Threat Model Name:
Owner:
Reviewer:
Contributors:
Description:
Assumptions:
External Dependencies:
| Not Started | 43 |
| Not Applicable | 0 |
| Needs Investigation | 0 |
| Mitigation Implemented | 0 |
| Total | 43 |
| Total Migrated | 0 |
| Not Started | 43 |
| Not Applicable | 0 |
| Needs Investigation | 0 |
| Mitigation Implemented | 0 |
| Total | 43 |
| Total Migrated | 0 |
| Category: | Interface |
| Description: | CloudFront field-level encryption helps secure sensitive data such as a customer phone numbers by adding another security layer to CloudFront HTTPS. Using this functionality, you can help ensure that sensitive information in a POST request is encrypted at CloudFront edge locations. This information remains encrypted as it flows to and beyond your origin servers that terminate HTTPS connections with CloudFront and throughout the application environment. |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure CloudFront field-level encryption is enabled to ensure sensitive data is encrypted at CloudFront edge locations. |
| Comments: |
| Category: | Network Boundary |
| Description: | AWS Trusted Advisor is a tool, that allows to evaluate AWS account security (such as SG unrestricted ports and access, IAM policies, MFA usage, etc ) and optimization best practices |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure that AWS Trusted Advisor is used and its report reviewed on a regular basis |
| Comments: |
| Category: | Network Boundary |
| Description: | A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure AWS WAF is enabled to protect public accesible part of the application accessible from the internet for corresponding security group: for example, AWS WAF can be configured to inspect the traffic that is permitted to reach 443 port |
| Comments: |
| Category: | Network Boundary |
| Description: | A distributed denial of service (DDoS) attack is an attack in which multiple compromised systems attempt to flood a target, such as a network or web application, with traffic. A DDoS attack can prevent legitimate users from accessing a service and can cause the system to crash due to the overwhelming traffic volume. |
| Justification: | Security Requirement |
| Action Items: | 1. AWS provides two levels of protection against DDoS attacks: AWS Shield Standard and AWS Shield Advanced see https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html |
| Comments: |
| Category: | Interface |
| Description: | API Gateway provides a number of security features to consider as you develop and implement your own security policies. The following best practices are general guidelines and don’t represent a complete security solution. Because these best practices might not be appropriate or sufficient for your environment, treat them as helpful considerations rather than prescriptions. |
| Justification: | Security Requirement |
| Action Items: | 1. Implement least privilege access: Use IAM policies to implement least privilege access for creating, reading, updating, or deleting API Gateway APIs 2. Implement logging: Use CloudWatch Logs or Amazon Kinesis Data Firehose to log requests to your APIs 3. Implement Amazon CloudWatch alarms: Implement Amazon CloudWatch alarms 4. Enable AWS CloudTrail: CloudTrail provides a record of actions taken by a user, role, or an AWS service in API Gateway. Using the information collected by CloudTrail, you can determine the request that was made to API Gateway, the IP address from which the request was made, who made the request, when it was made, and additional details 5. Enable AWS Config: AWS Config provides a detailed view of the configuration of AWS resources in your account |
| Comments: |
| Category: | Interface |
| Description: | CloudFront field-level encryption helps secure sensitive data such as a customer phone numbers by adding another security layer to CloudFront HTTPS. Using this functionality, you can help ensure that sensitive information in a POST request is encrypted at CloudFront edge locations. This information remains encrypted as it flows to and beyond your origin servers that terminate HTTPS connections with CloudFront and throughout the application environment. |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure CloudFront field-level encryption is enabled to ensure sensitive data is encrypted at CloudFront edge locations. |
| Comments: |
| Category: | Compute |
| Description: | If you have broken down your application into fine-grained “micro-lambdas” that do one thing and do it well, then you can apply fine-grained policies that prevent your code (or third party code) accessing resources they shouldn’t. |
| Justification: | Security Requirement |
| Action Items: | 1. Keep your Lambdas fine grained with a separation of concerns. |
| Comments: |
| Category: | Compute |
| Description: | Badly configured IAM policies can leave lambdas open to doing things their (or third party) code should not be doing: If we have the ability to send an email, should all lambdas in the project be able to send emails? Or run a machine learning model? Or access an RDS instance? Or call another Lambda? |
| Justification: | Security Requirement |
| Action Items: | 1. Ensuring your IAM policies give the least privilege possible to perform a specific task will reduce the risk of it doing things it’s not supposed to be doing and mitigate the impact of such attacks: the simple version of this is preventing wildcards in roles and policies |
| Comments: |
| Category: | Interface |
| Description: | API Gateway provides a number of security features to consider as you develop and implement your own security policies. The following best practices are general guidelines and don’t represent a complete security solution. Because these best practices might not be appropriate or sufficient for your environment, treat them as helpful considerations rather than prescriptions. |
| Justification: | Security Requirement |
| Action Items: | 1. Implement least privilege access: Use IAM policies to implement least privilege access for creating, reading, updating, or deleting API Gateway APIs 2. Implement logging: Use CloudWatch Logs or Amazon Kinesis Data Firehose to log requests to your APIs 3. Implement Amazon CloudWatch alarms: Implement Amazon CloudWatch alarms 4. Enable AWS CloudTrail: CloudTrail provides a record of actions taken by a user, role, or an AWS service in API Gateway. Using the information collected by CloudTrail, you can determine the request that was made to API Gateway, the IP address from which the request was made, who made the request, when it was made, and additional details 5. Enable AWS Config: AWS Config provides a detailed view of the configuration of AWS resources in your account |
| Comments: |
| Category: | Data Flows |
| Description: | TLS should be configured for GET Secret (encrypted) to prevent attack related with unauthorized data access within VPC |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure Strong TLS is configured (TLS 1.2, 1.3) for Encrypted Phone number |
| Comments: |
| Category: | Compute |
| Description: | Ensure there is a Dead Letter Queue configured for each Lambda function available in your AWS account |
| Justification: | <no mitigation provided> |
| Action Items: | https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Lambda/enable-dead-letter-queue.html |
| Comments: |
| Category: | Compute |
| Description: | Ensure that your Amazon Lambda functions do not share the same execution role in order to promote the Principle of Least Privilege (POLP) by providing each individual function the minimal amount of access required to perform its tasks. There should always be a one-to-one relationship between the Lambda functions and their execution roles, meaning that each Lambda function should have its own IAM execution role, therefore this role should not be shared between functions. |
| Justification: | <no mitigation provided> |
| Action Items: | https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Lambda/sharing-an-iam-role-within-more-than-one-lambda-function.html |
| Comments: |
| Category: | Compute |
| Description: | Ensure that your Amazon Lambda functions have access to VPC-only resources such as AWS Redshift data warehouses, AWS ElastiCache clusters, AWS RDS database instances, and service endpoints that are only accessible from within a particular Virtual Private Cloud (VPC). |
| Justification: | <no mitigation provided> |
| Action Items: | https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Lambda/function-in-vpc.html |
| Comments: |
| Category: | Data Flows |
| Description: | TLS should be configured for GET Secret (encrypted) to prevent attack related with unauthorized data access within VPC |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure Strong TLS is configured (TLS 1.2, 1.3) for Encrypted Phone number |
| Comments: |
| Category: | Compute |
| Description: | If you have broken down your application into fine-grained “micro-lambdas” that do one thing and do it well, then you can apply fine-grained policies that prevent your code (or third party code) accessing resources they shouldn’t. |
| Justification: | Security Requirement |
| Action Items: | 1. Keep your Lambdas fine grained with a separation of concerns. |
| Comments: |
| Category: | Compute |
| Description: | Badly configured IAM policies can leave lambdas open to doing things their (or third party) code should not be doing: If we have the ability to send an email, should all lambdas in the project be able to send emails? Or run a machine learning model? Or access an RDS instance? Or call another Lambda? |
| Justification: | Security Requirement |
| Action Items: | 1. Ensuring your IAM policies give the least privilege possible to perform a specific task will reduce the risk of it doing things it’s not supposed to be doing and mitigate the impact of such attacks: the simple version of this is preventing wildcards in roles and policies |
| Comments: |
| Category: | Database |
| Description: | Ensure AWS Database sensitive information encrypted at Rest to prevent data leakage, unauthorized access or compromise |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure the sensitive information is encrypted in DynamoDB 2. Ensure encryption keys stored in AWS Key Management Service (AWS KMS) |
| Comments: |
| Category: | Compute |
| Description: | If you have broken down your application into fine-grained “micro-lambdas” that do one thing and do it well, then you can apply fine-grained policies that prevent your code (or third party code) accessing resources they shouldn’t. |
| Justification: | Security Requirement |
| Action Items: | 1. Keep your Lambdas fine grained with a separation of concerns. |
| Comments: |
| Category: | Compute |
| Description: | Badly configured IAM policies can leave lambdas open to doing things their (or third party) code should not be doing: If we have the ability to send an email, should all lambdas in the project be able to send emails? Or run a machine learning model? Or access an RDS instance? Or call another Lambda? |
| Justification: | Security Requirement |
| Action Items: | 1. Ensuring your IAM policies give the least privilege possible to perform a specific task will reduce the risk of it doing things it’s not supposed to be doing and mitigate the impact of such attacks: the simple version of this is preventing wildcards in roles and policies |
| Comments: |
| Category: | Database |
| Description: | Ensure AWS Database sensitive information encrypted at Rest to prevent data leakage, unauthorized access or compromise |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure the sensitive information is encrypted in DynamoDB 2. Ensure encryption keys stored in AWS Key Management Service (AWS KMS) |
| Comments: |
| Category: | Data Flows |
| Description: | TLS should be configured for GET Secret (encrypted) to prevent attack related with unauthorized data access within VPC |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure Strong TLS is configured (TLS 1.2, 1.3) for Encrypted Phone number |
| Comments: |
| Category: | AWS Management |
| Description: | Multi-factor authentication (MFA) increases security for your AWS Management Console by adding another authentication method and not relying solely on user name and password. |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure MFA is enabled for AWS Management Console access: https://aws.amazon.com/ru/iam/features/mfa/ |
| Comments: |
| Category: | Network Boundary |
| Description: | AWS Trusted Advisor is a tool, that allows to evaluate AWS account security (such as SG unrestricted ports and access, IAM policies, MFA usage, etc ) and optimization best practices |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure that AWS Trusted Advisor is used and its report reviewed on a regular basis |
| Comments: |
| Category: | Network Boundary |
| Description: | A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure AWS WAF is enabled to protect public accesible part of the application accessible from the internet for corresponding security group: for example, AWS WAF can be configured to inspect the traffic that is permitted to reach 443 port |
| Comments: |
| Category: | Network Boundary |
| Description: | A distributed denial of service (DDoS) attack is an attack in which multiple compromised systems attempt to flood a target, such as a network or web application, with traffic. A DDoS attack can prevent legitimate users from accessing a service and can cause the system to crash due to the overwhelming traffic volume. |
| Justification: | Security Requirement |
| Action Items: | 1. AWS provides two levels of protection against DDoS attacks: AWS Shield Standard and AWS Shield Advanced see https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html |
| Comments: |
| Category: | Compute |
| Description: | If you have broken down your application into fine-grained “micro-lambdas” that do one thing and do it well, then you can apply fine-grained policies that prevent your code (or third party code) accessing resources they shouldn’t. |
| Justification: | Security Requirement |
| Action Items: | 1. Keep your Lambdas fine grained with a separation of concerns. |
| Comments: |
| Category: | Compute |
| Description: | Badly configured IAM policies can leave lambdas open to doing things their (or third party) code should not be doing: If we have the ability to send an email, should all lambdas in the project be able to send emails? Or run a machine learning model? Or access an RDS instance? Or call another Lambda? |
| Justification: | Security Requirement |
| Action Items: | 1. Ensuring your IAM policies give the least privilege possible to perform a specific task will reduce the risk of it doing things it’s not supposed to be doing and mitigate the impact of such attacks: the simple version of this is preventing wildcards in roles and policies |
| Comments: |
| Category: | Data Flows |
| Description: | TLS should be configured for GET Secret (plaintext) to prevent attack related with unauthorized data access within VPC |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure Strong TLS is configured (TLS 1.2, 1.3) for Decrypted phone number |
| Comments: |
| Category: | Compute |
| Description: | Ensure there is a Dead Letter Queue configured for each Lambda function available in your AWS account |
| Justification: | <no mitigation provided> |
| Action Items: | https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Lambda/enable-dead-letter-queue.html |
| Comments: |
| Category: | Compute |
| Description: | Ensure that your Amazon Lambda functions do not share the same execution role in order to promote the Principle of Least Privilege (POLP) by providing each individual function the minimal amount of access required to perform its tasks. There should always be a one-to-one relationship between the Lambda functions and their execution roles, meaning that each Lambda function should have its own IAM execution role, therefore this role should not be shared between functions. |
| Justification: | <no mitigation provided> |
| Action Items: | https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Lambda/sharing-an-iam-role-within-more-than-one-lambda-function.html |
| Comments: |
| Category: | Compute |
| Description: | Ensure that your Amazon Lambda functions have access to VPC-only resources such as AWS Redshift data warehouses, AWS ElastiCache clusters, AWS RDS database instances, and service endpoints that are only accessible from within a particular Virtual Private Cloud (VPC). |
| Justification: | <no mitigation provided> |
| Action Items: | https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Lambda/function-in-vpc.html |
| Comments: |
| Category: | Compute |
| Description: | If you have broken down your application into fine-grained “micro-lambdas” that do one thing and do it well, then you can apply fine-grained policies that prevent your code (or third party code) accessing resources they shouldn’t. |
| Justification: | Security Requirement |
| Action Items: | 1. Keep your Lambdas fine grained with a separation of concerns. |
| Comments: |
| Category: | Compute |
| Description: | Badly configured IAM policies can leave lambdas open to doing things their (or third party) code should not be doing: If we have the ability to send an email, should all lambdas in the project be able to send emails? Or run a machine learning model? Or access an RDS instance? Or call another Lambda? |
| Justification: | Security Requirement |
| Action Items: | 1. Ensuring your IAM policies give the least privilege possible to perform a specific task will reduce the risk of it doing things it’s not supposed to be doing and mitigate the impact of such attacks: the simple version of this is preventing wildcards in roles and policies |
| Comments: |
| Category: | Storage |
| Description: | Usage of Amazon Macie allows to prevent sensitive data (such as PII, access or API keys) leakage and unauthoried access on S3 bucket level |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure that AWS Amazon Macier is used for AWS S3 scan and its report reviewed on a regular basis |
| Comments: |
| Category: | Storage |
| Description: | Ensure AWS Storage sensitive information encrypted at Rest to prevent data leakage, unauthorized access or compromise |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure the sensitive information is encrypted in AWS S3 2. Ensure encryption keys stored in AWS Key Management Service (AWS KMS) |
| Comments: |
| Category: | Storage |
| Description: | Ensure that Amazon S3 public access is blocked at the AWS account level for data protection. |
| Justification: | Security Requirement |
| Action Items: | https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/S3/bucket-public-access-block.html |
| Comments: |
| Category: | Storage |
| Description: | Ensure that Amazon S3 public access is blocked at the S3 bucket level for data protection |
| Justification: | Security Requirement |
| Action Items: | https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/S3/bucket-public-access-block.html |
| Comments: |
| Category: | Storage |
| Description: | Ensure S3 buckets do not allow FULL_CONTROL access to AWS authenticated users via S3 ACLs or through ACLs |
| Justification: | <no mitigation provided> |
| Action Items: | https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/S3/s3-bucket-authenticated-users-full-control-access.html |
| Comments: |
| Category: | Storage |
| Description: | Ensure AWS S3 buckets enforce SSL to secure data in transit |
| Justification: | <no mitigation provided> |
| Action Items: | https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/S3/secure-transport.html |
| Comments: |
| Category: | Storage |
| Description: | Ensure that the Objects within the S3 Bucket are Immutable to avoid tempering with the data => each change leads to a fresh version of the S3 Object |
| Justification: | <no mitigation provided> |
| Action Items: | Enable Object Lock and Versioning |
| Comments: |
| Category: | Storage |
| Description: | Ensure AWS S3 buckets have server access logging enabled to track access requests |
| Justification: | <no mitigation provided> |
| Action Items: | https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/S3/s3-bucket-logging-enabled.html |
| Comments: |
| Category: | Storage |
| Description: | Ensure AWS S3 buckets have the MFA Delete feature enabled to avoid unintended deletion of the objects |
| Justification: | <no mitigation provided> |
| Action Items: | https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/S3/s3-bucket-mfa-delete-enabled.html |
| Comments: |
| Category: | Interface |
| Description: | CloudFront field-level encryption helps secure sensitive data such as a customer phone numbers by adding another security layer to CloudFront HTTPS. Using this functionality, you can help ensure that sensitive information in a POST request is encrypted at CloudFront edge locations. This information remains encrypted as it flows to and beyond your origin servers that terminate HTTPS connections with CloudFront and throughout the application environment. |
| Justification: | Security Requirement |
| Action Items: | 1. Ensure CloudFront field-level encryption is enabled to ensure sensitive data is encrypted at CloudFront edge locations. |
| Comments: |