7d59e98773"},
-    {file = "rpds_py-0.8.10-pp310-pypy310_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:0eeb2731708207d0fe2619afe6c4dc8cb9798f7de052da891de5f19c0006c315"},
-    {file = "rpds_py-0.8.10-pp310-pypy310_pp73-musllinux_1_2_i686.whl", hash = "sha256:7495010b658ec5b52835f21d8c8b1a7e52e194c50f095d4223c0b96c3da704b1"},
-    {file = "rpds_py-0.8.10-pp310-pypy310_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:c72ebc22e70e04126158c46ba56b85372bc4d54d00d296be060b0db1671638a4"},
-    {file = "rpds_py-0.8.10-pp38-pypy38_pp73-macosx_10_7_x86_64.whl", hash = "sha256:2cd3045e7f6375dda64ed7db1c5136826facb0159ea982f77d9cf6125025bd34"},
-    {file = "rpds_py-0.8.10-pp38-pypy38_pp73-macosx_11_0_arm64.whl", hash = "sha256:2418cf17d653d24ffb8b75e81f9f60b7ba1b009a23298a433a4720b2a0a17017"},
-    {file = "rpds_py-0.8.10-pp38-pypy38_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1a2edf8173ac0c7a19da21bc68818be1321998528b5e3f748d6ee90c0ba2a1fd"},
-    {file = "rpds_py-0.8.10-pp38-pypy38_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:7f29b8c55fd3a2bc48e485e37c4e2df3317f43b5cc6c4b6631c33726f52ffbb3"},
-    {file = "rpds_py-0.8.10-pp38-pypy38_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:9a7d20c1cf8d7b3960c5072c265ec47b3f72a0c608a9a6ee0103189b4f28d531"},
-    {file = "rpds_py-0.8.10-pp38-pypy38_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:521fc8861a86ae54359edf53a15a05fabc10593cea7b3357574132f8427a5e5a"},
-    {file = "rpds_py-0.8.10-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d5c191713e98e7c28800233f039a32a42c1a4f9a001a8a0f2448b07391881036"},
-    {file = "rpds_py-0.8.10-pp38-pypy38_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:083df0fafe199371206111583c686c985dddaf95ab3ee8e7b24f1fda54515d09"},
-    {file = "rpds_py-0.8.10-pp38-pypy38_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:ed41f3f49507936a6fe7003985ea2574daccfef999775525d79eb67344e23767"},
-    {file = "rpds_py-0.8.10-pp38-pypy38_pp73-musllinux_1_2_i686.whl", hash = "sha256:2614c2732bf45de5c7f9e9e54e18bc78693fa2f635ae58d2895b7965e470378c"},
-    {file = "rpds_py-0.8.10-pp38-pypy38_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:c60528671d9d467009a6ec284582179f6b88651e83367d0ab54cb739021cd7de"},
-    {file = "rpds_py-0.8.10-pp39-pypy39_pp73-macosx_10_7_x86_64.whl", hash = "sha256:ee744fca8d1ea822480a2a4e7c5f2e1950745477143668f0b523769426060f29"},
-    {file = "rpds_py-0.8.10-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:a38b9f526d0d6cbdaa37808c400e3d9f9473ac4ff64d33d9163fd05d243dbd9b"},
-    {file = "rpds_py-0.8.10-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:60e0e86e870350e03b3e25f9b1dd2c6cc72d2b5f24e070249418320a6f9097b7"},
-    {file = "rpds_py-0.8.10-pp39-pypy39_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:f53f55a8852f0e49b0fc76f2412045d6ad9d5772251dea8f55ea45021616e7d5"},
-    {file = "rpds_py-0.8.10-pp39-pypy39_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c493365d3fad241d52f096e4995475a60a80f4eba4d3ff89b713bc65c2ca9615"},
-    {file = "rpds_py-0.8.10-pp39-pypy39_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:300eb606e6b94a7a26f11c8cc8ee59e295c6649bd927f91e1dbd37a4c89430b6"},
-    {file = "rpds_py-0.8.10-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5a665f6f1a87614d1c3039baf44109094926dedf785e346d8b0a728e9cabd27a"},
-    {file = "rpds_py-0.8.10-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:927d784648211447201d4c6f1babddb7971abad922b32257ab74de2f2750fad0"},
-    {file = "rpds_py-0.8.10-pp39-pypy39_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:c200b30dd573afa83847bed7e3041aa36a8145221bf0cfdfaa62d974d720805c"},
-    {file = "rpds_py-0.8.10-pp39-pypy39_pp73-musllinux_1_2_i686.whl", hash = "sha256:08166467258fd0240a1256fce272f689f2360227ee41c72aeea103e9e4f63d2b"},
-    {file = "rpds_py-0.8.10-pp39-pypy39_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:996cc95830de9bc22b183661d95559ec6b3cd900ad7bc9154c4cbf5be0c9b734"},
-    {file = "rpds_py-0.8.10.tar.gz", hash = "sha256:13e643ce8ad502a0263397362fb887594b49cf84bf518d6038c16f235f2bcea4"},
-]
-
 [[package]]
 name = "rsa"
 version = "4.9"
@@ -2895,4 +2772,4 @@ docs = ["mkdocs", "mkdocs-material"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9"
-content-hash = "17459c4c8a7acf4c4a31253edf406113fbcedf8d81d17042f6b33665c3a6f47d"
+content-hash = "79612595d899eebc1b456fb4e4929280d41f536b6647af416bbfc64bc8042336"

prowler/__main__.py

@@ -219,9 +219,7 @@ def prowler():
 
     # Resolve previous fails of Security Hub
     if provider == "aws" and args.security_hub and not args.skip_sh_update:
-        resolve_security_hub_previous_findings(
-            args.output_directory, args.output_filename, audit_info
-        )
+        resolve_security_hub_previous_findings(args.output_directory, audit_info)
 
     # Display summary table
     if not args.only_logs:

prowler/compliance/aws/soc2_aws.json

@@ -7,7 +7,7 @@
     {
       "Id": "cc_1_1",
       "Name": "CC1.1 COSO Principle 1: The entity demonstrates a commitment to integrity and ethical values",
-      "Description": "Sets the Tone at the Top - The board of directors and management, at all levels, demonstrate through their directives, actions, and behavior the importance of integrity and ethical values to support the functioning of the system of internal control. Establishes Standards of Conduct - The expectations of the board of directors and senior management concerning integrity and ethical values are defined in the entity’s standards of conduct and understood at all levels of the entity and by outsourced service providers and business partners. Evaluates Adherence to Standards of Conduct - Processes are in place to evaluate the performance of individuals and teams against the entity’s expected standards of conduct. Addresses Deviations in a Timely Manner - Deviations from the entity’s expected standards of conduct are identified and remedied in a timely and consistent manner.",
+      "Description": "Sets the Tone at the Top - The board of directors and management, at all levels, demonstrate through their directives, actions, and behavior the importance of integrity and ethical values to support the functioning of the system of internal control.Establishes Standards of Conduct - The expectations of the board of directors and senior management concerning integrity and ethical values are defined in the entity’s standards of conduct and understood at all levels of the entity and by outsourced service providers and business partners. Evaluates Adherence to Standards of Conduct - Processes are in place to evaluate the performance of individuals and teams against the entity’s expected standards of conduct. Addresses Deviations in a Timely Manner - Deviations from the entity’s expected standards of conduct are identified and remedied in a timely and consistent manner.",
       "Attributes": [
         {
           "ItemId": "cc_1_1",
@@ -54,7 +54,7 @@
     {
       "Id": "cc_1_4",
       "Name": "CC1.4 COSO Principle 4: The entity demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives",
-      "Description": "Establishes Policies and Practices - Policies and practices reflect expectations of competence necessary to support the achievement of objectives. Evaluates Competence and Addresses Shortcomings - The board of directors and management evaluate competence across the entity and in outsourced service providers in relation to established policies and practices and act as necessary to address shortcomings. Attracts, Develops, and Retains Individuals - The entity provides the mentoring and training needed to attract, develop, and retain sufficient and competent personnel and outsourced service providers to support the achievement of objectives. Plans and Prepares for Succession - Senior management and the board of directors develop contingency plans for assignments of responsibility important for internal control. Additional point of focus specifically related to all engagements using the trust services criteria: Considers the Background of Individuals - The entity considers the background of potential and existing personnel, contractors, and vendor employees when determining whether to employ and retain the individuals. Considers the Technical Competency of Individuals - The entity considers the technical competency of potential and existing personnel, contractors, and vendor employees when determining whether to employ and retain the individuals. Provides Training to Maintain Technical Competencies - The entity provides training programs, including continuing education and training, to ensure skill sets and technical competency of existing personnel, contractors, and vendor employees are developed and maintained.",
+      "Description": "Establishes Policies and Practices - Policies and practices reflect expectations of competence necessary to support the achievement of objectives. Evaluates Competence and Addresses Shortcomings - The board of directors and management evaluate competence across the entity and in outsourced service providers in relation to established policies and practices and act as necessary to address shortcomings.Attracts, Develops, and Retains Individuals - The entity provides the mentoring and training needed to attract, develop, and retain sufficient and competent personnel and outsourced service providers to support the achievement of objectives.Plans and Prepares for Succession - Senior management and the board of directors develop contingency plans for assignments of responsibility important for internal control.Additional point of focus specifically related to all engagements using the trust services criteria:Considers the Background of Individuals - The entity considers the background of potential and existing personnel, contractors, and vendor employees when determining whether to employ and retain the individuals.Considers the Technical Competency of Individuals - The entity considers the technical competency of potential and existing personnel, contractors, and vendor employees when determining whether to employ and retain the individuals.Provides Training to Maintain Technical Competencies - The entity provides training programs, including continuing education and training, to ensure skill sets and technical competency of existing personnel, contractors, and vendor employees are developed and maintained.",
       "Attributes": [
         {
           "ItemId": "cc_1_4",
@@ -68,7 +68,7 @@
     {
       "Id": "cc_1_5",
       "Name": "CC1.5 COSO Principle 5: The entity holds individuals accountable for their internal control responsibilities in the pursuit of objectives",
-      "Description": "Enforces Accountability Through Structures, Authorities, and Responsibilities - Management and the board of directors establish the mechanisms to communicate and hold individuals accountable for performance of internal control responsibilities across the entity and implement corrective action as necessary. Establishes Performance Measures, Incentives, and Rewards - Management and the board of directors establish performance measures, incentives, and other rewards appropriate for responsibilities at all levels of the entity, reflecting appropriate dimensions of performance and expected standards of conduct, and considering the achievement of both short-term and longer-term objectives. Evaluates Performance Measures, Incentives, and Rewards for Ongoing Relevance - Management and the board of directors align incentives and rewards with the fulfillment of internal control responsibilities in the achievement of objectives. Considers Excessive Pressures - Management and the board of directors evaluate and adjust pressures associated with the achievement of objectives as they assign responsibilities, develop performance measures, and evaluate performance. Evaluates Performance and Rewards or Disciplines Individuals - Management and the board of directors evaluate performance of internal control responsibilities, including adherence to standards of conduct and expected levels of competence, and provide rewards or exercise disciplinary action, as appropriate.",
+      "Description": "Enforces Accountability Through Structures, Authorities, and Responsibilities - Management and the board of directors establish the mechanisms to communicate and hold individuals accountable for performance of internal control responsibilities across the entity and implement corrective action as necessary. Establishes Performance Measures, Incentives, and Rewards - Management and the board of directors establish performance measures, incentives, and other rewards appropriate for responsibilities at all levels of the entity, reflecting appropriate dimensions of performance and expected standards of conduct, and considering the achievement of both short-term and longer-term objectives.Evaluates Performance Measures, Incentives, and Rewards for Ongoing Relevance - Management and the board of directors align incentives and rewards with the fulfillment of internal control responsibilities in the achievement of objectives.Considers Excessive Pressures - Management and the board of directors evaluate and adjust pressures associated with the achievement of objectives as they assign responsibilities, develop performance measures, and evaluate performance. Evaluates Performance and Rewards or Disciplines Individuals - Management and the board of directors evaluate performance of internal control responsibilities, including adherence to standards of conduct and expected levels of competence, and provide rewards or exercise disciplinary action, as appropriate.",
       "Attributes": [
         {
           "ItemId": "cc_1_5",
@@ -129,7 +129,7 @@
     {
       "Id": "cc_3_1",
       "Name": "CC3.1 COSO Principle 6: The entity specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives",
-      "Description": "Operations Objectives: Reflects Management's Choices - Operations objectives reflect management's choices about structure, industry considerations, and performance of the entity. Considers Tolerances for Risk - Management considers the acceptable levels of variation relative to the achievement of operations objectives. External Financial Reporting Objectives: Complies With Applicable Accounting Standards - Financial reporting objectives are consistent with accounting principles suitable and available for that entity. The accounting principles selected are appropriate in the circumstances. External Nonfinancial Reporting Objectives: Complies With Externally Established Frameworks - Management establishes objectives consistent with laws and regulations or standards and frameworks of recognized external organizations. Reflects Entity Activities - External reporting reflects the underlying transactions and events within a range of acceptable limits. Considers the Required Level of Precision—Management reflects the required level of precision and accuracy suitable for user needs and based on criteria established by third parties in nonfinancial reporting. Internal Reporting Objectives: Reflects Management's Choices - Internal reporting provides management with accurate and complete information regarding management's choices and information needed in managing the entity. Considers the Required Level of Precision—Management reflects the required level of precision and accuracy suitable for user needs in nonfinancial reporting objectives and materiality within financial reporting objectives. Reflects Entity Activities—Internal reporting reflects the underlying transactions and events within a range of acceptable limits. Compliance Objectives: Reflects External Laws and Regulations - Laws and regulations establish minimum standards of conduct, which the entity integrates into compliance objectives. Considers Tolerances for Risk - Management considers the acceptable levels of variation relative to the achievement of operations objectives. Additional point of focus specifically related to all engagements using the trust services criteria: Establishes Sub-objectives to Support Objectives—Management identifies sub-objectives related to security, availability, processing integrity, confidentiality, and privacy to support the achievement of the entity’s objectives related to reporting, operations, and compliance.",
+      "Description": "Operations Ojectives:Reflects Management's Choices - Operations objectives reflect management's choices about structure, industry considerations, and performance of the entity.Considers Tolerances for Risk - Management considers the acceptable levels of variation relative to the achievement of operations objectives.External Financial Reporting Objectives:Complies With Applicable Accounting Standards - Financial reporting objectives are consistent with accounting principles suitable and available for that entity. The accounting principles selected are appropriate in the circumstances.External Nonfinancial Reporting Objectives:Complies With Externally Established Frameworks - Management establishes objectives consistent with laws and regulations or standards and frameworks of recognized external organizations.Reflects Entity Activities - External reporting reflects the underlying transactions and events within a range of acceptable limits.Considers the Required Level of Precision—Management reflects the required level of precision and accuracy suitable for user needs and based on criteria established by third parties in nonfinancial reporting.Internal Reporting Objectives:Reflects Management's Choices - Internal reporting provides management with accurate and complete information regarding management's choices and information needed in managing the entity.Considers the Required Level of Precision—Management reflects the required level of precision and accuracy suitable for user needs in nonfinancial reporting objectives and materiality within financial reporting objectives.Reflects Entity Activities—Internal reporting reflects the underlying transactions and events within a range of acceptable limits.Compliance Objectives:Reflects External Laws and Regulations - Laws and regulations establish minimum standards of conduct, which the entity integrates into compliance objectives.Considers Tolerances for Risk - Management considers the acceptable levels of variation relative to the achievement of operations objectives.Additional point of focus specifically related to all engagements using the trust services criteria: Establishes Sub-objectives to Support Objectives—Management identifies sub-objectives related to security, availability, processing integrity, confidentiality, and privacy to support the achievement of the entity’s objectives related to reporting, operations, and compliance.",
       "Attributes": [
         {
           "ItemId": "cc_3_1",
@@ -147,7 +147,7 @@
     {
       "Id": "cc_3_2",
       "Name": "CC3.2 COSO Principle 7: The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed",
-      "Description": "Includes Entity, Subsidiary, Division, Operating Unit, and Functional Levels - The entity identifies and assesses risk at the entity, subsidiary, division, operating unit, and functional levels relevant to the achievement of objectives. Analyzes Internal and External Factors - Risk identification considers both internal and external factors and their impact on the achievement of objectives. Involves Appropriate Levels of Management - The entity puts into place effective risk assessment mechanisms that involve appropriate levels of management. Estimates Significance of Risks Identified - Identified risks are analyzed through a process that includes estimating the potential significance of the risk. Determines How to Respond to Risks - Risk assessment includes considering how the risk should be managed and whether to accept, avoid, reduce, or share the risk. Additional points of focus specifically related to all engagements using the trust services criteria: Identifies and Assesses Criticality of Information Assets and Identifies Threats and Vulnerabilities - The entity's risk identification and assessment process includes (1) identifying information assets, including physical devices and systems, virtual devices, software, data and data flows, external information systems, and organizational roles; (2) assessing the criticality of those information assets; (3) identifying the threats to the assets from intentional (including malicious) and unintentional acts and environmental events; and (4) identifying the vulnerabilities of the identified assets.",
+      "Description": "Includes Entity, Subsidiary, Division, Operating Unit, and Functional Levels - The entity identifies and assesses risk at the entity, subsidiary, division, operating unit, and functional levels relevant to the achievement of objectives.Analyzes Internal and External Factors - Risk identification considers both internal and external factors and their impact on the achievement of objectives.Involves Appropriate Levels of Management - The entity puts into place effective risk assessment mechanisms that involve appropriate levels of management.Estimates Significance of Risks Identified - Identified risks are analyzed through a process that includes estimating the potential significance of the risk.Determines How to Respond to Risks - Risk assessment includes considering how the risk should be managed and whether to accept, avoid, reduce, or share the risk.Additional points of focus specifically related to all engagements using the trust services criteria:Identifies and Assesses Criticality of Information Assets and Identifies Threats and Vulnerabilities - The entity's risk identification and assessment process includes (1) identifying information assets, including physical devices and systems, virtual devices, software, data and data flows, external information systems, and organizational roles; (2) assessing the criticality of those information assets; (3) identifying the threats to the assets from intentional (including malicious) and unintentional acts and environmental events; and (4) identifying the vulnerabilities of the identified assets.",
       "Attributes": [
         {
           "ItemId": "cc_3_2",
@@ -167,7 +167,7 @@
     {
       "Id": "cc_3_3",
       "Name": "CC3.3 COSO Principle 8: The entity considers the potential for fraud in assessing risks to the achievement of objectives",
-      "Description": "Considers Various Types of Fraud - The assessment of fraud considers fraudulent reporting, possible loss of assets, and corruption resulting from the various ways that fraud and misconduct can occur. Assesses Incentives and Pressures - The assessment of fraud risks considers incentives and pressures. Assesses Opportunities - The assessment of fraud risk considers opportunities for unauthorized acquisition,use, or disposal of assets, altering the entity’s reporting records, or committing other inappropriate acts. Assesses Attitudes and Rationalizations - The assessment of fraud risk considers how management and other personnel might engage in or justify inappropriate actions. Additional point of focus specifically related to all engagements using the trust services criteria: Considers the Risks Related to the Use of IT and Access to Information - The assessment of fraud risks includes consideration of threats and vulnerabilities that arise specifically from the use of IT and access to information.",
+      "Description": "Considers Various Types of Fraud - The assessment of fraud considers fraudulent reporting, possible loss of assets, and corruption resulting from the various ways that fraud and misconduct can occur.Assesses Incentives and Pressures - The assessment of fraud risks considers incentives and pressures.Assesses Opportunities - The assessment of fraud risk considers opportunities for unauthorized acquisition,use, or disposal of assets, altering the entity’s reporting records, or committing other inappropriate acts.Assesses Attitudes and Rationalizations - The assessment of fraud risk considers how management and other personnel might engage in or justify inappropriate actions.Additional point of focus specifically related to all engagements using the trust services criteria: Considers the Risks Related to the Use of IT and Access to Information - The assessment of fraud risks includes consideration of threats and vulnerabilities that arise specifically from the use of IT and access to information.",
       "Attributes": [
         {
           "ItemId": "cc_3_3",
@@ -181,7 +181,7 @@
     {
       "Id": "cc_3_4",
       "Name": "CC3.4 COSO Principle 9: The entity identifies and assesses changes that could significantly impact the system of internal control",
-      "Description": "Assesses Changes in the External Environment - The risk identification process considers changes to the regulatory, economic, and physical environment in which the entity operates. Assesses Changes in the Business Model - The entity considers the potential impacts of new business lines, dramatically altered compositions of existing business lines, acquired or divested business operations on the system of internal control, rapid growth, changing reliance on foreign geographies, and new technologies. Assesses Changes in Leadership - The entity considers changes in management and respective attitudes and philosophies on the system of internal control. Assess Changes in Systems and Technology - The risk identification process considers changes arising from changes in the entity’s systems and changes in the technology environment. Assess Changes in Vendor and Business Partner Relationships - The risk identification process considers changes in vendor and business partner relationships.",
+      "Description": "Assesses Changes in the External Environment - The risk identification process considers changes to the regulatory, economic, and physical environment in which the entity operates.Assesses Changes in the Business Model - The entity considers the potential impacts of new business lines, dramatically altered compositions of existing business lines, acquired or divested business operations on the system of internal control, rapid growth, changing reliance on foreign geographies, and new technologies.Assesses Changes in Leadership - The entity considers changes in management and respective attitudes and philosophies on the system of internal control.Assess Changes in Systems and Technology - The risk identification process considers changes arising from changes in the entity’s systems and changes in the technology environment.Assess Changes in Vendor and Business Partner Relationships - The risk identification process considers changes in vendor and business partner relationships.",
       "Attributes": [
         {
           "ItemId": "cc_3_4",
@@ -197,7 +197,7 @@
     {
       "Id": "cc_4_1",
       "Name": "CC4.1 COSO Principle 16: The entity selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning",
-      "Description": "Considers a Mix of Ongoing and Separate Evaluations - Management includes a balance of ongoing and separate evaluations. Considers Rate of Change - Management considers the rate of change in business and business processes when selecting and developing ongoing and separate evaluations. Establishes Baseline Understanding - The design and current state of an internal control system are used to establish a baseline for ongoing and separate evaluations. Uses Knowledgeable Personnel - Evaluators performing ongoing and separate evaluations have sufficient knowledge to understand what is being evaluated. Integrates With Business Processes - Ongoing evaluations are built into the business processes and adjust to changing conditions. Adjusts Scope and Frequency—Management varies the scope and frequency of separate evaluations depending on risk. Objectively Evaluates - Separate evaluations are performed periodically to provide objective feedback. Considers Different Types of Ongoing and Separate Evaluations - Management uses a variety of different types of ongoing and separate evaluations, including penetration testing, independent certification made against established specifications (for example, ISO certifications), and internal audit assessments.",
+      "Description": "Considers a Mix of Ongoing and Separate Evaluations - Management includes a balance of ongoing and separate evaluations.Considers Rate of Change - Management considers the rate of change in business and business processes when selecting and developing ongoing and separate evaluations.Establishes Baseline Understanding - The design and current state of an internal control system are used to establish a baseline for ongoing and separate evaluations.Uses Knowledgeable Personnel - Evaluators performing ongoing and separate evaluations have sufficient knowledge to understand what is being evaluated.Integrates With Business Processes - Ongoing evaluations are built into the business processes and adjust to changing conditions.Adjusts Scope and Frequency—Management varies the scope and frequency of separate evaluations depending on risk.Objectively Evaluates - Separate evaluations are performed periodically to provide objective feedback.Considers Different Types of Ongoing and Separate Evaluations - Management uses a variety of different types of ongoing and separate evaluations, including penetration testing, independent certification made against established specifications (for example, ISO certifications), and internal audit assessments.",
       "Attributes": [
         {
           "ItemId": "cc_4_1",
@@ -211,7 +211,7 @@
     {
       "Id": "cc_4_2",
       "Name": "CC4.2 COSO Principle 17: The entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate",
-      "Description": "Assesses Results - Management and the board of directors, as appropriate, assess results of ongoing and separate evaluations. Communicates Deficiencies - Deficiencies are communicated to parties responsible for taking corrective action and to senior management and the board of directors, as appropriate. Monitors Corrective Action - Management tracks whether deficiencies are remedied on a timely basis.",
+      "Description": "Assesses Results - Management and the board of directors, as appropriate, assess results of ongoing and separate evaluations.Communicates Deficiencies - Deficiencies are communicated to parties responsible for taking corrective action and to senior management and the board of directors, as appropriate.Monitors Corrective Action - Management tracks whether deficiencies are remedied on a timely basis.",
       "Attributes": [
         {
           "ItemId": "cc_4_2",
@@ -228,7 +228,7 @@
     {
       "Id": "cc_5_1",
       "Name": "CC5.1 COSO Principle 10: The entity selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels",
-      "Description": "Integrates With Risk Assessment - Control activities help ensure that risk responses that address and mitigate risks are carried out. Considers Entity-Specific Factors - Management considers how the environment, complexity, nature, and scope of its operations, as well as the specific characteristics of its organization, affect the selection and development of control activities. Determines Relevant Business Processes - Management determines which relevant business processes require control activities. Evaluates a Mix of 2017 Data Submitted Types - Control activities include a range and variety of controls and may include a balance of approaches to mitigate risks, considering both manual and automated controls, and preventive and detective controls. Considers at What Level Activities Are Applied - Management considers control activities at various levels in the entity. Addresses Segregation of Duties - Management segregates incompatible duties, and where such segregation is not practical, management selects and develops alternative control activities.",
+      "Description": "Integrates With Risk Assessment - Control activities help ensure that risk responses that address and mitigate risks are carried out.Considers Entity-Specific Factors - Management considers how the environment, complexity, nature, and scope of its operations, as well as the specific characteristics of its organization, affect the selection and development of control activities.Determines Relevant Business Processes - Management determines which relevant business processes require control activities.Evaluates a Mix of 2017 Data Submitted Types - Control activities include a range and variety of controls and may include a balance of approaches to mitigate risks, considering both manual and automated controls, and preventive and detective controls.Considers at What Level Activities Are Applied - Management considers control activities at various levels in the entity.Addresses Segregation of Duties - Management segregates incompatible duties, and where such segregation is not practical, management selects and develops alternative control activities.",
       "Attributes": [
         {
           "ItemId": "cc_5_1",
@@ -242,7 +242,7 @@
     {
       "Id": "cc_5_2",
       "Name": "CC5.2 COSO Principle 11: The entity also selects and develops general control activities over technology to support the achievement of objectives",
-      "Description": "Determines Dependency Between the Use of Technology in Business Processes and Technology General Controls - Management understands and determines the dependency and linkage between business processes, automated control activities, and technology general controls. Establishes Relevant Technology Infrastructure Control Activities - Management selects and develops control activities over the technology infrastructure, which are designed and implemented to help ensure the completeness, accuracy, and availability of technology processing. Establishes Relevant Security Management Process Controls Activities - Management selects and develops control activities that are designed and implemented to restrict technology access rights to authorized users commensurate with their job responsibilities and to protect the entity’s assets from external threats. Establishes Relevant Technology Acquisition, Development, and Maintenance Process Control Activities - Management selects and develops control activities over the acquisition, development, and maintenance of technology and its infrastructure to achieve management’s objectives.",
+      "Description": "Determines Dependency Between the Use of Technology in Business Processes and Technology General Controls - Management understands and determines the dependency and linkage between business processes, automated control activities, and technology general controls.Establishes Relevant Technology Infrastructure Control Activities - Management selects and develops control activities over the technology infrastructure, which are designed and implemented to help ensure the completeness, accuracy, and availability of technology processing.Establishes Relevant Security Management Process Controls Activities - Management selects and develops control activities that are designed and implemented to restrict technology access rights to authorized users commensurate with their job responsibilities and to protect the entity’s assets from external threats.Establishes Relevant Technology Acquisition, Development, and Maintenance Process Control Activities - Management selects and develops control activities over the acquisition, development, and maintenance of technology and its infrastructure to achieve management’s objectives.",
       "Attributes": [
         {
           "ItemId": "cc_5_2",
@@ -256,7 +256,7 @@
     {
       "Id": "cc_5_3",
       "Name": "CCC5.3 COSO Principle 12: The entity deploys control activities through policies that establish what is expected and in procedures that put policies into action",
-      "Description": "Establishes Policies and Procedures to Support Deployment of Management ‘s Directives - Management establishes control activities that are built into business processes and employees’ day-to-day activities through policies establishing what is expected and relevant procedures specifying actions. Establishes Responsibility and Accountability for Executing Policies and Procedures - Management establishes responsibility and accountability for control activities with management (or other designated personnel) of the business unit or function in which the relevant risks reside. Performs in a Timely Manner - Responsible personnel perform control activities in a timely manner as defined by the policies and procedures. Takes Corrective Action - Responsible personnel investigate and act on matters identified as a result of executing control activities. Performs Using Competent Personnel - Competent personnel with sufficient authority perform control activities with diligence and continuing focus. Reassesses Policies and Procedures - Management periodically reviews control activities to determine their continued relevance and refreshes them when necessary.",
+      "Description": "Establishes Policies and Procedures to Support Deployment of Management ‘s Directives - Management establishes control activities that are built into business processes and employees’ day-to-day activities through policies establishing what is expected and relevant procedures specifying actions.Establishes Responsibility and Accountability for Executing Policies and Procedures - Management establishes responsibility and accountability for control activities with management (or other designated personnel) of the business unit or function in which the relevant risks reside.Performs in a Timely Manner - Responsible personnel perform control activities in a timely manner as defined by the policies and procedures.Takes Corrective Action - Responsible personnel investigate and act on matters identified as a result of executing control activities.Performs Using Competent Personnel - Competent personnel with sufficient authority perform control activities with diligence and continuing focus.Reassesses Policies and Procedures - Management periodically reviews control activities to determine their continued relevance and refreshes them when necessary.",
       "Attributes": [
         {
           "ItemId": "cc_5_3",
@@ -270,7 +270,7 @@
     {
       "Id": "cc_6_1",
       "Name": "CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives",
-      "Description": "Identifies and Manages the Inventory of Information Assets - The entity identifies, inventories, classifies, and manages information assets. Restricts Logical Access - Logical access to information assets, including hardware, data (at-rest, during processing, or in transmission), software, administrative authorities, mobile devices, output, and offline system components is restricted through the use of access control software and rule sets. Identifies and Authenticates Users - Persons, infrastructure and software are identified and authenticated prior to accessing information assets, whether locally or remotely. Considers Network Segmentation - Network segmentation permits unrelated portions of the entity's information system to be isolated from each other. Manages Points of Access - Points of access by outside entities and the types of data that flow through the points of access are identified, inventoried, and managed. The types of individuals and systems using each point of access are identified, documented, and managed. Restricts Access to Information Assets - Combinations of data classification, separate data structures, port restrictions, access protocol restrictions, user identification, and digital certificates are used to establish access control rules for information assets. Manages Identification and Authentication - Identification and authentication requirements are established, documented, and managed for individuals and systems accessing entity information, infrastructure and software. Manages Credentials for Infrastructure and Software - New internal and external infrastructure and software are registered, authorized, and documented prior to being granted access credentials and implemented on the network or access point. Credentials are removed and access is disabled when access is no longer required or the infrastructure and software are no longer in use. Uses Encryption to Protect Data - The entity uses encryption to supplement other measures used to protect data-at-rest, when such protections are deemed appropriate based on assessed risk. Protects Encryption Keys - Processes are in place to protect encryption keys during generation, storage, use, and destruction.",
+      "Description": "Identifies and Manages the Inventory of Information Assets - The entity identifies, inventories, classifies, and manages information assets.Restricts Logical Access - Logical access to information assets, including hardware, data (at-rest, during processing, or in transmission), software, administrative authorities, mobile devices, output, and offline system components is restricted through the use of access control software and rule sets.Identifies and Authenticates Users - Persons, infrastructure and software are identified and authenticated prior to accessing information assets, whether locally or remotely.Considers Network Segmentation - Network segmentation permits unrelated portions of the entity's information system to be isolated from each other.Manages Points of Access - Points of access by outside entities and the types of data that flow through the points of access are identified, inventoried, and managed. The types of individuals and systems using each point of access are identified, documented, and managed.Restricts Access to Information Assets - Combinations of data classification, separate data structures, port restrictions, access protocol restrictions, user identification, and digital certificates are used to establish access control rules for information assets.Manages Identification and Authentication - Identification and authentication requirements are established, documented, and managed for individuals and systems accessing entity information, infrastructure and software.Manages Credentials for Infrastructure and Software - New internal and external infrastructure and software are registered, authorized, and documented prior to being granted access credentials and implemented on the network or access point. Credentials are removed and access is disabled when access is no longer required or the infrastructure and software are no longer in use.Uses Encryption to Protect Data - The entity uses encryption to supplement other measures used to protect data-at-rest, when such protections are deemed appropriate based on assessed risk.Protects Encryption Keys - Processes are in place to protect encryption keys during generation, storage, use, and destruction.",
       "Attributes": [
         {
           "ItemId": "cc_6_1",
@@ -286,7 +286,7 @@
     {
       "Id": "cc_6_2",
       "Name": "CC6.2 Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity",
-      "Description": "Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity. For those users whose access is administered by the entity, user system credentials are removed when user access is no longer authorized. Controls Access Credentials to Protected Assets - Information asset access credentials are created based on an authorization from the system's asset owner or authorized custodian. Removes Access to Protected Assets When Appropriate - Processes are in place to remove credential access when an individual no longer requires such access. Reviews Appropriateness of Access Credentials - The appropriateness of access credentials is reviewed on a periodic basis for unnecessary and inappropriate individuals with credentials.",
+      "Description": "Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity. For those users whose access is administered by the entity, user system credentials are removed when user access is no longer authorized.Controls Access Credentials to Protected Assets - Information asset access credentials are created based on an authorization from the system's asset owner or authorized custodian.Removes Access to Protected Assets When Appropriate - Processes are in place to remove credential access when an individual no longer requires such access.Reviews Appropriateness of Access Credentials - The appropriateness of access credentials is reviewed on a periodic basis for unnecessary and inappropriate individuals with credentials.",
       "Attributes": [
         {
           "ItemId": "cc_6_2",
@@ -302,7 +302,7 @@
     {
       "Id": "cc_6_3",
       "Name": "CC6.3 The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity’s objectives",
-      "Description": "Creates or Modifies Access to Protected Information Assets - Processes are in place to create or modify access to protected information assets based on authorization from the asset’s owner. Removes Access to Protected Information Assets - Processes are in place to remove access to protected information assets when an individual no longer requires access. Uses Role-Based Access Controls - Role-based access control is utilized to support segregation of incompatible functions.",
+      "Description": "Creates or Modifies Access to Protected Information Assets - Processes are in place to create or modify access to protected information assets based on authorization from the asset’s owner.Removes Access to Protected Information Assets - Processes are in place to remove access to protected information assets when an individual no longer requires access.Uses Role-Based Access Controls - Role-based access control is utilized to support segregation of incompatible functions.",
       "Attributes": [
         {
           "ItemId": "cc_6_3",
@@ -319,7 +319,7 @@
     {
       "Id": "cc_6_4",
       "Name": "CC6.4 The entity restricts physical access to facilities and protected information assets to authorized personnel to meet the entity’s objectives",
-      "Description": "Creates or Modifies Physical Access - Processes are in place to create or modify physical access to facilities such as data centers, office spaces, and work areas, based on authorization from the system's asset owner. Removes Physical Access - Processes are in place to remove access to physical resources when an individual no longer requires access. Reviews Physical Access - Processes are in place to periodically review physical access to ensure consistency with job responsibilities.",
+      "Description": "Creates or Modifies Physical Access - Processes are in place to create or modify physical access to facilities such as data centers, office spaces, and work areas, based on authorization from the system's asset owner.Removes Physical Access - Processes are in place to remove access to physical resources when an individual no longer requires access.Reviews Physical Access - Processes are in place to periodically review physical access to ensure consistency with job responsibilities.",
       "Attributes": [
         {
           "ItemId": "cc_6_4",
@@ -333,7 +333,7 @@
     {
       "Id": "cc_6_5",
       "Name": "CC6.5 The entity discontinues logical and physical protections over physical assets only after the ability to read or recover data and software from those assets has been diminished and is no longer required to meet the entity’s objectives",
-      "Description": "Identifies Data and Software for Disposal - Procedures are in place to identify data and software stored on equipment to be disposed and to render such data and software unreadable. Removes Data and Software From Entity Control - Procedures are in place to remove data and software stored on equipment to be removed from the physical control of the entity and to render such data and software unreadable.",
+      "Description": "Identifies Data and Software for Disposal - Procedures are in place to identify data and software stored on equipment to be disposed and to render such data and software unreadable.Removes Data and Software From Entity Control - Procedures are in place to remove data and software stored on equipment to be removed from the physical control of the entity and to render such data and software unreadable.",
       "Attributes": [
         {
           "ItemId": "cc_6_5",
@@ -347,7 +347,7 @@
     {
       "Id": "cc_6_6",
       "Name": "CC6.6 The entity implements logical access security measures to protect against threats from sources outside its system boundaries",
-      "Description": "Restricts Access — The types of activities that can occur through a communication channel (for example, FTP site, router port) are restricted. Protects Identification and Authentication Credentials — Identification and authentication credentials are protected during transmission outside its system boundaries. Requires Additional Authentication or Credentials — Additional authentication information or credentials are required when accessing the system from outside its boundaries. Implements Boundary Protection Systems — Boundary protection systems (for example, firewalls, demilitarized zones, and intrusion detection systems) are implemented to protect external access points from attempts and unauthorized access and are monitored to detect such attempts.",
+      "Description": "Restricts Access — The types of activities that can occur through a communication channel (for example, FTP site, router port) are restricted.Protects Identification and Authentication Credentials — Identification and authentication credentials are protected during transmission outside its system boundaries.Requires Additional Authentication or Credentials — Additional authentication information or credentials are required when accessing the system from outside its boundaries.Implements Boundary Protection Systems — Boundary protection systems (for example, firewalls, demilitarized zones, and intrusion detection systems) are implemented to protect external access points from attempts and unauthorized access and are monitored to detect such attempts.",
       "Attributes": [
         {
           "ItemId": "cc_6_6",
@@ -363,7 +363,7 @@
     {
       "Id": "cc_6_7",
       "Name": "CC6.7 The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity’s objectives",
-      "Description": "Restricts the Ability to Perform Transmission - Data loss prevention processes and technologies are used to restrict ability to authorize and execute transmission, movement and removal of information. Uses Encryption Technologies or Secure Communication Channels to Protect Data - Encryption technologies or secured communication channels are used to protect transmission of data and other communications beyond connectivity access points. Protects Removal Media - Encryption technologies and physical asset protections are used for removable media (such as USB drives and back-up tapes), as appropriate. Protects Mobile Devices - Processes are in place to protect mobile devices (such as laptops, smart phones and tablets) that serve as information assets.",
+      "Description": "Restricts the Ability to Perform Transmission - Data loss prevention processes and technologies are used to restrict ability to authorize and execute transmission, movement and removal of information.Uses Encryption Technologies or Secure Communication Channels to Protect Data - Encryption technologies or secured communication channels are used to protect transmission of data and other communications beyond connectivity access points.Protects Removal Media - Encryption technologies and physical asset protections are used for removable media (such as USB drives and back-up tapes), as appropriate.Protects Mobile Devices - Processes are in place to protect mobile devices (such as laptops, smart phones and tablets) that serve as information assets.",
       "Attributes": [
         {
           "ItemId": "cc_6_7",
@@ -379,7 +379,7 @@
     {
       "Id": "cc_6_8",
       "Name": "CC6.8 The entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity’s objectives",
-      "Description": "Restricts Application and Software Installation - The ability to install applications and software is restricted to authorized individuals. Detects Unauthorized Changes to Software and Configuration Parameters - Processes are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software. Uses a Defined Change Control Process - A management-defined change control process is used for the implementation of software. Uses Antivirus and Anti-Malware Software - Antivirus and anti-malware software is implemented and maintained to provide for the interception or detection and remediation of malware. Scans Information Assets from Outside the Entity for Malware and Other Unauthorized Software - Procedures are in place to scan information assets that have been transferred or returned to the entity’s custody for malware and other unauthorized software and to remove any items detected prior to its implementation on the network.",
+      "Description": "Restricts Application and Software Installation - The ability to install applications and software is restricted to authorized individuals.Detects Unauthorized Changes to Software and Configuration Parameters - Processes are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software.Uses a Defined Change Control Process - A management-defined change control process is used for the implementation of software.Uses Antivirus and Anti-Malware Software - Antivirus and anti-malware software is implemented and maintained to provide for the interception or detection and remediation of malware.Scans Information Assets from Outside the Entity for Malware and Other Unauthorized Software - Procedures are in place to scan information assets that have been transferred or returned to the entity’s custody for malware and other unauthorized software and to remove any items detected prior to its implementation on the network.",
       "Attributes": [
         {
           "ItemId": "cc_6_8",
@@ -396,7 +396,7 @@
     {
       "Id": "cc_7_1",
       "Name": "CC7.1 To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities",
-      "Description": "Uses Defined Configuration Standards - Management has defined configuration standards. Monitors Infrastructure and Software - The entity monitors infrastructure and software for noncompliance with the standards, which could threaten the achievement of the entity's objectives. Implements Change-Detection Mechanisms - The IT system includes a change-detection mechanism (for example, file integrity monitoring tools) to alert personnel to unauthorized modifications of critical system files, configuration files, or content files. Detects Unknown or Unauthorized Components - Procedures are in place to detect the introduction of unknown or unauthorized components. Conducts Vulnerability Scans - The entity conducts vulnerability scans designed to identify potential vulnerabilities or misconfigurations on a periodic basis and after any significant change in the environment and takes action to remediate identified deficiencies on a timely basis.",
+      "Description": "Uses Defined Configuration Standards - Management has defined configuration standards.Monitors Infrastructure and Software - The entity monitors infrastructure and software for noncompliance with the standards, which could threaten the achievement of the entity's objectives.Implements Change-Detection Mechanisms - The IT system includes a change-detection mechanism (for example, file integrity monitoring tools) to alert personnel to unauthorized modifications of critical system files, configuration files, or content files.Detects Unknown or Unauthorized Components - Procedures are in place to detect the introduction of unknown or unauthorized components.Conducts Vulnerability Scans - The entity conducts vulnerability scans designed to identify potential vulnerabilities or misconfigurations on a periodic basis and after any significant change in the environment and takes action to remediate identified deficiencies on a timely basis.",
       "Attributes": [
         {
           "ItemId": "cc_7_1",
@@ -415,7 +415,7 @@
     {
       "Id": "cc_7_2",
       "Name": "CC7.2 The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity's ability to meet its objectives; anomalies are analyzed to determine whether they represent security events",
-      "Description": "Implements Detection Policies, Procedures, and Tools - Detection policies and procedures are defined and implemented, and detection tools are implemented on Infrastructure and software to identify anomalies in the operation or unusual activity on systems. Procedures may include (1) a defined governance process for security event detection and management that includes provision of resources; (2) use of intelligence sources to identify newly discovered threats and vulnerabilities; and (3) logging of unusual system activities. Designs Detection Measures - Detection measures are designed to identify anomalies that could result from actual or attempted (1) compromise of physical barriers; (2) unauthorized actions of authorized personnel; (3) use of compromised identification and authentication credentials; (4) unauthorized access from outside the system boundaries; (5) compromise of authorized external parties; and (6) implementation or connection of unauthorized hardware and software. Implements Filters to Analyze Anomalies - Management has implemented procedures to filter, summarize, and analyze anomalies to identify security events. Monitors Detection Tools for Effective Operation - Management has implemented processes to monitor the effectiveness of detection tools.",
+      "Description": "Implements Detection Policies, Procedures, and Tools - Detection policies and procedures are defined and implemented, and detection tools are implemented on Infrastructure and software to identify anomalies in the operation or unusual activity on systems. Procedures may include (1) a defined governance process for security event detection and management that includes provision of resources; (2) use of intelligence sources to identify newly discovered threats and vulnerabilities; and (3) logging of unusual system activities.Designs Detection Measures - Detection measures are designed to identify anomalies that could result from actual or attempted (1) compromise of physical barriers; (2) unauthorized actions of authorized personnel; (3) use of compromised identification and authentication credentials; (4) unauthorized access from outside the system boundaries; (5) compromise of authorized external parties; and (6) implementation or connection of unauthorized hardware and software.Implements Filters to Analyze Anomalies - Management has implemented procedures to filter, summarize, and analyze anomalies to identify security events.Monitors Detection Tools for Effective Operation - Management has implemented processes to monitor the effectiveness of detection tools.",
       "Attributes": [
         {
           "ItemId": "cc_7_2",
@@ -451,7 +451,7 @@
     {
       "Id": "cc_7_3",
       "Name": "CC7.3 The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures",
-      "Description": "Responds to Security Incidents - Procedures are in place for responding to security incidents and evaluating the effectiveness of those policies and procedures on a periodic basis. Communicates and Reviews Detected Security Events - Detected security events are communicated to and reviewed by the individuals responsible for the management of the security program and actions are taken, if necessary. Develops and Implements Procedures to Analyze Security Incidents - Procedures are in place to analyze security incidents and determine system impact. Assesses the Impact on Personal Information - Detected security events are evaluated to determine whether they could or did result in the unauthorized disclosure or use of personal information and whether there has been a failure to comply with applicable laws or regulations. Determines Personal Information Used or Disclosed - When an unauthorized use or disclosure of personal information has occurred, the affected information is identified.",
+      "Description": "Responds to Security Incidents - Procedures are in place for responding to security incidents and evaluating the effectiveness of those policies and procedures on a periodic basis.Communicates and Reviews Detected Security Events - Detected security events are communicated to and reviewed by the individuals responsible for the management of the security program and actions are taken, if necessary.Develops and Implements Procedures to Analyze Security Incidents - Procedures are in place to analyze security incidents and determine system impact.Assesses the Impact on Personal Information - Detected security events are evaluated to determine whether they could or did result in the unauthorized disclosure or use of personal information and whether there has been a failure to comply with applicable laws or regulations.Determines Personal Information Used or Disclosed - When an unauthorized use or disclosure of personal information has occurred, the affected information is identified.",
       "Attributes": [
         {
           "ItemId": "cc_7_3",
@@ -483,7 +483,7 @@
     {
       "Id": "cc_7_4",
       "Name": "CC7.4 The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate",
-      "Description": "Assigns Roles and Responsibilities - Roles and responsibilities for the design, implementation, maintenance, and execution of the incident response program are assigned, including the use of external resources when necessary. Contains Security Incidents - Procedures are in place to contain security incidents that actively threaten entity objectives. Mitigates Ongoing Security Incidents - Procedures are in place to mitigate the effects of ongoing security incidents. Ends Threats Posed by Security Incidents - Procedures are in place to end the threats posed by security incidents through closure of the vulnerability, removal of unauthorized access, and other remediation actions. Restores Operations - Procedures are in place to restore data and business operations to an interim state that permits the achievement of entity objectives. Develops and Implements Communication Protocols for Security Incidents - Protocols for communicating security incidents and actions taken to affected parties are developed and implemented to meet the entity's objectives. Obtains Understanding of Nature of Incident and Determines Containment Strategy - An understanding of the nature (for example, the method by which the incident occurred and the affected system resources) and severity of the security incident is obtained to determine the appropriate containment strategy, including (1) a determination of the appropriate response time frame, and (2) the determination and execution of the containment approach. Remediates Identified Vulnerabilities - Identified vulnerabilities are remediated through the development and execution of remediation activities. Communicates Remediation Activities - Remediation activities are documented and communicated in accordance with the incident response program. Evaluates the Effectiveness of Incident Response - The design of incident response activities is evaluated for effectiveness on a periodic basis. Periodically Evaluates Incidents - Periodically, management reviews incidents related to security, availability, processing integrity, confidentiality, and privacy and identifies the need for system changes based on incident patterns and root causes. Communicates Unauthorized Use and Disclosure - Events that resulted in unauthorized use or disclosure of personal information are communicated to the data subjects, legal and regulatory authorities, and others as required. Application of Sanctions - The conduct of individuals and organizations operating under the authority of the entity and involved in the unauthorized use or disclosure of personal information is evaluated and, if appropriate, sanctioned in accordance with entity policies and legal and regulatory requirements.",
+      "Description": "Assigns Roles and Responsibilities - Roles and responsibilities for the design, implementation, maintenance, and execution of the incident response program are assigned, including the use of external resources when necessary.Contains Security Incidents - Procedures are in place to contain security incidents that actively threaten entity objectives.Mitigates Ongoing Security Incidents - Procedures are in place to mitigate the effects of ongoing security incidents.Ends Threats Posed by Security Incidents - Procedures are in place to end the threats posed by security incidents through closure of the vulnerability, removal of unauthorized access, and other remediation actions.Restores Operations - Procedures are in place to restore data and business operations to an interim state that permits the achievement of entity objectives. Develops and Implements Communication Protocols for Security Incidents - Protocols for communicating security incidents and actions taken to affected parties are developed and implemented to meet the entity's objectives.Obtains Understanding of Nature of Incident and Determines Containment Strategy - An understanding of the nature (for example, the method by which the incident occurred and the affected system resources) and severity of the security incident is obtained to determine the appropriate containment strategy, including (1) a determination of the appropriate response time frame, and (2) the determination and execution of the containment approach.Remediates Identified Vulnerabilities - Identified vulnerabilities are remediated through the development and execution of remediation activities.Communicates Remediation Activities - Remediation activities are documented and communicated in accordance with the incident response program.Evaluates the Effectiveness of Incident Response - The design of incident response activities is evaluated for effectiveness on a periodic basis.Periodically Evaluates Incidents - Periodically, management reviews incidents related to security, availability, processing integrity, confidentiality, and privacy and identifies the need for system changes based on incident patterns and root causes. Communicates Unauthorized Use and Disclosure - Events that resulted in unauthorized use or disclosure of personal information are communicated to the data subjects, legal and regulatory authorities, and others as required.Application of Sanctions - The conduct of individuals and organizations operating under the authority of the entity and involved in the unauthorized use or disclosure of personal information is evaluated and, if appropriate, sanctioned in accordance with entity policies and legal and regulatory requirements.",
       "Attributes": [
         {
           "ItemId": "cc_7_4",
@@ -514,7 +514,7 @@
     {
       "Id": "cc_7_5",
       "Name": "CC7.5 The entity identifies, develops, and implements activities to recover from identified security incidents",
-      "Description": "Restores the Affected Environment - The activities restore the affected environment to functional operation by rebuilding systems, updating software, installing patches, and changing configurations, as needed. Communicates Information About the Event - Communications about the nature of the incident, recovery actions taken, and activities required for the prevention of future security events are made to management and others as appropriate (internal and external). Determines Root Cause of the Event - The root cause of the event is determined. Implements Changes to Prevent and Detect Recurrences - Additional architecture or changes to preventive and detective controls, or both, are implemented to prevent and detect recurrences on a timely basis. Improves Response and Recovery Procedures - Lessons learned are analyzed, and the incident response plan and recovery procedures are improved. Implements Incident Recovery Plan Testing - Incident recovery plan testing is performed on a periodic basis. The testing includes (1) development of testing scenarios based on threat likelihood and magnitude; (2) consideration of relevant system components from across the entity that can impair availability; (3) scenarios that consider the potential for the lack of availability of key personnel; and (4) revision of continuity plans and systems based on test results.",
+      "Description": "Restores the Affected Environment - The activities restore the affected environment to functional operation by rebuilding systems, updating software, installing patches, and changing configurations, as needed.Communicates Information About the Event - Communications about the nature of the incident, recovery actions taken, and activities required for the prevention of future security events are made to management and others as appropriate (internal and external).Determines Root Cause of the Event - The root cause of the event is determined.Implements Changes to Prevent and Detect Recurrences - Additional architecture or changes to preventive and detective controls, or both, are implemented to prevent and detect recurrences on a timely basis.Improves Response and Recovery Procedures - Lessons learned are analyzed, and the incident response plan and recovery procedures are improved.Implements Incident Recovery Plan Testing - Incident recovery plan testing is performed on a periodic basis. The testing includes (1) development of testing scenarios based on threat likelihood and magnitude; (2) consideration of relevant system components from across the entity that can impair availability; (3) scenarios that consider the potential for the lack of availability of key personnel; and (4) revision of continuity plans and systems based on test results.",
       "Attributes": [
         {
           "ItemId": "cc_7_5",
@@ -528,7 +528,7 @@
     {
       "Id": "cc_8_1",
       "Name": "CC8.1 The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives",
-      "Description": "Manages Changes Throughout the System Lifecycle - A process for managing system changes throughout the lifecycle of the system and its components (infrastructure, data, software and procedures) is used to support system availability and processing integrity. Authorizes Changes - A process is in place to authorize system changes prior to development. Designs and Develops Changes - A process is in place to design and develop system changes. Documents Changes - A process is in place to document system changes to support ongoing maintenance of the system and to support system users in performing their responsibilities. Tracks System Changes - A process is in place to track system changes prior to implementation. Configures Software - A process is in place to select and implement the configuration parameters used to control the functionality of software. Tests System Changes - A process is in place to test system changes prior to implementation. Approves System Changes - A process is in place to approve system changes prior to implementation. Deploys System Changes - A process is in place to implement system changes. Identifies and Evaluates System Changes - Objectives affected by system changes are identified, and the ability of the modified system to meet the objectives is evaluated throughout the system development life cycle. Identifies Changes in Infrastructure, Data, Software, and Procedures Required to Remediate Incidents - Changes in infrastructure, data, software, and procedures required to remediate incidents to continue to meet objectives are identified, and the change process is initiated upon identification. Creates Baseline Configuration of IT Technology - A baseline configuration of IT and control systems is created and maintained. Provides for Changes Necessary in Emergency Situations - A process is in place for authorizing, designing, testing, approving and implementing changes necessary in emergency situations (that is, changes that need to be implemented in an urgent timeframe). Protects Confidential Information - The entity protects confidential information during system design, development, testing, implementation, and change processes to meet the entity’s objectives related to confidentiality. Protects Personal Information - The entity protects personal information during system design, development, testing, implementation, and change processes to meet the entity’s objectives related to privacy.",
+      "Description": "Manages Changes Throughout the System Lifecycle - A process for managing system changes throughout the lifecycle of the system and its components (infrastructure, data, software and procedures) is used to support system availability and processing integrity.Authorizes Changes - A process is in place to authorize system changes prior to development.Designs and Develops Changes - A process is in place to design and develop system changes.Documents Changes - A process is in place to document system changes to support ongoing maintenance of the system and to support system users in performing their responsibilities.Tracks System Changes - A process is in place to track system changes prior to implementation.Configures Software - A process is in place to select and implement the configuration parameters used to control the functionality of software.Tests System Changes - A process is in place to test system changes prior to implementation.Approves System Changes - A process is in place to approve system changes prior to implementation.Deploys System Changes - A process is in place to implement system changes.Identifies and Evaluates System Changes - Objectives affected by system changes are identified, and the ability of the modified system to meet the objectives is evaluated throughout the system development life cycle.Identifies Changes in Infrastructure, Data, Software, and Procedures Required to Remediate Incidents - Changes in infrastructure, data, software, and procedures required to remediate incidents to continue to meet objectives are identified, and the change process is initiated upon identification.Creates Baseline Configuration of IT Technology - A baseline configuration of IT and control systems is created and maintained.Provides for Changes Necessary in Emergency Situations - A process is in place for authorizing, designing, testing, approving and implementing changes necessary in emergency situations (that is, changes that need to be implemented in an urgent timeframe).Protects Confidential Information - The entity protects confidential information during system design, development, testing, implementation, and change processes to meet the entity’s objectives related to confidentiality.Protects Personal Information - The entity protects personal information during system design, development, testing, implementation, and change processes to meet the entity’s objectives related to privacy.",
       "Attributes": [
         {
           "ItemId": "cc_8_1",
@@ -544,7 +544,7 @@
     {
       "Id": "cc_9_1",
       "Name": "CC9.1 The entity identifies, selects, and develops risk mitigation activities for risks arising from potential business disruptions",
-      "Description": "Considers Mitigation of Risks of Business Disruption - Risk mitigation activities include the development of planned policies, procedures, communications, and alternative processing solutions to respond to, mitigate, and recover from security events that disrupt business operations. Those policies and procedures include monitoring processes and information and communications to meet the entity's objectives during response, mitigation, and recovery efforts. Considers the Use of Insurance to Mitigate Financial Impact Risks - The risk management activities consider the use of insurance to offset the financial impact of loss events that would otherwise impair the ability of the entity to meet its objectives.",
+      "Description": "Considers Mitigation of Risks of Business Disruption - Risk mitigation activities include the development of planned policies, procedures, communications, and alternative processing solutions to respond to, mitigate, and recover from security events that disrupt business operations. Those policies and procedures include monitoring processes and information and communications to meet the entity's objectives during response, mitigation, and recovery efforts.Considers the Use of Insurance to Mitigate Financial Impact Risks - The risk management activities consider the use of insurance to offset the financial impact of loss events that would otherwise impair the ability of the entity to meet its objectives.",
       "Attributes": [
         {
           "ItemId": "cc_9_1",
@@ -558,7 +558,7 @@
     {
       "Id": "cc_9_2",
       "Name": "CC9.2 The entity assesses and manages risks associated with vendors and business partners",
-      "Description": "Establishes Requirements for Vendor and Business Partner Engagements - The entity establishes specific requirements for a vendor and business partner engagement that includes (1) scope of services and product specifications, (2) roles and responsibilities, (3) compliance requirements, and (4) service levels. Assesses Vendor and Business Partner Risks - The entity assesses, on a periodic basis, the risks that vendors and business partners (and those entities’ vendors and business partners) represent to the achievement of the entity's objectives. Assigns Responsibility and Accountability for Managing Vendors and Business Partners - The entity assigns responsibility and accountability for the management of risks associated with vendors and business partners. Establishes Communication Protocols for Vendors and Business Partners - The entity establishes communication and resolution protocols for service or product issues related to vendors and business partners. Establishes Exception Handling Procedures From Vendors and Business Partners - The entity establishes exception handling procedures for service or product issues related to vendors and business partners. Assesses Vendor and Business Partner Performance - The entity periodically assesses the performance of vendors and business partners. Implements Procedures for Addressing Issues Identified During Vendor and Business Partner Assessments - The entity implements procedures for addressing issues identified with vendor and business partner relationships. Implements Procedures for Terminating Vendor and Business Partner Relationships - The entity implements procedures for terminating vendor and business partner relationships. Obtains Confidentiality Commitments from Vendors and Business Partners - The entity obtains confidentiality commitments that are consistent with the entity’s confidentiality commitments and requirements from vendors and business partners who have access to confidential information. Assesses Compliance With Confidentiality Commitments of Vendors and Business Partners - On a periodic and as-needed basis, the entity assesses compliance by vendors and business partners with the entity’s confidentiality commitments and requirements. Obtains Privacy Commitments from Vendors and Business Partners - The entity obtains privacy commitments, consistent with the entity’s privacy commitments and requirements, from vendors and business partners who have access to personal information. Assesses Compliance with Privacy Commitments of Vendors and Business Partners - On a periodic and as-needed basis, the entity assesses compliance by vendors and business partners with the entity’s privacy commitments and requirements and takes corrective action as necessary.",
+      "Description": "Establishes Requirements for Vendor and Business Partner Engagements - The entity establishes specific requirements for a vendor and business partner engagement that includes (1) scope of services and product specifications, (2) roles and responsibilities, (3) compliance requirements, and (4) service levels.Assesses Vendor and Business Partner Risks - The entity assesses, on a periodic basis, the risks that vendors and business partners (and those entities’ vendors and business partners) represent to the achievement of the entity's objectives.Assigns Responsibility and Accountability for Managing Vendors and Business Partners - The entity assigns responsibility and accountability for the management of risks associated with vendors and business partners.Establishes Communication Protocols for Vendors and Business Partners - The entity establishes communication and resolution protocols for service or product issues related to vendors and business partners.Establishes Exception Handling Procedures From Vendors and Business Partners - The entity establishes exception handling procedures for service or product issues related to vendors and business partners.Assesses Vendor and Business Partner Performance - The entity periodically assesses the performance of vendors and business partners.Implements Procedures for Addressing Issues Identified During Vendor and Business Partner Assessments - The entity implements procedures for addressing issues identified with vendor and business partner relationships.Implements Procedures for Terminating Vendor and Business Partner Relationships - The entity implements procedures for terminating vendor and business partner relationships.Obtains Confidentiality Commitments from Vendors and Business Partners - The entity obtains confidentiality commitments that are consistent with the entity’s confidentiality commitments and requirements from vendors and business partners who have access to confidential information.Assesses Compliance With Confidentiality Commitments of Vendors and Business Partners - On a periodic and as-needed basis, the entity assesses compliance by vendors and business partners with the entity’s confidentiality commitments and requirements.Obtains Privacy Commitments from Vendors and Business Partners - The entity obtains privacy commitments, consistent with the entity’s privacy commitments and requirements, from vendors and business partners who have access to personal information.Assesses Compliance with Privacy Commitments of Vendors and Business Partners - On a periodic and as-needed basis, the entity assesses compliance by vendors and business partners with the entity’s privacy commitments and requirements and takes corrective action as necessary.",
       "Attributes": [
         {
           "ItemId": "cc_9_2",
@@ -572,7 +572,7 @@
     {
       "Id": "cc_a_1_1",
       "Name": "A1.1 The entity maintains, monitors, and evaluates current processing capacity and use of system components (infrastructure, data, and software) to manage capacity demand and to enable the implementation of additional capacity to help meet its objectives",
-      "Description": "Measures Current Usage - The use of the system components is measured to establish a baseline for capacity management and to use when evaluating the risk of impaired availability due to capacity constraints. Forecasts Capacity - The expected average and peak use of system components is forecasted and compared to system capacity and associated tolerances. Forecasting considers capacity in the event of the failure of system components that constrain capacity. Makes Changes Based on Forecasts - The system change management process is initiated when forecasted usage exceeds capacity tolerances.",
+      "Description": "Measures Current Usage - The use of the system components is measured to establish a baseline for capacity management and to use when evaluating the risk of impaired availability due to capacity constraints.Forecasts Capacity - The expected average and peak use of system components is forecasted and compared to system capacity and associated tolerances. Forecasting considers capacity in the event of the failure of system components that constrain capacity.Makes Changes Based on Forecasts - The system change management process is initiated when forecasted usage exceeds capacity tolerances.",
       "Attributes": [
         {
           "ItemId": "cc_a_1_1",
@@ -586,7 +586,7 @@
     {
       "Id": "cc_a_1_2",
       "Name": "A1.2 The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives",
-      "Description": "Measures Current Usage - The use of the system components is measured to establish a baseline for capacity management and to use when evaluating the risk of impaired availability due to capacity constraints. Forecasts Capacity - The expected average and peak use of system components is forecasted and compared to system capacity and associated tolerances. Forecasting considers capacity in the event of the failure of system components that constrain capacity. Makes Changes Based on Forecasts - The system change management process is initiated when forecasted usage exceeds capacity tolerances.",
+      "Description": "Measures Current Usage - The use of the system components is measured to establish a baseline for capacity management and to use when evaluating the risk of impaired availability due to capacity constraints.Forecasts Capacity - The expected average and peak use of system components is forecasted and compared to system capacity and associated tolerances. Forecasting considers capacity in the event of the failure of system components that constrain capacity.Makes Changes Based on Forecasts - The system change management process is initiated when forecasted usage exceeds capacity tolerances.",
       "Attributes": [
         {
           "ItemId": "cc_a_1_2",
@@ -617,7 +617,7 @@
     {
       "Id": "cc_a_1_3",
       "Name": "A1.3 The entity tests recovery plan procedures supporting system recovery to meet its objectives",
-      "Description": "Implements Business Continuity Plan Testing - Business continuity plan testing is performed on a periodic basis. The testing includes (1) development of testing scenarios based on threat likelihood and magnitude; (2) consideration of system components from across the entity that can impair the availability; (3) scenarios that consider the potential for the lack of availability of key personnel; and (4) revision of continuity plans and systems based on test results. Tests Integrity and Completeness of Back-Up Data - The integrity and completeness of back-up information is tested on a periodic basis.",
+      "Description": "Implements Business Continuity Plan Testing - Business continuity plan testing is performed on a periodic basis. The testing includes (1) development of testing scenarios based on threat likelihood and magnitude; (2) consideration of system components from across the entity that can impair the availability; (3) scenarios that consider the potential for the lack of availability of key personnel; and (4) revision of continuity plans and systems based on test results.Tests Integrity and Completeness of Back-Up Data - The integrity and completeness of back-up information is tested on a periodic basis.",
       "Attributes": [
         {
           "ItemId": "cc_a_1_3",
@@ -631,7 +631,7 @@
     {
       "Id": "cc_c_1_1",
       "Name": "C1.1 The entity identifies and maintains confidential information to meet the entity’s objectives related to confidentiality",
-      "Description": "Identifies Confidential information - Procedures are in place to identify and designate confidential information when it is received or created and to determine the period over which the confidential information is to be retained. Protects Confidential Information from Destruction - Procedures are in place to protect confidential information from erasure or destruction during the specified retention period of the information",
+      "Description": "Identifies Confidential information - Procedures are in place to identify and designate confidential information when it is received or created and to determine the period over which the confidential information is to be retained.Protects Confidential Information from Destruction - Procedures are in place to protect confidential information from erasure or destruction during the specified retention period of the information",
       "Attributes": [
         {
           "ItemId": "cc_c_1_1",
@@ -647,7 +647,7 @@
     {
       "Id": "cc_c_1_2",
       "Name": "C1.2 The entity disposes of confidential information to meet the entity’s objectives related to confidentiality",
-      "Description": "Identifies Confidential Information for Destruction - Procedures are in place to identify confidential information requiring destruction when the end of the retention period is reached. Destroys Confidential Information - Procedures are in place to erase or otherwise destroy confidential information that has been identified for destruction.",
+      "Description": "Identifies Confidential Information for Destruction - Procedures are in place to identify confidential information requiring destruction when the end of the retention period is reached.Destroys Confidential Information - Procedures are in place to erase or otherwise destroy confidential information that has been identified for destruction.",
       "Attributes": [
         {
           "ItemId": "cc_c_1_2",
@@ -663,7 +663,7 @@
     {
       "Id": "p_1_1",
       "Name": "P1.1 The entity provides notice to data subjects about its privacy practices to meet the entity’s objectives related to privacy",
-      "Description": "The entity provides notice to data subjects about its privacy practices to meet the entity’s objectives related to privacy. The notice is updated and communicated to data subjects in a timely manner for changes to the entity’s privacy practices, including changes in the use of personal information, to meet the entity’s objectives related to privacy. Communicates to Data Subjects - Notice is provided to data subjects regarding the following: Purpose for collecting personal informationChoice and consentTypes of personal information collectedMethods of collection (for example, use of cookies or other tracking techniques)Use, retention, and disposalAccessDisclosure to third partiesSecurity for privacyQuality, including data subjects’ responsibilities for qualityMonitoring and enforcementIf personal information is collected from sources other than the individual, such sources are described in the privacy notice. Provides Notice to Data Subjects - Notice is provided to data subjects (1) at or before the time personal information is collected or as soon as practical thereafter, (2) at or before the entity changes its privacy notice or as soon as practical thereafter, or (3) before personal information is used for new purposes not previously identified. Covers Entities and Activities in Notice - An objective description of the entities and activities covered is included in the entity’s privacy notice. Uses Clear and Conspicuous Language - The entity’s privacy notice is conspicuous and uses clear language.",
+      "Description": "The entity provides notice to data subjects about its privacy practices to meet the entity’s objectives related to privacy. The notice is updated and communicated to data subjects in a timely manner for changes to the entity’s privacy practices, including changes in the use of personal information, to meet the entity’s objectives related to privacy.Communicates to Data Subjects - Notice is provided to data subjects regarding the following:Purpose for collecting personal informationChoice and consentTypes of personal information collectedMethods of collection (for example, use of cookies or other tracking techniques)Use, retention, and disposalAccessDisclosure to third partiesSecurity for privacyQuality, including data subjects’ responsibilities for qualityMonitoring and enforcementIf personal information is collected from sources other than the individual, such sources are described in the privacy notice.Provides Notice to Data Subjects - Notice is provided to data subjects (1) at or before the time personal information is collected or as soon as practical thereafter, (2) at or before the entity changes its privacy notice or as soon as practical thereafter, or (3) before personal information is used for new purposes not previously identified.Covers Entities and Activities in Notice - An objective description of the entities and activities covered is included in the entity’s privacy notice.Uses Clear and Conspicuous Language - The entity’s privacy notice is conspicuous and uses clear language.",
       "Attributes": [
         {
           "ItemId": "p_1_1",
@@ -677,7 +677,7 @@
     {
       "Id": "p_2_1",
       "Name": "P2.1 The entity communicates choices available regarding the collection, use, retention, disclosure, and disposal of personal information to the data subjects and the consequences, if any, of each choice",
-      "Description": "The entity communicates choices available regarding the collection, use, retention, disclosure, and disposal of personal information to the data subjects and the consequences, if any, of each choice. Explicit consent for the collection, use, retention, disclosure, and disposal of personal information is obtained from data subjects or other authorized persons, if required. Such consent is obtained only for the intended purpose of the information to meet the entity’s objectives related to privacy. The entity’s basis for determining implicit consent for the collection, use, retention, disclosure, and disposal of personal information is documented. Communicates to Data Subjects - Data subjects are informed (a) about the choices available to them with respect to the collection, use, and disclosure of personal information and (b) that implicit or explicit consent is required to collect, use, and disclose personal information, unless a law or regulation specifically requires or allows otherwise. Communicates Consequences of Denying or Withdrawing Consent - When personal information is collected, data subjects are informed of the consequences of refusing to provide personal information or denying or withdrawing consent to use personal information for purposes identified in the notice. Obtains Implicit or Explicit Consent - Implicit or explicit consent is obtained from data subjects at or before the time personal information is collected or soon thereafter. The individual’s preferences expressed in his or her consent are confirmed and implemented. Documents and Obtains Consent for New Purposes and Uses - If information that was previously collected is to be used for purposes not previously identified in the privacy notice, the new purpose is documented, the data subject is notified, and implicit or explicit consent is obtained prior to such new use or purpose. Obtains Explicit Consent for Sensitive Information - Explicit consent is obtained directly from the data subject when sensitive personal information is collected, used, or disclosed, unless a law or regulation specifically requires otherwise.",
+      "Description": "The entity communicates choices available regarding the collection, use, retention, disclosure, and disposal of personal information to the data subjects and the consequences, if any, of each choice. Explicit consent for the collection, use, retention, disclosure, and disposal of personal information is obtained from data subjects or other authorized persons, if required. Such consent is obtained only for the intended purpose of the information to meet the entity’s objectives related to privacy. The entity’s basis for determining implicit consent for the collection, use, retention, disclosure, and disposal of personal information is documented.Communicates to Data Subjects - Data subjects are informed (a) about the choices available to them with respect to the collection, use, and disclosure of personal information and (b) that implicit or explicit consent is required to collect, use, and disclose personal information, unless a law or regulation specifically requires or allows otherwise.Communicates Consequences of Denying or Withdrawing Consent - When personal information is collected, data subjects are informed of the consequences of refusing to provide personal information or denying or withdrawing consent to use personal information for purposes identified in the notice.Obtains Implicit or Explicit Consent - Implicit or explicit consent is obtained from data subjects at or before the time personal information is collected or soon thereafter. The individual’s preferences expressed in his or her consent are confirmed and implemented.Documents and Obtains Consent for New Purposes and Uses - If information that was previously collected is to be used for purposes not previously identified in the privacy notice, the new purpose is documented, the data subject is notified, and implicit or explicit consent is obtained prior to such new use or purpose.Obtains Explicit Consent for Sensitive Information - Explicit consent is obtained directly from the data subject when sensitive personal information is collected, used, or disclosed, unless a law or regulation specifically requires otherwise.",
       "Attributes": [
         {
           "ItemId": "p_2_1",
@@ -691,7 +691,7 @@
     {
       "Id": "p_3_1",
       "Name": "P3.1 Personal information is collected consistent with the entity’s objectives related to privacy",
-      "Description": "Limits the Collection of Personal Information - The collection of personal information is limited to that necessary to meet the entity’s objectives. Collects Information by Fair and Lawful Means - Methods of collecting personal information are reviewed by management before they are implemented to confirm that personal information is obtained (a) fairly, without intimidation or deception, and (b) lawfully, adhering to all relevant rules of law, whether derived from statute or common law, relating to the collection of personal information. Collects Information From Reliable Sources - Management confirms that third parties from whom personal information is collected (that is, sources other than the individual) are reliable sources that collect information fairly and lawfully. Informs Data Subjects When Additional Information Is Acquired - Data subjects are informed if the entity develops or acquires additional information about them for its use.",
+      "Description": "Limits the Collection of Personal Information - The collection of personal information is limited to that necessary to meet the entity’s objectives.Collects Information by Fair and Lawful Means - Methods of collecting personal information are reviewed by management before they are implemented to confirm that personal information is obtained (a) fairly, without intimidation or deception, and (b) lawfully, adhering to all relevant rules of law, whether derived from statute or common law, relating to the collection of personal information.Collects Information From Reliable Sources - Management confirms that third parties from whom personal information is collected (that is, sources other than the individual) are reliable sources that collect information fairly and lawfully.Informs Data Subjects When Additional Information Is Acquired - Data subjects are informed if the entity develops or acquires additional information about them for its use.",
       "Attributes": [
         {
           "ItemId": "p_3_1",
@@ -705,7 +705,7 @@
     {
       "Id": "p_3_2",
       "Name": "P3.2 For information requiring explicit consent, the entity communicates the need for such consent, as well as the consequences of a failure to provide consent for the request for personal information, and obtains the consent prior to the collection of the information to meet the entity’s objectives related to privacy",
-      "Description": "Obtains Explicit Consent for Sensitive Information - Explicit consent is obtained directly from the data subject when sensitive personal information is collected, used, or disclosed, unless a law or regulation specifically requires otherwise. Documents Explicit Consent to Retain Information - Documentation of explicit consent for the collection, use, or disclosure of sensitive personal information is retained in accordance with objectives related to privacy.",
+      "Description": "Obtains Explicit Consent for Sensitive Information - Explicit consent is obtained directly from the data subject when sensitive personal information is collected, used, or disclosed, unless a law or regulation specifically requires otherwise.Documents Explicit Consent to Retain Information - Documentation of explicit consent for the collection, use, or disclosure of sensitive personal information is retained in accordance with objectives related to privacy.",
       "Attributes": [
         {
           "ItemId": "p_3_2",
@@ -733,7 +733,7 @@
     {
       "Id": "p_4_2",
       "Name": "P4.2 The entity retains personal information consistent with the entity’s objectives related to privacy",
-      "Description": "Retains Personal Information - Personal information is retained for no longer than necessary to fulfill the stated purposes, unless a law or regulation specifically requires otherwise. Protects Personal Information - Policies and procedures have been implemented to protect personal information from erasure or destruction during the specified retention period of the information.",
+      "Description": "Retains Personal Information - Personal information is retained for no longer than necessary to fulfill the stated purposes, unless a law or regulation specifically requires otherwise.Protects Personal Information - Policies and procedures have been implemented to protect personal information from erasure or destruction during the specified retention period of the information.",
       "Attributes": [
         {
           "ItemId": "p_4_2",
@@ -747,7 +747,7 @@
     {
       "Id": "p_4_3",
       "Name": "P4.3 The entity securely disposes of personal information to meet the entity’s objectives related to privacy",
-      "Description": "Captures, Identifies, and Flags Requests for Deletion - Requests for deletion of personal information are captured, and information related to the requests is identified and flagged for destruction to meet the entity’s objectives related to privacy. Disposes of, Destroys, and Redacts Personal Information - Personal information no longer retained is anonymized, disposed of, or destroyed in a manner that prevents loss, theft, misuse, or unauthorized access. Destroys Personal Information - Policies and procedures are implemented to erase or otherwise destroy personal information that has been identified for destruction.",
+      "Description": "Captures, Identifies, and Flags Requests for Deletion - Requests for deletion of personal information are captured, and information related to the requests is identified and flagged for destruction to meet the entity’s objectives related to privacy.Disposes of, Destroys, and Redacts Personal Information - Personal information no longer retained is anonymized, disposed of, or destroyed in a manner that prevents loss, theft, misuse, or unauthorized access.Destroys Personal Information - Policies and procedures are implemented to erase or otherwise destroy personal information that has been identified for destruction.",
       "Attributes": [
         {
           "ItemId": "p_4_3",
@@ -761,7 +761,7 @@
     {
       "Id": "p_5_1",
       "Name": "P5.1 The entity grants identified and authenticated data subjects the ability to access their stored personal information for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity’s objectives related to privacy",
-      "Description": "The entity grants identified and authenticated data subjects the ability to access their stored personal information for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity’s objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity’s objectives related to privacy. Authenticates Data Subjects’ Identity - The identity of data subjects who request access to their personal information is authenticated before they are given access to that information. Permits Data Subjects Access to Their Personal Information - Data subjects are able to determine whether the entity maintains personal information about them and, upon request, may obtain access to their personal information. Provides Understandable Personal Information Within Reasonable Time - Personal information is provided to data subjects in an understandable form, in a reasonable time frame, and at a reasonable cost, if any. Informs Data Subjects If Access Is Denied - When data subjects are denied access to their personal information, the entity informs them of the denial and the reason for the denial in a timely manner, unless prohibited by law or regulation.",
+      "Description": "The entity grants identified and authenticated data subjects the ability to access their stored personal information for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity’s objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity’s objectives related to privacy.Authenticates Data Subjects’ Identity - The identity of data subjects who request access to their personal information is authenticated before they are given access to that information.Permits Data Subjects Access to Their Personal Information - Data subjects are able to determine whether the entity maintains personal information about them and, upon request, may obtain access to their personal information.Provides Understandable Personal Information Within Reasonable Time - Personal information is provided to data subjects in an understandable form, in a reasonable time frame, and at a reasonable cost, if any.Informs Data Subjects If Access Is Denied - When data subjects are denied access to their personal information, the entity informs them of the denial and the reason for the denial in a timely manner, unless prohibited by law or regulation.",
       "Attributes": [
         {
           "ItemId": "p_5_1",
@@ -775,7 +775,7 @@
     {
       "Id": "p_5_2",
       "Name": "P5.2 The entity corrects, amends, or appends personal information based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity’s objectives related to privacy",
-      "Description": "The entity corrects, amends, or appends personal information based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity’s objectives related to privacy. If a request for correction is denied, data subjects are informed of the denial and reason for such denial to meet the entity’s objectives related to privacy. Communicates Denial of Access Requests - Data subjects are informed, in writing, of the reason a request for access to their personal information was denied, the source of the entity’s legal right to deny such access, if applicable, and the individual’s right, if any, to challenge such denial, as specifically permitted or required by law or regulation. Permits Data Subjects to Update or Correct Personal Information - Data subjects are able to update or correct personal information held by the entity. The entity provides such updated or corrected information to third parties that were previously provided with the data subject’s personal information consistent with the entity’s objective related to privacy. Communicates Denial of Correction Requests - Data subjects are informed, in writing, about the reason a request for correction of personal information was denied and how they may appeal.",
+      "Description": "The entity corrects, amends, or appends personal information based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity’s objectives related to privacy. If a request for correction is denied, data subjects are informed of the denial and reason for such denial to meet the entity’s objectives related to privacy.Communicates Denial of Access Requests - Data subjects are informed, in writing, of the reason a request for access to their personal information was denied, the source of the entity’s legal right to deny such access, if applicable, and the individual’s right, if any, to challenge such denial, as specifically permitted or required by law or regulation.Permits Data Subjects to Update or Correct Personal Information - Data subjects are able to update or correct personal information held by the entity. The entity provides such updated or corrected information to third parties that were previously provided with the data subject’s personal information consistent with the entity’s objective related to privacy.Communicates Denial of Correction Requests - Data subjects are informed, in writing, about the reason a request for correction of personal information was denied and how they may appeal.",
       "Attributes": [
         {
           "ItemId": "p_5_2",
@@ -789,7 +789,7 @@
     {
       "Id": "p_6_1",
       "Name": "P6.1 The entity discloses personal information to third parties with the explicit consent of data subjects, and such consent is obtained prior to disclosure to meet the entity’s objectives related to privacy",
-      "Description": "Communicates Privacy Policies to Third Parties - Privacy policies or other specific instructions or requirements for handling personal information are communicated to third parties to whom personal information is disclosed. Discloses Personal Information Only When Appropriate - Personal information is disclosed to third parties only for the purposes for which it was collected or created and only when implicit or explicit consent has been obtained from the data subject, unless a law or regulation specifically requires otherwise. Discloses Personal Information Only to Appropriate Third Parties - Personal information is disclosed only to third parties who have agreements with the entity to protect personal information in a manner consistent with the relevant aspects of the entity’s privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions, or requirements.",
+      "Description": "Communicates Privacy Policies to Third Parties - Privacy policies or other specific instructions or requirements for handling personal information are communicated to third parties to whom personal information is disclosed.Discloses Personal Information Only When Appropriate - Personal information is disclosed to third parties only for the purposes for which it was collected or created and only when implicit or explicit consent has been obtained from the data subject, unless a law or regulation specifically requires otherwise.Discloses Personal Information Only to Appropriate Third Parties - Personal information is disclosed only to third parties who have agreements with the entity to protect personal information in a manner consistent with the relevant aspects of the entity’s privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions, or requirements.",
       "Attributes": [
         {
           "ItemId": "p_6_1",
@@ -831,7 +831,7 @@
     {
       "Id": "p_6_4",
       "Name": "P6.4 The entity obtains privacy commitments from vendors and other third parties who have access to personal information to meet the entity’s objectives related to privacy",
-      "Description": "The entity obtains privacy commitments from vendors and other third parties who have access to personal information to meet the entity’s objectives related to privacy. The entity assesses those parties’ compliance on a periodic and as-needed basis and takes corrective action, if necessary. Discloses Personal Information Only to Appropriate Third Parties - Personal information is disclosed only to third parties who have agreements with the entity to protect personal information in a manner consistent with the relevant aspects of the entity’s privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions, or requirements. Remediates Misuse of Personal Information by a Third Party - The entity takes remedial action in response to misuse of personal information by a third party to whom the entity has transferred such information.",
+      "Description": "The entity obtains privacy commitments from vendors and other third parties who have access to personal information to meet the entity’s objectives related to privacy. The entity assesses those parties’ compliance on a periodic and as-needed basis and takes corrective action, if necessary.Discloses Personal Information Only to Appropriate Third Parties - Personal information is disclosed only to third parties who have agreements with the entity to protect personal information in a manner consistent with the relevant aspects of the entity’s privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions, or requirements.Remediates Misuse of Personal Information by a Third Party - The entity takes remedial action in response to misuse of personal information by a third party to whom the entity has transferred such information.",
       "Attributes": [
         {
           "ItemId": "p_6_4",
@@ -845,7 +845,7 @@
     {
       "Id": "p_6_5",
       "Name": "P6.5 The entity obtains commitments from vendors and other third parties with access to personal information to notify the entity in the event of actual or suspected unauthorized disclosures of personal information",
-      "Description": "The entity obtains commitments from vendors and other third parties with access to personal information to notify the entity in the event of actual or suspected unauthorized disclosures of personal information. Such notifications are reported to appropriate personnel and acted on in accordance with established incident response procedures to meet the entity’s objectives related to privacy. Remediates Misuse of Personal Information by a Third Party - The entity takes remedial action in response to misuse of personal information by a third party to whom the entity has transferred such information. Reports Actual or Suspected Unauthorized Disclosures - A process exists for obtaining commitments from vendors and other third parties to report to the entity actual or suspected unauthorized disclosures of personal information.",
+      "Description": "The entity obtains commitments from vendors and other third parties with access to personal information to notify the entity in the event of actual or suspected unauthorized disclosures of personal information. Such notifications are reported to appropriate personnel and acted on in accordance with established incident response procedures to meet the entity’s objectives related to privacy.Remediates Misuse of Personal Information by a Third Party - The entity takes remedial action in response to misuse of personal information by a third party to whom the entity has transferred such information.Reports Actual or Suspected Unauthorized Disclosures - A process exists for obtaining commitments from vendors and other third parties to report to the entity actual or suspected unauthorized disclosures of personal information.",
       "Attributes": [
         {
           "ItemId": "p_6_5",
@@ -901,7 +901,7 @@
     {
       "Id": "p_8_1",
       "Name": "P8.1 The entity implements a process for receiving, addressing, resolving, and communicating the resolution of inquiries, complaints, and disputes from data subjects and others and periodically monitors compliance to meet the entity’s objectives related to privacy",
-      "Description": "The entity implements a process for receiving, addressing, resolving, and communicating the resolution of inquiries, complaints, and disputes from data subjects and others and periodically monitors compliance to meet the entity’s objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. Communicates to Data Subjects—Data subjects are informed about how to contact the entity with inquiries, complaints, and disputes. Addresses Inquiries, Complaints, and Disputes - A process is in place to address inquiries, complaints, and disputes. Documents and Communicates Dispute Resolution and Recourse - Each complaint is addressed, and the resolution is documented and communicated to the individual. Documents and Reports Compliance Review Results - Compliance with objectives related to privacy are reviewed and documented, and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented. Documents and Reports Instances of Noncompliance - Instances of noncompliance with objectives related to privacy are documented and reported and, if needed, corrective and disciplinary measures are taken on a timely basis. Performs Ongoing Monitoring - Ongoing procedures are performed for monitoring the effectiveness of controls over personal information and for taking timely corrective actions when necessary.",
+      "Description": "The entity implements a process for receiving, addressing, resolving, and communicating the resolution of inquiries, complaints, and disputes from data subjects and others and periodically monitors compliance to meet the entity’s objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner.Communicates to Data Subjects—Data subjects are informed about how to contact the entity with inquiries, complaints, and disputes.Addresses Inquiries, Complaints, and Disputes - A process is in place to address inquiries, complaints, and disputes.Documents and Communicates Dispute Resolution and Recourse - Each complaint is addressed, and the resolution is documented and communicated to the individual.Documents and Reports Compliance Review Results - Compliance with objectives related to privacy are reviewed and documented, and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented.Documents and Reports Instances of Noncompliance - Instances of noncompliance with objectives related to privacy are documented and reported and, if needed, corrective and disciplinary measures are taken on a timely basis.Performs Ongoing Monitoring - Ongoing procedures are performed for monitoring the effectiveness of controls over personal information and for taking timely corrective actions when necessary.",
       "Attributes": [
         {
           "ItemId": "p_8_1",

prowler/config/config.py

@@ -1,6 +1,5 @@
 import os
 import pathlib
-import sys
 from datetime import datetime, timezone
 from os import getcwd
 
@@ -11,7 +10,8 @@ from prowler.lib.logger import logger
 
 timestamp = datetime.today()
 timestamp_utc = datetime.now(timezone.utc).replace(tzinfo=timezone.utc)
-prowler_version = "3.8.1"
+prowler_version = "3.7.0"
+boto3_user_agent_extra = "APN_1826889"
 html_logo_url = "https://github.com/prowler-cloud/prowler/"
 html_logo_img = "https://user-images.githubusercontent.com/3985464/113734260-7ba06900-96fb-11eb-82bc-d4f68a1e2710.png"
 square_logo_img = "https://user-images.githubusercontent.com/38561120/235905862-9ece5bd7-9aa3-4e48-807a-3a9035eb8bfb.png"
@@ -24,23 +24,16 @@ banner_color = "\033[1;92m"
 
 # Compliance
 actual_directory = pathlib.Path(os.path.dirname(os.path.realpath(__file__)))
-
-
-def get_available_compliance_frameworks():
-    available_compliance_frameworks = []
-    for provider in ["aws", "gcp", "azure"]:
-        with os.scandir(f"{actual_directory}/../compliance/{provider}") as files:
-            for file in files:
-                if file.is_file() and file.name.endswith(".json"):
-                    available_compliance_frameworks.append(
-                        file.name.removesuffix(".json")
-                    )
-    return available_compliance_frameworks
-
-
-available_compliance_frameworks = get_available_compliance_frameworks()
-
-
+available_compliance_frameworks = []
+for provider in ["aws", "gcp"]:
+    with os.scandir(f"{actual_directory}/../compliance/{provider}") as files:
+        files = [
+            file.name
+            for file in files
+            if file.is_file()
+            and file.name.endswith(".json")
+            and available_compliance_frameworks.append(file.name.removesuffix(".json"))
+        ]
 # AWS services-regions matrix json
 aws_services_json_file = "aws_regions_by_service.json"
 
@@ -55,9 +48,7 @@ json_file_suffix = ".json"
 json_asff_file_suffix = ".asff.json"
 json_ocsf_file_suffix = ".ocsf.json"
 html_file_suffix = ".html"
-default_config_file_path = (
-    f"{pathlib.Path(os.path.dirname(os.path.realpath(__file__)))}/config.yaml"
-)
+config_yaml = f"{pathlib.Path(os.path.dirname(os.path.realpath(__file__)))}/config.yaml"
 
 
 def check_current_version():
@@ -72,51 +63,29 @@ def check_current_version():
         else:
             return f"{prowler_version_string} (it is the latest version, yay!)"
     except Exception as error:
-        logger.error(
-            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
-        )
+        logger.error(f"{error.__class__.__name__}: {error}")
         return f"{prowler_version_string}"
 
 
-def change_config_var(variable: str, value: str, audit_info):
+def change_config_var(variable, value):
     try:
-        if (
-            hasattr(audit_info, "audit_config")
-            and audit_info.audit_config is not None
-            and variable in audit_info.audit_config
-        ):
-            audit_info.audit_config[variable] = value
-        return audit_info
+        with open(config_yaml) as f:
+            doc = yaml.safe_load(f)
+
+        doc[variable] = value
+
+        with open(config_yaml, "w") as f:
+            yaml.dump(doc, f)
     except Exception as error:
-        logger.error(
-            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
-        )
+        logger.error(f"{error.__class__.__name__}: {error}")
 
 
-def load_and_validate_config_file(provider: str, config_file_path: str) -> dict:
-    """
-    load_and_validate_config_file reads the Prowler config file in YAML format from the default location or the file passed with the --config-file flag
-    """
+def get_config_var(variable):
     try:
-        with open(config_file_path) as f:
-            config = {}
-            config_file = yaml.safe_load(f)
-
-            # Not to introduce a breaking change we have to allow the old format config file without any provider keys
-            # and a new format with a key for each provider to include their configuration values within
-            # Check if the new format is passed
-            if "aws" in config_file or "gcp" in config_file or "azure" in config_file:
-                config = config_file.get(provider, {})
-            else:
-                config = config_file if config_file else {}
-                # Not to break Azure and GCP does not support neither use the old config format
-                if provider in ["azure", "gcp"]:
-                    config = {}
-
-            return config
+        with open(config_yaml) as f:
+            doc = yaml.safe_load(f)
 
+        return doc[variable]
     except Exception as error:
-        logger.critical(
-            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
-        )
-        sys.exit(1)
+        logger.error(f"{error.__class__.__name__}: {error}")
+        return ""

prowler/config/config.yaml

@@ -1,61 +1,57 @@
-# AWS Configuration
-aws:
-  # AWS EC2 Configuration
-  # aws.ec2_elastic_ip_shodan
-  shodan_api_key: null
-  # aws.ec2_securitygroup_with_many_ingress_egress_rules --> by default is 50 rules
-  max_security_group_rules: 50
-  # aws.ec2_instance_older_than_specific_days --> by default is 6 months (180 days)
-  max_ec2_instance_age_in_days: 180
+# AWS EC2 Configuration
+# aws.ec2_elastic_ip_shodan
+shodan_api_key: null
+# aws.ec2_securitygroup_with_many_ingress_egress_rules --> by default is 50 rules
+max_security_group_rules: 50
+# aws.ec2_instance_older_than_specific_days --> by default is 6 months (180 days)
+max_ec2_instance_age_in_days: 180
 
-  # AWS VPC Configuration (vpc_endpoint_connections_trust_boundaries, vpc_endpoint_services_allowed_principals_trust_boundaries)
-  # Single account environment: No action required. The AWS account number will be automatically added by the checks.
-  # Multi account environment: Any additional trusted account number should be added as a space separated list, e.g.
-  # trusted_account_ids : ["123456789012", "098765432109", "678901234567"]
-  trusted_account_ids: []
+# AWS VPC Configuration (vpc_endpoint_connections_trust_boundaries, vpc_endpoint_services_allowed_principals_trust_boundaries)
+# Single account environment: No action required. The AWS account number will be automatically added by the checks.
+# Multi account environment: Any additional trusted account number should be added as a space separated list, e.g.
+# trusted_account_ids : ["123456789012", "098765432109", "678901234567"]
+trusted_account_ids: []
 
-  # AWS Cloudwatch Configuration
-  # aws.cloudwatch_log_group_retention_policy_specific_days_enabled --> by default is 365 days
-  log_group_retention_days: 365
+# AWS Cloudwatch Configuration
+# aws.cloudwatch_log_group_retention_policy_specific_days_enabled --> by default is 365 days
+log_group_retention_days: 365
 
-  # AWS AppStream Session Configuration
-  # aws.appstream_fleet_session_idle_disconnect_timeout
-  max_idle_disconnect_timeout_in_seconds: 600 # 10 Minutes
-  # aws.appstream_fleet_session_disconnect_timeout
-  max_disconnect_timeout_in_seconds: 300 # 5 Minutes
-  # aws.appstream_fleet_maximum_session_duration
-  max_session_duration_seconds: 36000 # 10 Hours
+# AWS AppStream Session Configuration
+# aws.appstream_fleet_session_idle_disconnect_timeout
+max_idle_disconnect_timeout_in_seconds: 600 # 10 Minutes
+# aws.appstream_fleet_session_disconnect_timeout
+max_disconnect_timeout_in_seconds: 300 # 5 Minutes
+# aws.appstream_fleet_maximum_session_duration
+max_session_duration_seconds: 36000 # 10 Hours
 
-  # AWS Lambda Configuration
-  # aws.awslambda_function_using_supported_runtimes
-  obsolete_lambda_runtimes:
-    [
-      "python3.6",
-      "python2.7",
-      "nodejs4.3",
-      "nodejs4.3-edge",
-      "nodejs6.10",
-      "nodejs",
-      "nodejs8.10",
-      "nodejs10.x",
-      "dotnetcore1.0",
-      "dotnetcore2.0",
-      "dotnetcore2.1",
-      "ruby2.5",
-    ]
+# AWS Lambda Configuration
+# aws.awslambda_function_using_supported_runtimes
+obsolete_lambda_runtimes:
+  [
+    "python3.6",
+    "python2.7",
+    "nodejs4.3",
+    "nodejs4.3-edge",
+    "nodejs6.10",
+    "nodejs",
+    "nodejs8.10",
+    "nodejs10.x",
+    "dotnetcore1.0",
+    "dotnetcore2.0",
+    "dotnetcore2.1",
+    "ruby2.5",
+  ]
 
-  # AWS Organizations
-  # organizations_scp_check_deny_regions
-  # organizations_enabled_regions: [
-  #   'eu-central-1',
-  #   'eu-west-1',
-  #   "us-east-1"
-  # ]
-  organizations_enabled_regions: []
-  organizations_trusted_delegated_administrators: []
-
-# Azure Configuration
-azure:
-
-# GCP Configuration
-gcp:
+# AWS Organizations
+# organizations_scp_check_deny_regions
+# organizations_enabled_regions: [
+#   'eu-central-1',
+#   'eu-west-1',
+#   "us-east-1"
+# ]
+organizations_enabled_regions: []
+# organizations_delegated_administrators
+# organizations_trusted_delegated_administrators: [
+#   "12345678901"
+# ]
+organizations_trusted_delegated_administrators: []

prowler/lib/check/check.py

@@ -207,43 +207,42 @@ def list_categories(bulk_checks_metadata: dict) -> set():
 
 def print_categories(categories: set):
     categories_num = len(categories)
-    plural_string = f"\nThere are {Fore.YELLOW}{categories_num}{Style.RESET_ALL} available categories.\n"
-    singular_string = f"\nThere is {Fore.YELLOW}{categories_num}{Style.RESET_ALL} available category.\n"
+    plural_string = f"There are {Fore.YELLOW}{categories_num}{Style.RESET_ALL} available categories: \n"
+    singular_string = f"There is {Fore.YELLOW}{categories_num}{Style.RESET_ALL} available category: \n"
 
     message = plural_string if categories_num > 1 else singular_string
+    print(message)
     for category in categories:
         print(f"- {category}")
 
-    print(message)
-
 
 def print_services(service_list: set):
     services_num = len(service_list)
-    plural_string = f"\nThere are {Fore.YELLOW}{services_num}{Style.RESET_ALL} available services.\n"
+    plural_string = (
+        f"There are {Fore.YELLOW}{services_num}{Style.RESET_ALL} available services: \n"
+    )
     singular_string = (
-        f"\nThere is {Fore.YELLOW}{services_num}{Style.RESET_ALL} available service.\n"
+        f"There is {Fore.YELLOW}{services_num}{Style.RESET_ALL} available service: \n"
     )
 
     message = plural_string if services_num > 1 else singular_string
+    print(message)
 
     for service in service_list:
         print(f"- {service}")
 
-    print(message)
-
 
 def print_compliance_frameworks(
     bulk_compliance_frameworks: dict,
 ):
     frameworks_num = len(bulk_compliance_frameworks.keys())
-    plural_string = f"\nThere are {Fore.YELLOW}{frameworks_num}{Style.RESET_ALL} available Compliance Frameworks.\n"
-    singular_string = f"\nThere is {Fore.YELLOW}{frameworks_num}{Style.RESET_ALL} available Compliance Framework.\n"
+    plural_string = f"There are {Fore.YELLOW}{frameworks_num}{Style.RESET_ALL} available Compliance Frameworks: \n"
+    singular_string = f"There is {Fore.YELLOW}{frameworks_num}{Style.RESET_ALL} available Compliance Framework: \n"
     message = plural_string if frameworks_num > 1 else singular_string
 
-    for framework in bulk_compliance_frameworks.keys():
-        print(f"- {framework}")
-
     print(message)
+    for framework in bulk_compliance_frameworks.keys():
+        print(f"\t- {Fore.YELLOW}{framework}{Style.RESET_ALL}")
 
 
 def print_compliance_requirements(

prowler/lib/cli/parser.py

@@ -5,11 +5,17 @@ from argparse import RawTextHelpFormatter
 from prowler.config.config import (
     available_compliance_frameworks,
     check_current_version,
-    default_config_file_path,
     default_output_directory,
 )
 from prowler.providers.aws.aws_provider import get_aws_available_regions
-from prowler.providers.aws.lib.arn.arn import arn_type
+from prowler.providers.aws.lib.arn.arn import is_valid_arn
+
+
+def arn_type(arn: str) -> bool:
+    """arn_type returns a string ARN if it is valid and raises an argparse.ArgumentError if not."""
+    if not is_valid_arn(arn):
+        raise argparse.ArgumentError("Invalid ARN")
+    return arn
 
 
 class ProwlerArgumentParser:
@@ -46,7 +52,6 @@ Detailed documentation at https://docs.prowler.cloud
         self.__init_checks_parser__()
         self.__init_exclude_checks_parser__()
         self.__init_list_checks_parser__()
-        self.__init_config_parser__()
 
         # Init Providers Arguments
         self.__init_aws_parser__()
@@ -262,15 +267,6 @@ Detailed documentation at https://docs.prowler.cloud
             help="List the available check's categories",
         )
 
-    def __init_config_parser__(self):
-        config_parser = self.common_providers_parser.add_argument_group("Configuration")
-        config_parser.add_argument(
-            "--config-file",
-            nargs="?",
-            default=default_config_file_path,
-            help="Set configuration file path",
-        )
-
     def __init_aws_parser__(self):
         """Init the AWS Provider CLI parser"""
         aws_parser = self.subparsers.add_parser(
@@ -293,12 +289,6 @@ Detailed documentation at https://docs.prowler.cloud
             help="ARN of the role to be assumed",
             # Pending ARN validation
         )
-        aws_auth_subparser.add_argument(
-            "--sts-endpoint-region",
-            nargs="?",
-            default=None,
-            help="Specify the AWS STS endpoint region to use. Read more at https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html",
-        )
         aws_auth_subparser.add_argument(
             "--mfa",
             action="store_true",

prowler/lib/logger.py

@@ -14,7 +14,7 @@ logging_levels = {
 def set_logging_config(log_level: str, log_file: str = None, only_logs: bool = False):
     # Logs formatter
     stream_formatter = logging.Formatter(
-        "\n%(asctime)s [File: %(filename)s:%(lineno)d] \t[Module: %(module)s]\t %(levelname)s: %(message)s"
+        "%(asctime)s [File: %(filename)s:%(lineno)d] \t[Module: %(module)s]\t %(levelname)s: %(message)s"
     )
     log_file_formatter = logging.Formatter(
         '{"timestamp": "%(asctime)s", "filename": "%(filename)s:%(lineno)d", "level": "%(levelname)s", "module": "%(module)s", "message": "%(message)s"}'

prowler/lib/outputs/json.py

@@ -40,8 +40,6 @@ def fill_json_asff(finding_output, audit_info, finding, output_options):
             if finding.resource_id == "":
                 finding.resource_id = "NONE_PROVIDED"
             finding.resource_arn = finding.resource_id
-        # The following line cannot be changed because it is the format we use to generate unique findings for AWS Security Hub
-        # If changed some findings could be lost because the unique identifier will be different
         finding_output.Id = f"prowler-{finding.check_metadata.CheckID}-{audit_info.audited_account}-{finding.region}-{hash_sha512(finding.resource_id)}"
         finding_output.ProductArn = f"arn:{audit_info.audited_partition}:securityhub:{finding.region}::product/prowler/prowler"
         finding_output.ProductFields = ProductFields(

prowler/lib/outputs/models.py

@@ -184,7 +184,7 @@ def unroll_tags(tags: list):
     if tags and tags != [{}] and tags != [None]:
         for item in tags:
             # Check if there are tags in list
-            if isinstance(item, dict):
+            if type(item) == dict:
                 for key, value in item.items():
                     if not unrolled_items:
                         # Check the pattern of tags (Key:Value or Key:key/Value:value)
@@ -219,7 +219,7 @@ def unroll_dict(dict: dict):
     unrolled_items = ""
     separator = "|"
     for key, value in dict.items():
-        if isinstance(value, list):
+        if type(value) == list:
             value = ", ".join(value)
         if not unrolled_items:
             unrolled_items = f"{key}: {value}"
@@ -230,15 +230,15 @@ def unroll_dict(dict: dict):
 
 
 def unroll_dict_to_list(dict: dict):
-    dict_list = []
+    list = []
     for key, value in dict.items():
-        if isinstance(value, list):
+        if type(value) == list:
             value = ", ".join(value)
-            dict_list.append(f"{key}: {value}")
+            list.append(f"{key}: {value}")
         else:
-            dict_list.append(f"{key}: {value}")
+            list.append(f"{key}: {value}")
 
-    return dict_list
+    return list
 
 
 def parse_html_string(str: str):

prowler/providers/aws/aws_provider.py

@@ -10,7 +10,6 @@ from prowler.config.config import aws_services_json_file
 from prowler.lib.check.check import list_modules, recover_checks_from_service
 from prowler.lib.logger import logger
 from prowler.lib.utils.utils import open_file, parse_json_file
-from prowler.providers.aws.config import AWS_STS_GLOBAL_ENDPOINT_REGION
 from prowler.providers.aws.lib.audit_info.models import AWS_Assume_Role, AWS_Audit_Info
 
 
@@ -106,11 +105,7 @@ class AWS_Provider:
         return refreshed_credentials
 
 
-def assume_role(
-    session: session.Session,
-    assumed_role_info: AWS_Assume_Role,
-    sts_endpoint_region: str = None,
-) -> dict:
+def assume_role(session: session.Session, assumed_role_info: AWS_Assume_Role) -> dict:
     try:
         assume_role_arguments = {
             "RoleArn": assumed_role_info.role_arn,
@@ -118,7 +113,6 @@ def assume_role(
             "DurationSeconds": assumed_role_info.session_duration,
         }
 
-        # Set the info to assume the role from the partition, account and role name
         if assumed_role_info.external_id:
             assume_role_arguments["ExternalId"] = assumed_role_info.external_id
 
@@ -127,11 +121,8 @@ def assume_role(
             assume_role_arguments["SerialNumber"] = mfa_ARN
             assume_role_arguments["TokenCode"] = mfa_TOTP
 
-        # Set the STS Endpoint Region
-        if sts_endpoint_region is None:
-            sts_endpoint_region = AWS_STS_GLOBAL_ENDPOINT_REGION
-
-        sts_client = session.client("sts", sts_endpoint_region)
+        # set the info to assume the role from the partition, account and role name
+        sts_client = session.client("sts")
         assumed_credentials = sts_client.assume_role(**assume_role_arguments)
     except Exception as error:
         logger.critical(

prowler/providers/aws/config.py

@@ -1,2 +0,0 @@
-AWS_STS_GLOBAL_ENDPOINT_REGION = "us-east-1"
-BOTO3_USER_AGENT_EXTRA = "APN_1826889"

prowler/providers/aws/lib/allowlist/allowlist.py

@@ -115,27 +115,18 @@ def parse_allowlist_file(audit_info, allowlist_file):
 
 def is_allowlisted(allowlist, audited_account, check, region, resource, tags):
     try:
-        allowlisted_checks = {}
         # By default is not allowlisted
         is_finding_allowlisted = False
         # First set account key from allowlist dict
         if audited_account in allowlist["Accounts"]:
-            allowlisted_checks = allowlist["Accounts"][audited_account]["Checks"]
+            account = audited_account
         # If there is a *, it affects to all accounts
-        # This cannot be elif since in the case of * and single accounts we
-        # want to merge allowlisted checks from * to the other accounts check list
-        if "*" in allowlist["Accounts"]:
-            checks_multi_account = allowlist["Accounts"]["*"]["Checks"]
-            allowlisted_checks.update(checks_multi_account)
+        elif "*" in allowlist["Accounts"]:
+            account = "*"
         # Test if it is allowlisted
+        allowlisted_checks = allowlist["Accounts"][account]["Checks"]
         if is_allowlisted_in_check(
-            allowlisted_checks,
-            audited_account,
-            audited_account,
-            check,
-            region,
-            resource,
-            tags,
+            allowlisted_checks, audited_account, account, check, region, resource, tags
         ):
             is_finding_allowlisted = True
 

prowler/providers/aws/lib/arn/arn.py

@@ -1,5 +1,4 @@
 import re
-from argparse import ArgumentError
 
 from prowler.providers.aws.lib.arn.error import (
     RoleArnParsingEmptyResource,
@@ -12,13 +11,6 @@ from prowler.providers.aws.lib.arn.error import (
 from prowler.providers.aws.lib.arn.models import ARN
 
 
-def arn_type(arn: str) -> bool:
-    """arn_type returns a string ARN if it is valid and raises an argparse.ArgumentError if not."""
-    if not is_valid_arn(arn):
-        raise ArgumentError("Invalid ARN")
-    return arn
-
-
 def parse_iam_credentials_arn(arn: str) -> ARN:
     arn_parsed = ARN(arn)
     # First check if region is empty (in IAM ARN's region is always empty)

prowler/providers/aws/lib/audit_info/audit_info.py

@@ -1,7 +1,7 @@
 from boto3 import session
 from botocore.config import Config
 
-from prowler.providers.aws.config import BOTO3_USER_AGENT_EXTRA
+from prowler.config.config import boto3_user_agent_extra
 from prowler.providers.aws.lib.audit_info.models import AWS_Assume_Role, AWS_Audit_Info
 
 # Default Current Audit Info
@@ -15,7 +15,7 @@ current_audit_info = AWS_Audit_Info(
     # https://boto3.amazonaws.com/v1/documentation/api/latest/guide/retries.html
     session_config=Config(
         retries={"max_attempts": 3, "mode": "standard"},
-        user_agent_extra=BOTO3_USER_AGENT_EXTRA,
+        user_agent_extra=boto3_user_agent_extra,
     ),
     audited_account=None,
     audited_account_arn=None,
@@ -36,5 +36,4 @@ current_audit_info = AWS_Audit_Info(
     audited_regions=None,
     organizations_metadata=None,
     audit_metadata=None,
-    audit_config=None,
 )

prowler/providers/aws/lib/audit_info/models.py

@@ -51,4 +51,3 @@ class AWS_Audit_Info:
     audit_resources: list
     organizations_metadata: AWS_Organizations_Info
     audit_metadata: Optional[Any] = None
-    audit_config: Optional[dict] = None

prowler/providers/aws/lib/credentials/credentials.py

@@ -4,21 +4,15 @@ from boto3 import session
 from colorama import Fore, Style
 
 from prowler.lib.logger import logger
-from prowler.providers.aws.config import AWS_STS_GLOBAL_ENDPOINT_REGION
 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
 
+AWS_STS_GLOBAL_ENDPOINT_REGION = "us-east-1"
 
-def validate_aws_credentials(
-    session: session, input_regions: list, sts_endpoint_region: str = None
-) -> dict:
+
+def validate_aws_credentials(session: session, input_regions: list) -> dict:
     try:
         # For a valid STS GetCallerIdentity we have to use the right AWS Region
-        # Check if the --sts-endpoint-region is set
-        if sts_endpoint_region is not None:
-            aws_region = sts_endpoint_region
-        # If there is no region passed with -f/--region/--filter-region
-        elif input_regions is None or len(input_regions) == 0:
-            # If you have a region configured in your AWS config or credentials file
+        if input_regions is None or len(input_regions) == 0:
             if session.region_name is not None:
                 aws_region = session.region_name
             else:
@@ -28,7 +22,6 @@ def validate_aws_credentials(
         else:
             # Get the first region passed to the -f/--region
             aws_region = input_regions[0]
-
         validate_credentials_client = session.client("sts", aws_region)
         caller_identity = validate_credentials_client.get_caller_identity()
         # Include the region where the caller_identity has validated the credentials

prowler/providers/aws/lib/policy_condition_parser/policy_condition_parser.py

@@ -1,54 +0,0 @@
-# lista de cuentas y te devuelva las válidas
-def is_account_only_allowed_in_condition(
-    condition_statement: dict, source_account: str
-):
-    is_condition_valid = False
-    valid_condition_options = {
-        "StringEquals": [
-            "aws:SourceAccount",
-            "aws:SourceOwner",
-            "s3:ResourceAccount",
-            "aws:PrincipalAccount",
-            "aws:ResourceAccount",
-        ],
-        "StringLike": [
-            "aws:SourceAccount",
-            "aws:SourceOwner",
-            "aws:SourceArn",
-            "aws:PrincipalArn",
-            "aws:ResourceAccount",
-            "aws:PrincipalAccount",
-        ],
-        "ArnLike": ["aws:SourceArn", "aws:PrincipalArn"],
-        "ArnEquals": ["aws:SourceArn", "aws:PrincipalArn"],
-    }
-
-    for condition_operator, condition_operator_key in valid_condition_options.items():
-        if condition_operator in condition_statement:
-            for value in condition_operator_key:
-                if value in condition_statement[condition_operator]:
-                    # values are a list
-                    if isinstance(
-                        condition_statement[condition_operator][value],
-                        list,
-                    ):
-                        # if there is an arn/account without the source account -> we do not consider it safe
-                        # here by default we assume is true and look for false entries
-                        is_condition_valid = True
-                        for item in condition_statement[condition_operator][value]:
-                            if source_account not in item:
-                                is_condition_valid = False
-                                break
-
-                    # value is a string
-                    elif isinstance(
-                        condition_statement[condition_operator][value],
-                        str,
-                    ):
-                        if (
-                            source_account
-                            in condition_statement[condition_operator][value]
-                        ):
-                            is_condition_valid = True
-
-    return is_condition_valid

prowler/providers/aws/lib/security_hub/security_hub.py

@@ -4,7 +4,11 @@ from operator import itemgetter
 
 from boto3 import session
 
-from prowler.config.config import json_asff_file_suffix, timestamp_utc
+from prowler.config.config import (
+    json_asff_file_suffix,
+    output_file_timestamp,
+    timestamp_utc,
+)
 from prowler.lib.logger import logger
 from prowler.lib.outputs.models import Check_Output_JSON_ASFF
 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
@@ -56,14 +60,16 @@ def send_to_security_hub(
 
 # Move previous Security Hub check findings to ARCHIVED (as prowler didn't re-detect them)
 def resolve_security_hub_previous_findings(
-    output_directory: str, output_filename: str, audit_info: AWS_Audit_Info
+    output_directory: str, audit_info: AWS_Audit_Info
 ) -> list:
     """
     resolve_security_hub_previous_findings archives all the findings that does not appear in the current execution
     """
     logger.info("Checking previous findings in Security Hub to archive them.")
     # Read current findings from json-asff file
-    with open(f"{output_directory}/{output_filename}{json_asff_file_suffix}") as f:
+    with open(
+        f"{output_directory}/prowler-output-{audit_info.audited_account}-{output_file_timestamp}{json_asff_file_suffix}"
+    ) as f:
         json_asff_file = json.load(f)
 
     # Sort by region

prowler/providers/aws/lib/service/service.py

@@ -1,57 +0,0 @@
-import threading
-
-from prowler.providers.aws.aws_provider import (
-    generate_regional_clients,
-    get_default_region,
-)
-from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
-
-
-class AWSService:
-    """The AWSService class offers a parent class for each AWS Service to generate:
-    - AWS Regional Clients
-    - Shared information like the account ID and ARN, the the AWS partition and the checks audited
-    - AWS Session
-    - Also handles if the AWS Service is Global
-    """
-
-    def __init__(self, service: str, audit_info: AWS_Audit_Info, global_service=False):
-        # Audit Information
-        self.audit_info = audit_info
-        self.audited_account = audit_info.audited_account
-        self.audited_account_arn = audit_info.audited_account_arn
-        self.audited_partition = audit_info.audited_partition
-        self.audit_resources = audit_info.audit_resources
-        self.audited_checks = audit_info.audit_metadata.expected_checks
-        self.audit_config = audit_info.audit_config
-
-        # AWS Session
-        self.session = audit_info.audit_session
-
-        # We receive the service using __class__.__name__ or the service name in lowercase
-        # e.g.: AccessAnalyzer --> we need a lowercase string, so service.lower()
-        self.service = service.lower() if not service.islower() else service
-
-        # Generate Regional Clients
-        if not global_service:
-            self.regional_clients = generate_regional_clients(
-                self.service, audit_info, global_service
-            )
-
-        # Get a single region and client if the service needs it (e.g. AWS Global Service)
-        # We cannot include this within an else because some services needs both the regional_clients
-        # and a single client like S3
-        self.region = get_default_region(self.service, audit_info)
-        self.client = self.session.client(self.service, self.region)
-
-    def __get_session__(self):
-        return self.session
-
-    def __threading_call__(self, call):
-        threads = []
-        for regional_client in self.regional_clients.values():
-            threads.append(threading.Thread(target=call, args=(regional_client,)))
-        for t in threads:
-            t.start()
-        for t in threads:
-            t.join()

prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled/accessanalyzer_enabled.py

@@ -13,7 +13,7 @@ class accessanalyzer_enabled(Check):
             if analyzer.status == "ACTIVE":
                 report.status = "PASS"
                 report.status_extended = (
-                    f"IAM Access Analyzer {analyzer.name} is enabled."
+                    f"IAM Access Analyzer {analyzer.name} is enabled"
                 )
                 report.resource_id = analyzer.name
                 report.resource_arn = analyzer.arn
@@ -22,13 +22,13 @@ class accessanalyzer_enabled(Check):
             elif analyzer.status == "NOT_AVAILABLE":
                 report.status = "FAIL"
                 report.status_extended = (
-                    f"IAM Access Analyzer in account {analyzer.name} is not enabled."
+                    f"IAM Access Analyzer in account {analyzer.name} is not enabled"
                 )
                 report.resource_id = analyzer.name
             else:
                 report.status = "FAIL"
                 report.status_extended = (
-                    f"IAM Access Analyzer {analyzer.name} is not active."
+                    f"IAM Access Analyzer {analyzer.name} is not active"
                 )
                 report.resource_id = analyzer.name
                 report.resource_arn = analyzer.arn

prowler/providers/aws/services/accessanalyzer/accessanalyzer_service.py

@@ -1,3 +1,4 @@
+import threading
 from typing import Optional
 
 from botocore.exceptions import ClientError
@@ -5,19 +6,34 @@ from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## AccessAnalyzer
-class AccessAnalyzer(AWSService):
+class AccessAnalyzer:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "accessanalyzer"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.analyzers = []
         self.__threading_call__(self.__list_analyzers__)
         self.__list_findings__()
         self.__get_finding_status__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __list_analyzers__(self, regional_client):
         logger.info("AccessAnalyzer - Listing Analyzers...")
         try:

prowler/providers/aws/services/account/account_service.py

@@ -1,11 +1,22 @@
+from prowler.providers.aws.aws_provider import (
+    generate_regional_clients,
+    get_default_region,
+)
+
+
 ################## Account
-from prowler.providers.aws.lib.service.service import AWSService
-
-
-class Account(AWSService):
+class Account:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "account"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audited_partition = audit_info.audited_partition
+        self.audited_account_arn = audit_info.audited_account_arn
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
+        self.region = get_default_region(self.service, audit_info)
+
+    def __get_session__(self):
+        return self.session
 
 
 ### This service don't need boto3 calls

prowler/providers/aws/services/acm/acm_service.py

@@ -1,3 +1,4 @@
+import threading
 from datetime import datetime
 from typing import Optional
 
@@ -5,19 +6,34 @@ from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## ACM
-class ACM(AWSService):
+class ACM:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "acm"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.certificates = []
         self.__threading_call__(self.__list_certificates__)
         self.__describe_certificates__()
         self.__list_tags_for_certificate__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __list_certificates__(self, regional_client):
         logger.info("ACM - Listing Certificates...")
         try:

prowler/providers/aws/services/apigateway/apigateway_authorizers_enabled/apigateway_authorizers_enabled.py

@@ -15,10 +15,10 @@ class apigateway_authorizers_enabled(Check):
             report.resource_tags = rest_api.tags
             if rest_api.authorizer:
                 report.status = "PASS"
-                report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} has an authorizer configured."
+                report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} has authorizer configured."
             else:
                 report.status = "FAIL"
-                report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} does not have an authorizer configured."
+                report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} has not authorizer configured."
             findings.append(report)
 
         return findings

prowler/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled.metadata.json

@@ -21,7 +21,7 @@
       "Terraform": ""
     },
     "Recommendation": {
-      "Text": "Enable client certificate. Mutual TLS is recommended and commonly used for business-to-business (B2B) applications. It is used in standards such as Open Banking. API Gateway now provides integrated mutual TLS authentication at no additional cost.",
+      "Text": "Enable client certificate. Mutual TLS is recommended and commonly used for business-to-business (B2B) applications. It iss used in standards such as Open Banking. API Gateway now provides integrated mutual TLS authentication at no additional cost.",
       "Url": "https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/"
     }
   },

prowler/providers/aws/services/apigateway/apigateway_client_certificate_enabled/apigateway_client_certificate_enabled.py

@@ -19,7 +19,7 @@ class apigateway_client_certificate_enabled(Check):
                     report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} in stage {stage.name} has client certificate enabled."
                 else:
                     report.status = "FAIL"
-                    report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} in stage {stage.name} does not have client certificate enabled."
+                    report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} in stage {stage.name} has not client certificate enabled."
                 findings.append(report)
 
         return findings

prowler/providers/aws/services/apigateway/apigateway_service.py

@@ -1,23 +1,40 @@
+import threading
 from typing import Optional
 
 from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## APIGateway
-class APIGateway(AWSService):
+class APIGateway:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "apigateway"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audit_resources = audit_info.audit_resources
+        self.audited_partition = audit_info.audited_partition
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.rest_apis = []
         self.__threading_call__(self.__get_rest_apis__)
         self.__get_authorizers__()
         self.__get_rest_api__()
         self.__get_stages__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __get_rest_apis__(self, regional_client):
         logger.info("APIGateway - Getting Rest APIs...")
         try:

prowler/providers/aws/services/apigateway/apigateway_waf_acl_attached/apigateway_waf_acl_attached.py

@@ -19,7 +19,7 @@ class apigateway_waf_acl_attached(Check):
                     report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} in stage {stage.name} has {stage.waf} WAF ACL attached."
                 else:
                     report.status = "FAIL"
-                    report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} in stage {stage.name} does not have WAF ACL attached."
+                    report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} in stage {stage.name} has not WAF ACL attached."
                 findings.append(report)
 
         return findings

prowler/providers/aws/services/apigatewayv2/apigatewayv2_authorizers_enabled/apigatewayv2_authorizers_enabled.py

@@ -14,10 +14,14 @@ class apigatewayv2_authorizers_enabled(Check):
             report.resource_arn = api.arn
             report.resource_tags = api.tags
             report.status = "FAIL"
-            report.status_extended = f"API Gateway V2 {api.name} ID {api.id} does not have an authorizer configured."
+            report.status_extended = (
+                f"API Gateway V2 {api.name} ID {api.id} has not authorizer configured."
+            )
             if api.authorizer:
                 report.status = "PASS"
-                report.status_extended = f"API Gateway V2 {api.name} ID {api.id} has an authorizer configured."
+                report.status_extended = (
+                    f"API Gateway V2 {api.name} ID {api.id} has authorizer configured."
+                )
             findings.append(report)
 
         return findings

prowler/providers/aws/services/apigatewayv2/apigatewayv2_service.py

@@ -1,22 +1,39 @@
+import threading
 from typing import Optional
 
 from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## ApiGatewayV2
-class ApiGatewayV2(AWSService):
+class ApiGatewayV2:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "apigatewayv2"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audited_partition = audit_info.audited_partition
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.apis = []
         self.__threading_call__(self.__get_apis__)
         self.__get_authorizers__()
         self.__get_stages__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __get_apis__(self, regional_client):
         logger.info("APIGatewayv2 - Getting APIs...")
         try:

prowler/providers/aws/services/appstream/appstream_fleet_maximum_session_duration/appstream_fleet_maximum_session_duration.py

@@ -1,18 +1,16 @@
+from prowler.config.config import get_config_var
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.appstream.appstream_client import appstream_client
 
+max_session_duration_seconds = get_config_var("max_session_duration_seconds")
+"""max_session_duration_seconds, default: 36000 seconds (10 hours)"""
+
 
 class appstream_fleet_maximum_session_duration(Check):
     """Check if there are AppStream Fleets with the user maximum session duration no longer than 10 hours"""
 
     def execute(self):
         """Execute the appstream_fleet_maximum_session_duration check"""
-
-        # max_session_duration_seconds, default: 36000 seconds (10 hours)
-        max_session_duration_seconds = appstream_client.audit_config.get(
-            "max_session_duration_seconds", 36000
-        )
-
         findings = []
         for fleet in appstream_client.fleets:
             report = Check_Report_AWS(self.metadata())

prowler/providers/aws/services/appstream/appstream_fleet_session_disconnect_timeout/appstream_fleet_session_disconnect_timeout.py

@@ -1,18 +1,16 @@
+from prowler.config.config import get_config_var
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.appstream.appstream_client import appstream_client
 
+max_disconnect_timeout_in_seconds = get_config_var("max_disconnect_timeout_in_seconds")
+"""max_disconnect_timeout_in_seconds, default: 300 seconds (5 minutes)"""
+
 
 class appstream_fleet_session_disconnect_timeout(Check):
     """Check if there are AppStream Fleets with the session disconnect timeout set to 5 minutes or less"""
 
     def execute(self):
         """Execute the appstream_fleet_maximum_session_duration check"""
-
-        # max_disconnect_timeout_in_seconds, default: 300 seconds (5 minutes)
-        max_disconnect_timeout_in_seconds = appstream_client.audit_config.get(
-            "max_disconnect_timeout_in_seconds", 300
-        )
-
         findings = []
         for fleet in appstream_client.fleets:
             report = Check_Report_AWS(self.metadata())

prowler/providers/aws/services/appstream/appstream_fleet_session_idle_disconnect_timeout/appstream_fleet_session_idle_disconnect_timeout.py

@@ -1,18 +1,18 @@
+from prowler.config.config import get_config_var
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.appstream.appstream_client import appstream_client
 
+max_idle_disconnect_timeout_in_seconds = get_config_var(
+    "max_idle_disconnect_timeout_in_seconds"
+)
+"""max_idle_disconnect_timeout_in_seconds, default: 600 seconds (10 minutes)"""
+
 
 class appstream_fleet_session_idle_disconnect_timeout(Check):
     """Check if there are AppStream Fleets with the idle disconnect timeout set to 10 minutes or less"""
 
     def execute(self):
         """Execute the appstream_fleet_session_idle_disconnect_timeout check"""
-
-        # max_idle_disconnect_timeout_in_seconds, default: 600 seconds (10 minutes)
-        max_idle_disconnect_timeout_in_seconds = appstream_client.audit_config.get(
-            "max_idle_disconnect_timeout_in_seconds", 600
-        )
-
         findings = []
         for fleet in appstream_client.fleets:
             report = Check_Report_AWS(self.metadata())

prowler/providers/aws/services/appstream/appstream_service.py

@@ -1,21 +1,37 @@
+import threading
 from typing import Optional
 
 from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## AppStream
-class AppStream(AWSService):
+class AppStream:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "appstream"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.fleets = []
         self.__threading_call__(self.__describe_fleets__)
         self.__list_tags_for_resource__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __describe_fleets__(self, regional_client):
         logger.info("AppStream - Describing Fleets...")
         try:

prowler/providers/aws/services/athena/athena_client.py

@@ -1,4 +0,0 @@
-from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
-from prowler.providers.aws.services.athena.athena_service import Athena
-
-athena_client = Athena(current_audit_info)

prowler/providers/aws/services/athena/athena_service.py

@@ -1,109 +0,0 @@
-from typing import Optional
-
-from pydantic import BaseModel
-
-from prowler.lib.logger import logger
-from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
-
-
-################## Athena
-class Athena(AWSService):
-    def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
-        self.workgroups = {}
-        self.__threading_call__(self.__list_workgroups__)
-        self.__get_workgroups__()
-        self.__list_tags_for_resource__()
-
-    def __list_workgroups__(self, regional_client):
-        logger.info("Athena - Listing WorkGroups...")
-        try:
-            list_workgroups = regional_client.list_work_groups()
-            for workgroup in list_workgroups["WorkGroups"]:
-                workgroup_name = workgroup["Name"]
-                workgroup_arn = f"arn:{self.audited_partition}:athena:{regional_client.region}:{self.audited_account}:workgroup/{workgroup_name}"
-                if not self.audit_resources or (
-                    is_resource_filtered(workgroup_arn, self.audit_resources)
-                ):
-                    self.workgroups[workgroup_arn] = WorkGroup(
-                        arn=workgroup_arn,
-                        name=workgroup_name,
-                        region=regional_client.region,
-                    )
-
-        except Exception as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-
-    def __get_workgroups__(self):
-        logger.info("Athena - Getting WorkGroups...")
-        try:
-            for workgroup in self.workgroups.values():
-                wg = self.regional_clients[workgroup.region].get_work_group(
-                    WorkGroup=workgroup.name
-                )
-
-                wg_configuration = wg.get("WorkGroup").get("Configuration")
-                self.workgroups[
-                    workgroup.arn
-                ].enforce_workgroup_configuration = wg_configuration.get(
-                    "EnforceWorkGroupConfiguration", False
-                )
-
-                # We include an empty EncryptionConfiguration to handle if the workgroup does not have encryption configured
-                encryption = (
-                    wg_configuration.get(
-                        "ResultConfiguration",
-                        {"EncryptionConfiguration": {}},
-                    )
-                    .get(
-                        "EncryptionConfiguration",
-                        {"EncryptionOption": ""},
-                    )
-                    .get("EncryptionOption")
-                )
-
-                if encryption in ["SSE_S3", "SSE_KMS", "CSE_KMS"]:
-                    encryption_configuration = EncryptionConfiguration(
-                        encryption_option=encryption, encrypted=True
-                    )
-                    self.workgroups[
-                        workgroup.arn
-                    ].encryption_configuration = encryption_configuration
-
-        except Exception as error:
-            logger.error(
-                f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-
-    def __list_tags_for_resource__(self):
-        logger.info("Athena - Listing Tags...")
-        try:
-            for workgroup in self.workgroups.values():
-                regional_client = self.regional_clients[workgroup.region]
-                workgroup.tags = regional_client.list_tags_for_resource(
-                    ResourceARN=workgroup.arn
-                )["Tags"]
-        except Exception as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-
-
-class EncryptionConfiguration(BaseModel):
-    encryption_option: str
-    encrypted: bool
-
-
-class WorkGroup(BaseModel):
-    arn: str
-    name: str
-    encryption_configuration: EncryptionConfiguration = EncryptionConfiguration(
-        encryption_option="", encrypted=False
-    )
-    enforce_workgroup_configuration: bool = False
-    region: str
-    tags: Optional[list] = []

prowler/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption.metadata.json

@@ -1,34 +0,0 @@
-{
-  "Provider": "aws",
-  "CheckID": "athena_workgroup_encryption",
-  "CheckTitle": "Ensure that encryption at rest is enabled for Amazon Athena query results stored in Amazon S3 in order to secure data and meet compliance requirements for data-at-rest encryption.",
-  "CheckType": [
-    "Software and Configuration Checks"
-  ],
-  "ServiceName": "athena",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:athena:region:account-id:workgroup/resource-id",
-  "Severity": "high",
-  "ResourceType": "WorkGroup",
-  "Description": "Ensure that encryption at rest is enabled for Amazon Athena query results stored in Amazon S3 in order to secure data and meet compliance requirements for data-at-rest encryption.",
-  "Risk": "If not enabled sensitive information at rest is not protected.",
-  "RelatedUrl": "https://docs.aws.amazon.com/athena/latest/ug/encryption.html",
-  "Remediation": {
-    "Code": {
-      "CLI": "aws athena update-work-group --region <REGION> --work-group <workgroup_name> --configuration-updates ResultConfigurationUpdates={EncryptionConfiguration={EncryptionOption=SSE_S3|SSE_KMS|CSE_KMS}}",
-      "NativeIaC": "",
-      "Other": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Athena/encryption-enabled.html",
-      "Terraform": "https://docs.bridgecrew.io/docs/ensure-that-athena-workgroup-is-encrypted#terraform"
-    },
-    "Recommendation": {
-      "Text": "Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.",
-      "Url": "https://docs.aws.amazon.com/athena/latest/ug/encrypting-query-results-stored-in-s3.html"
-    }
-  },
-  "Categories": [
-    "encryption"
-  ],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}

prowler/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption.py

@@ -1,27 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AWS
-from prowler.providers.aws.services.athena.athena_client import athena_client
-
-
-class athena_workgroup_encryption(Check):
-    """Check if there are Athena workgroups not encrypting query results"""
-
-    def execute(self):
-        """Execute the athena_workgroup_encryption check"""
-        findings = []
-        for workgroup in athena_client.workgroups.values():
-            report = Check_Report_AWS(self.metadata())
-            report.region = workgroup.region
-            report.resource_id = workgroup.name
-            report.resource_arn = workgroup.arn
-            report.resource_tags = workgroup.tags
-
-            if workgroup.encryption_configuration.encrypted:
-                report.status = "PASS"
-                report.status_extended = f"Athena WorkGroup {workgroup.name} encrypts the query results using {workgroup.encryption_configuration.encryption_option}."
-            else:
-                report.status = "FAIL"
-                report.status_extended = f"Athena WorkGroup {workgroup.name} does not encrypt the query results."
-
-            findings.append(report)
-
-        return findings

prowler/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration.metadata.json

@@ -1,32 +0,0 @@
-{
-  "Provider": "aws",
-  "CheckID": "athena_workgroup_enforce_configuration",
-  "CheckTitle": "Ensure that workgroup configuration is enforced so it cannot be overriden by client-side settings.",
-  "CheckType": [
-    "Software and Configuration Checks"
-  ],
-  "ServiceName": "athena",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:athena:region:account-id:workgroup/resource-id",
-  "Severity": "medium",
-  "ResourceType": "WorkGroup",
-  "Description": "Ensure that workgroup configuration is enforced so it cannot be overriden by client-side settings.",
-  "Risk": "If workgroup configuration is not enforced security settings like encryption can be overriden by client-side settings.",
-  "RelatedUrl": "https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html",
-  "Remediation": {
-    "Code": {
-      "CLI": "aws athena update-work-group --region <REGION> --work-group <workgroup_name> --configuration-updates EnforceWorkGroupConfiguration=True",
-      "NativeIaC": "https://docs.bridgecrew.io/docs/bc_aws_general_33#cloudformation",
-      "Other": "",
-      "Terraform": "https://docs.bridgecrew.io/docs/bc_aws_general_33#terraform"
-    },
-    "Recommendation": {
-      "Text": "Ensure that workgroup configuration is enforced so it cannot be overriden by client-side settings.",
-      "Url": "https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html"
-    }
-  },
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}

prowler/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration.py

@@ -1,27 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AWS
-from prowler.providers.aws.services.athena.athena_client import athena_client
-
-
-class athena_workgroup_enforce_configuration(Check):
-    """Check if there are Athena workgroups not encrypting query results"""
-
-    def execute(self):
-        """Execute the athena_workgroup_enforce_configuration check"""
-        findings = []
-        for workgroup in athena_client.workgroups.values():
-            report = Check_Report_AWS(self.metadata())
-            report.region = workgroup.region
-            report.resource_id = workgroup.name
-            report.resource_arn = workgroup.arn
-            report.resource_tags = workgroup.tags
-
-            if workgroup.enforce_workgroup_configuration:
-                report.status = "PASS"
-                report.status_extended = f"Athena WorkGroup {workgroup.name} enforces the workgroup configuration, so it cannot be overridden by the client-side settings."
-            else:
-                report.status = "FAIL"
-                report.status_extended = f"Athena WorkGroup {workgroup.name} does not enforce the workgroup configuration, so it can be overridden by the client-side settings."
-
-            findings.append(report)
-
-        return findings

prowler/providers/aws/services/autoscaling/autoscaling_service.py

@@ -1,20 +1,37 @@
+import threading
+
 from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## AutoScaling
-class AutoScaling(AWSService):
+class AutoScaling:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "autoscaling"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.launch_configurations = []
         self.__threading_call__(self.__describe_launch_configurations__)
         self.groups = []
         self.__threading_call__(self.__describe_auto_scaling_groups__)
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __describe_launch_configurations__(self, regional_client):
         logger.info("AutoScaling - Describing Launch Configurations...")
         try:

prowler/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy.py

@@ -14,10 +14,10 @@ class awslambda_function_url_cors_policy(Check):
             if function.url_config:
                 if "*" in function.url_config.cors_config.allow_origins:
                     report.status = "FAIL"
-                    report.status_extended = f"Lambda function {function.name} URL has a wide CORS configuration."
+                    report.status_extended = f"Lambda function {function.name} URL has a wide CORS configuration"
                 else:
                     report.status = "PASS"
-                    report.status_extended = f"Lambda function {function.name} does not have a wide CORS configuration."
+                    report.status_extended = f"Lambda function {function.name} has not a wide CORS configuration"
 
                 findings.append(report)
 

prowler/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public.py

@@ -15,10 +15,10 @@ class awslambda_function_url_public(Check):
             if function.url_config:
                 if function.url_config.auth_type == AuthType.AWS_IAM:
                     report.status = "PASS"
-                    report.status_extended = f"Lambda function {function.name} does not have a publicly accessible function URL."
+                    report.status_extended = f"Lambda function {function.name} has not a publicly accessible function URL"
                 else:
                     report.status = "FAIL"
-                    report.status_extended = f"Lambda function {function.name} has a publicly accessible function URL."
+                    report.status_extended = f"Lambda function {function.name} has a publicly accessible function URL"
 
                 findings.append(report)
 

prowler/providers/aws/services/awslambda/awslambda_function_using_supported_runtimes/awslambda_function_using_supported_runtimes.py

@@ -1,3 +1,4 @@
+from prowler.config.config import get_config_var
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.awslambda.awslambda_client import awslambda_client
 
@@ -13,9 +14,7 @@ class awslambda_function_using_supported_runtimes(Check):
                 report.resource_arn = function.arn
                 report.resource_tags = function.tags
 
-                if function.runtime in awslambda_client.audit_config.get(
-                    "obsolete_lambda_runtimes", []
-                ):
+                if function.runtime in get_config_var("obsolete_lambda_runtimes"):
                     report.status = "FAIL"
                     report.status_extended = f"Lambda function {function.name} is using {function.runtime} which is obsolete"
                 else:

prowler/providers/aws/services/awslambda/awslambda_service.py

@@ -1,5 +1,6 @@
 import io
 import json
+import threading
 import zipfile
 from enum import Enum
 from typing import Any, Optional
@@ -10,14 +11,17 @@ from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## Lambda
-class Lambda(AWSService):
+class Lambda:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "lambda"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.functions = {}
         self.__threading_call__(self.__list_functions__)
         self.__list_tags_for_resource__()
@@ -33,6 +37,18 @@ class Lambda(AWSService):
         self.__threading_call__(self.__get_policy__)
         self.__threading_call__(self.__get_function_url_config__)
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __list_functions__(self, regional_client):
         logger.info("Lambda - Listing Functions...")
         try:

prowler/providers/aws/services/backup/backup_service.py

@@ -1,3 +1,4 @@
+import threading
 from datetime import datetime
 from typing import Optional
 
@@ -5,14 +6,23 @@ from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import (
+    generate_regional_clients,
+    get_default_region,
+)
 
 
 ################## Backup
-class Backup(AWSService):
+class Backup:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "backup"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audited_partition = audit_info.audited_partition
+        self.audited_account_arn = audit_info.audited_account_arn
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
+        self.region = get_default_region(self.service, audit_info)
         self.backup_vaults = []
         self.__threading_call__(self.__list_backup_vaults__)
         self.backup_plans = []
@@ -20,6 +30,15 @@ class Backup(AWSService):
         self.backup_report_plans = []
         self.__threading_call__(self.__list_backup_report_plans__)
 
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __list_backup_vaults__(self, regional_client):
         logger.info("Backup - Listing Backup Vaults...")
         try:

prowler/providers/aws/services/cloudformation/cloudformation_service.py

@@ -1,3 +1,4 @@
+import threading
 from typing import Optional
 
 from botocore.client import ClientError
@@ -5,18 +6,33 @@ from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## CloudFormation
-class CloudFormation(AWSService):
+class CloudFormation:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "cloudformation"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.stacks = []
         self.__threading_call__(self.__describe_stacks__)
         self.__describe_stack__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __describe_stacks__(self, regional_client):
         """Get ALL CloudFormation Stacks"""
         logger.info("CloudFormation - Describing Stacks...")

prowler/providers/aws/services/cloudfront/cloudfront_distributions_logging_enabled/cloudfront_distributions_logging_enabled.metadata.json

@@ -19,7 +19,7 @@
       "Terraform": "https://docs.bridgecrew.io/docs/logging_20#terraform"
     },
     "Recommendation": {
-      "Text": "Real-time monitoring can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Enable logging for services with defined log rotation. These logs are useful for Incident Response and forensics investigation among other use cases.",
+      "Text": "Real-time monitoring can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Enable logging for services with defined log rotation. This logs are useful for Incident Response and forensics investigation among other use cases.",
       "Url": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html"
     }
   },

prowler/providers/aws/services/cloudfront/cloudfront_distributions_using_deprecated_ssl_protocols/cloudfront_distributions_using_deprecated_ssl_protocols.metadata.json

@@ -19,7 +19,7 @@
       "Terraform": ""
     },
     "Recommendation": {
-      "Text": "Use a Security policy with ciphers that are as strong as possible. Drop legacy and insecure ciphers.",
+      "Text": "Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers.",
       "Url": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html"
     }
   },

prowler/providers/aws/services/cloudfront/cloudfront_service.py

@@ -5,18 +5,33 @@ from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## CloudFront
-class CloudFront(AWSService):
+class CloudFront:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info, global_service=True)
+        self.service = "cloudfront"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audit_resources = audit_info.audit_resources
+        global_client = generate_regional_clients(
+            self.service, audit_info, global_service=True
+        )
         self.distributions = {}
-        self.__list_distributions__(self.client, self.region)
-        self.__get_distribution_config__(self.client, self.distributions, self.region)
-        self.__list_tags_for_resource__(self.client, self.distributions, self.region)
+        if global_client:
+            self.client = list(global_client.values())[0]
+            self.region = self.client.region
+            self.__list_distributions__(self.client, self.region)
+            self.__get_distribution_config__(
+                self.client, self.distributions, self.region
+            )
+            self.__list_tags_for_resource__(
+                self.client, self.distributions, self.region
+            )
+
+    def __get_session__(self):
+        return self.session
 
     def __list_distributions__(self, client, region) -> dict:
         logger.info("CloudFront - Listing Distributions...")
@@ -55,11 +70,13 @@ class CloudFront(AWSService):
                 ]["Logging"]["Enabled"]
                 distributions[
                     distribution_id
-                ].geo_restriction_type = GeoRestrictionType(
-                    distribution_config["DistributionConfig"]["Restrictions"][
-                        "GeoRestriction"
-                    ]["RestrictionType"]
-                )
+                ].geo_restriction_type = distribution_config["DistributionConfig"][
+                    "Restrictions"
+                ][
+                    "GeoRestriction"
+                ][
+                    "RestrictionType"
+                ]
                 distributions[distribution_id].web_acl_id = distribution_config[
                     "DistributionConfig"
                 ]["WebACLId"]
@@ -69,11 +86,9 @@ class CloudFront(AWSService):
                     realtime_log_config_arn=distribution_config["DistributionConfig"][
                         "DefaultCacheBehavior"
                     ].get("RealtimeLogConfigArn"),
-                    viewer_protocol_policy=ViewerProtocolPolicy(
-                        distribution_config["DistributionConfig"][
-                            "DefaultCacheBehavior"
-                        ].get("ViewerProtocolPolicy")
-                    ),
+                    viewer_protocol_policy=distribution_config["DistributionConfig"][
+                        "DefaultCacheBehavior"
+                    ].get("ViewerProtocolPolicy"),
                     field_level_encryption_id=distribution_config["DistributionConfig"][
                         "DefaultCacheBehavior"
                     ].get("FieldLevelEncryptionId"),
@@ -131,7 +146,7 @@ class DefaultCacheConfigBehaviour(BaseModel):
 
 
 class Distribution(BaseModel):
-    """Distribution holds a CloudFront Distribution resource"""
+    """Distribution holds a CloudFront Distribution with the required information to run the rela"""
 
     arn: str
     id: str

prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.py

@@ -18,17 +18,17 @@ class cloudtrail_bucket_requires_mfa_delete(Check):
                 report.resource_arn = trail.arn
                 report.resource_tags = trail.tags
                 report.status = "FAIL"
-                report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) does not have MFA delete enabled."
+                report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) has not MFA delete enabled"
                 for bucket in s3_client.buckets:
                     if trail_bucket == bucket.name:
                         trail_bucket_is_in_account = True
                         if bucket.mfa_delete:
                             report.status = "PASS"
-                            report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) has MFA delete enabled."
+                            report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) has MFA delete enabled"
                 # check if trail bucket is a cross account bucket
                 if not trail_bucket_is_in_account:
-                    report.status = "INFO"
-                    report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) is a cross-account bucket in another account out of Prowler's permissions scope, please check it manually."
+                    report.status = "PASS"
+                    report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) is a cross-account bucket in another account out of Prowler's permissions scope, please check it manually"
 
                 findings.append(report)
 

prowler/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled.metadata.json

@@ -23,7 +23,7 @@
       "Terraform": ""
     },
     "Recommendation": {
-      "Text": "Validate that the trails in CloudTrail have an arn set in the CloudWatchLogsLogGroupArn property.",
+      "Text": "Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.",
       "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html"
     }
   },

prowler/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist.py

@@ -15,11 +15,13 @@ class cloudtrail_insights_exist(Check):
                 report.resource_arn = trail.arn
                 report.resource_tags = trail.tags
                 report.status = "FAIL"
-                report.status_extended = f"Trail {trail.name} does not have insight selectors and it is logging."
+                report.status_extended = (
+                    f"Trail {trail.name} has not insight selectors and it is logging"
+                )
                 if trail.has_insight_selectors:
                     report.status = "PASS"
                     report.status_extended = (
-                        f"Trail {trail.name} has insight selectors and it is logging."
+                        f"Trail {trail.name} has insight selectors and it is logging"
                     )
                 findings.append(report)
         return findings

prowler/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled.py

@@ -35,7 +35,6 @@ class cloudtrail_logs_s3_bucket_access_logging_enabled(Check):
 
                 # check if trail is delivering logs in a cross account bucket
                 if not trail_bucket_is_in_account:
-                    report.status = "INFO"
                     report.status_extended = f"Trail {trail.name} is delivering logs in a cross-account bucket {trail_bucket} in another account out of Prowler's permissions scope, please check it manually"
                 findings.append(report)
 

prowler/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible.py

@@ -41,7 +41,6 @@ class cloudtrail_logs_s3_bucket_is_not_publicly_accessible(Check):
                                     break
                 # check if trail bucket is a cross account bucket
                 if not trail_bucket_is_in_account:
-                    report.status = "INFO"
                     report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) is a cross-account bucket in another account out of Prowler's permissions scope, please check it manually"
                 findings.append(report)
 

prowler/providers/aws/services/cloudtrail/cloudtrail_service.py

@@ -1,3 +1,4 @@
+import threading
 from datetime import datetime
 from typing import Optional
 
@@ -6,14 +7,23 @@ from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import (
+    generate_regional_clients,
+    get_default_region,
+)
 
 
 ################### CLOUDTRAIL
-class Cloudtrail(AWSService):
+class Cloudtrail:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "cloudtrail"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audited_partition = audit_info.audited_partition
+        self.audited_account_arn = audit_info.audited_account_arn
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
+        self.region = get_default_region(self.service, audit_info)
         self.trails = []
         self.__threading_call__(self.__get_trails__)
         self.__get_trail_status__()
@@ -21,6 +31,18 @@ class Cloudtrail(AWSService):
         self.__get_event_selectors__()
         self.__list_tags_for_resource__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __get_trails__(self, regional_client):
         logger.info("Cloudtrail - Getting trails...")
         try:

prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.py

@@ -8,8 +8,8 @@ class cloudwatch_cross_account_sharing_disabled(Check):
         report = Check_Report_AWS(self.metadata())
         report.status = "PASS"
         report.status_extended = "CloudWatch doesn't allow cross-account sharing"
-        report.resource_arn = iam_client.audited_account_arn
-        report.resource_id = iam_client.audited_account
+        report.resource_arn = iam_client.account_arn
+        report.resource_id = iam_client.account
         report.region = iam_client.region
         for role in iam_client.roles:
             if role.name == "CloudWatch-CrossAccountSharingRole":

prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled.py

@@ -1,3 +1,4 @@
+from prowler.config.config import get_config_var
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client
 
@@ -5,11 +6,7 @@ from prowler.providers.aws.services.cloudwatch.logs_client import logs_client
 class cloudwatch_log_group_retention_policy_specific_days_enabled(Check):
     def execute(self):
         findings = []
-
-        # log_group_retention_days, default: 365 days
-        specific_retention_days = logs_client.audit_config.get(
-            "log_group_retention_days", 365
-        )
+        specific_retention_days = get_config_var("log_group_retention_days")
         for log_group in logs_client.log_groups:
             report = Check_Report_AWS(self.metadata())
             report.region = log_group.region

prowler/providers/aws/services/cloudwatch/cloudwatch_service.py

@@ -1,3 +1,4 @@
+import threading
 from datetime import datetime, timezone
 from typing import Optional
 
@@ -6,18 +7,39 @@ from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## CloudWatch
-class CloudWatch(AWSService):
+class CloudWatch:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "cloudwatch"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audit_resources = audit_info.audit_resources
+        self.audited_partition = audit_info.audited_partition
+        self.region = list(
+            generate_regional_clients(
+                self.service, audit_info, global_service=True
+            ).keys()
+        )[0]
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.metric_alarms = []
         self.__threading_call__(self.__describe_alarms__)
         self.__list_tags_for_resource__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __describe_alarms__(self, regional_client):
         logger.info("CloudWatch - Describing alarms...")
         try:
@@ -63,10 +85,14 @@ class CloudWatch(AWSService):
 
 
 ################## CloudWatch Logs
-class Logs(AWSService):
+class Logs:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "logs"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audited_partition = audit_info.audited_partition
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.metric_filters = []
         self.log_groups = []
         self.__threading_call__(self.__describe_metric_filters__)
@@ -81,6 +107,18 @@ class Logs(AWSService):
             self.__threading_call__(self.__get_log_events__)
         self.__list_tags_for_resource__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __describe_metric_filters__(self, regional_client):
         logger.info("CloudWatch Logs - Describing metric filters...")
         try:

prowler/providers/aws/services/codeartifact/codeartifact_packages_external_public_publishing_disabled/codeartifact_packages_external_public_publishing_disabled.py

@@ -33,6 +33,6 @@ class codeartifact_packages_external_public_publishing_disabled(Check):
                         report.status = "PASS"
                         report.status_extended = f"Internal package {package.name} is not vulnerable to dependency confusion in repository {repository.arn}"
 
-                    findings.append(report)
+                findings.append(report)
 
         return findings

prowler/providers/aws/services/codeartifact/codeartifact_service.py

@@ -1,3 +1,4 @@
+import threading
 from enum import Enum
 from typing import Optional
 
@@ -6,20 +7,35 @@ from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## CodeArtifact
-class CodeArtifact(AWSService):
+class CodeArtifact:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "codeartifact"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         # repositories is a dictionary containing all the codeartifact service information
         self.repositories = {}
         self.__threading_call__(self.__list_repositories__)
         self.__threading_call__(self.__list_packages__)
         self.__list_tags_for_resource__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __list_repositories__(self, regional_client):
         logger.info("CodeArtifact - Listing Repositories...")
         try:

prowler/providers/aws/services/codebuild/codebuild_service.py

@@ -1,21 +1,38 @@
 import datetime
+import threading
 from dataclasses import dataclass
 from typing import Optional
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################### Codebuild
-class Codebuild(AWSService):
+class Codebuild:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "codebuild"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audited_partition = audit_info.audited_partition
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.projects = []
         self.__threading_call__(self.__list_projects__)
         self.__list_builds_for_project__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __list_projects__(self, regional_client):
         logger.info("Codebuild - listing projects")
         try:

prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json

@@ -21,7 +21,7 @@
       "Terraform": "https://docs.bridgecrew.io/docs/logging_5-enable-aws-config-regions#terraform"
     },
     "Recommendation": {
-      "Text": "It is recommended to enable AWS Config in all regions.",
+      "Text": "It is recommended to enable AWS Config be enabled in all regions.",
       "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/"
     }
   },

prowler/providers/aws/services/config/config_service.py

@@ -1,20 +1,38 @@
+import threading
 from typing import Optional
 
 from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## Config
-class Config(AWSService):
+class Config:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "config"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audited_partition = audit_info.audited_partition
+        self.audited_account_arn = audit_info.audited_account_arn
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.recorders = []
         self.__threading_call__(self.__describe_configuration_recorder_status__)
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __describe_configuration_recorder_status__(self, regional_client):
         logger.info("Config - Listing Recorders...")
         try:

prowler/providers/aws/services/directoryservice/directoryservice_service.py

@@ -1,3 +1,4 @@
+import threading
 from datetime import datetime
 from enum import Enum
 from typing import Optional, Union
@@ -7,14 +8,17 @@ from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## DirectoryService
-class DirectoryService(AWSService):
+class DirectoryService:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__("ds", audit_info)
+        self.service = "ds"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.directories = {}
         self.__threading_call__(self.__describe_directories__)
         self.__threading_call__(self.__list_log_subscriptions__)
@@ -23,6 +27,18 @@ class DirectoryService(AWSService):
         self.__threading_call__(self.__get_snapshot_limits__)
         self.__list_tags_for_resource__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __describe_directories__(self, regional_client):
         logger.info("DirectoryService - Describing Directories...")
         try:
@@ -38,17 +54,15 @@ class DirectoryService(AWSService):
                     ):
                         directory_id = directory["DirectoryId"]
                         directory_name = directory["Name"]
-                        directory_type = DirectoryType(directory["Type"])
+                        directory_type = directory["Type"]
                         # Radius Configuration
                         radius_authentication_protocol = (
-                            AuthenticationProtocol(
-                                directory["RadiusSettings"]["AuthenticationProtocol"]
-                            )
+                            directory["RadiusSettings"]["AuthenticationProtocol"]
                             if "RadiusSettings" in directory
                             else None
                         )
                         radius_status = (
-                            RadiusStatus(directory["RadiusStatus"])
+                            directory["RadiusStatus"]
                             if "RadiusStatus" in directory
                             else None
                         )

prowler/providers/aws/services/drs/drs_service.py

@@ -1,19 +1,43 @@
+import threading
+
 from botocore.client import ClientError
 from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
-
+from prowler.providers.aws.aws_provider import (
+    generate_regional_clients,
+    get_default_region,
+)
 
 ################## DRS (Elastic Disaster Recovery Service)
-class DRS(AWSService):
+
+
+class DRS:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "drs"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audited_partition = audit_info.audited_partition
+        self.audited_account_arn = audit_info.audited_account_arn
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
+        self.region = get_default_region(self.service, audit_info)
         self.drs_services = []
         self.__threading_call__(self.__describe_jobs__)
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __describe_jobs__(self, regional_client):
         logger.info("DRS - Describe Jobs...")
         try:

prowler/providers/aws/services/dynamodb/dynamodb_service.py

@@ -1,3 +1,4 @@
+import threading
 from typing import Optional
 
 from botocore.client import ClientError
@@ -5,20 +6,36 @@ from pydantic import BaseModel
 
 from prowler.lib.logger import logger
 from prowler.lib.scan_filters.scan_filters import is_resource_filtered
-from prowler.providers.aws.lib.service.service import AWSService
+from prowler.providers.aws.aws_provider import generate_regional_clients
 
 
 ################## DynamoDB
-class DynamoDB(AWSService):
+class DynamoDB:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "dynamodb"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audit_resources = audit_info.audit_resources
+        self.audited_partition = audit_info.audited_partition
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.tables = []
         self.__threading_call__(self.__list_tables__)
         self.__describe_table__()
         self.__describe_continuous_backups__()
         self.__list_tags_for_resource__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __list_tables__(self, regional_client):
         logger.info("DynamoDB - Listing tables...")
         try:
@@ -65,29 +82,18 @@ class DynamoDB(AWSService):
         logger.info("DynamoDB - Describing Continuous Backups...")
         try:
             for table in self.tables:
-                try:
-                    regional_client = self.regional_clients[table.region]
-                    properties = regional_client.describe_continuous_backups(
-                        TableName=table.name
-                    )["ContinuousBackupsDescription"]
-                    if "PointInTimeRecoveryDescription" in properties:
-                        if (
-                            properties["PointInTimeRecoveryDescription"][
-                                "PointInTimeRecoveryStatus"
-                            ]
-                            == "ENABLED"
-                        ):
-                            table.pitr = True
-                except ClientError as error:
-                    if error.response["Error"]["Code"] == "TableNotFoundException":
-                        logger.warning(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
-                    else:
-                        logger.error(
-                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                        )
-                    continue
+                regional_client = self.regional_clients[table.region]
+                properties = regional_client.describe_continuous_backups(
+                    TableName=table.name
+                )["ContinuousBackupsDescription"]
+                if "PointInTimeRecoveryDescription" in properties:
+                    if (
+                        properties["PointInTimeRecoveryDescription"][
+                            "PointInTimeRecoveryStatus"
+                        ]
+                        == "ENABLED"
+                    ):
+                        table.pitr = True
         except Exception as error:
             logger.error(
                 f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
@@ -120,14 +126,29 @@ class DynamoDB(AWSService):
 
 
 ################## DynamoDB DAX
-class DAX(AWSService):
+class DAX:
     def __init__(self, audit_info):
-        # Call AWSService's __init__
-        super().__init__(__class__.__name__, audit_info)
+        self.service = "dax"
+        self.session = audit_info.audit_session
+        self.audited_account = audit_info.audited_account
+        self.audit_resources = audit_info.audit_resources
+        self.regional_clients = generate_regional_clients(self.service, audit_info)
         self.clusters = []
         self.__threading_call__(self.__describe_clusters__)
         self.__list_tags_for_resource__()
 
+    def __get_session__(self):
+        return self.session
+
+    def __threading_call__(self, call):
+        threads = []
+        for regional_client in self.regional_clients.values():
+            threads.append(threading.Thread(target=call, args=(regional_client,)))
+        for t in threads:
+            t.start()
+        for t in threads:
+            t.join()
+
     def __describe_clusters__(self, regional_client):
         logger.info("DynamoDB DAX - Describing clusters...")
         try:

prowler/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public.metadata.json

@@ -11,7 +11,7 @@
   "Severity": "critical",
   "ResourceType": "Other",
   "Description": "Ensure there are no EC2 AMIs set as Public.",
-  "Risk": "When your AMIs are publicly accessible, they are available in the Community AMIs where everyone with an AWS account can use them to launch EC2 instances. Your AMIs could contain snapshots of your applications (including their data), therefore exposing your snapshots in this manner is not advised.",
+  "Risk": "A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.",
   "RelatedUrl": "",
   "Remediation": {
     "Code": {
@@ -21,8 +21,8 @@
       "Terraform": ""
     },
     "Recommendation": {
-      "Text": "We recommend your EC2 AMIs are not publicly accessible, or generally available in the Community AMIs.",
-      "Url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cancel-sharing-an-AMI.html"
+      "Text": "List all shared AMIs and make sure there is a business reason for them.",
+      "Url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/usingsharedamis-finding.html"
     }
   },
   "Categories": [

prowler/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan.py

@@ -1,5 +1,6 @@
 import shodan
 
+from prowler.config.config import get_config_var
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.lib.logger import logger
 from prowler.providers.aws.services.ec2.ec2_client import ec2_client
@@ -8,7 +9,7 @@ from prowler.providers.aws.services.ec2.ec2_client import ec2_client
 class ec2_elastic_ip_shodan(Check):
     def execute(self):
         findings = []
-        shodan_api_key = ec2_client.audit_config.get("shodan_api_key")
+        shodan_api_key = get_config_var("shodan_api_key")
         if shodan_api_key:
             api = shodan.Shodan(shodan_api_key)
             for eip in ec2_client.elastic_ips:

prowler/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled.metadata.json

@@ -21,7 +21,7 @@
       "Terraform": "https://docs.bridgecrew.io/docs/bc_aws_general_31#terraform"
     },
     "Recommendation": {
-      "Text": "If you don't need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.",
+      "Text": "If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.",
       "Url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html#configuring-instance-metadata-options"
     }
   },

prowler/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days.py

@@ -1,5 +1,6 @@
 from datetime import datetime, timezone
 
+from prowler.config.config import get_config_var
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.ec2.ec2_client import ec2_client
 
@@ -7,11 +8,7 @@ from prowler.providers.aws.services.ec2.ec2_client import ec2_client
 class ec2_instance_older_than_specific_days(Check):
     def execute(self):
         findings = []
-
-        # max_ec2_instance_age_in_days, default: 180 days
-        max_ec2_instance_age_in_days = ec2_client.audit_config.get(
-            "max_ec2_instance_age_in_days", 180
-        )
+        max_ec2_instance_age_in_days = get_config_var("max_ec2_instance_age_in_days")
         for instance in ec2_client.instances:
             report = Check_Report_AWS(self.metadata())
             report.region = instance.region

prowler/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.py

@@ -18,7 +18,7 @@ class ec2_instance_public_ip(Check):
                 else:
                     report.status = "PASS"
                     report.status_extended = (
-                        f"EC2 Instance {instance.id} does not have a Public IP."
+                        f"EC2 Instance {instance.id} has not a Public IP."
                     )
                     report.resource_id = instance.id
                 findings.append(report)