GDPR Checks #385
Comments
|
Hi @ShadySQL and thanks for your question. What I did for GDPR can be found here #189. Basically I mapped GDPR requirements to current Prowler checks (some are CIS and some are custom ones). Btw, Prowler is not a compliance or certification tool, it just try to help to understand what to improve in your AWS account security. Let me know if that clarifies your question. |
|
Thanks for this! I would like to further contribute but want to understand how you got there.
TITLE_ID - What Prawler check mapped to GDPR? Do you have the existing table? Issue 189 is great btw thanks for your contribution there. I was hoping to map the items you grouped by checks to GDPR articles. It appears that based on this: We can deduct that these fall under two articles: Article 25 and Article 32 So I can work that on my end and provide a table on where the prawler checks map to those articles. This would make things a little bit more understandable |
|
From where is that table coming from? It looks like the csv output for check_extra718 in a spreadsheet. TITLE_ID is the unique identifier to every check in Prowler. All CIS benchmark related titles are in group 1, 2, 3 and 4 (based on its number on the CIS benchmark documentation). I used group 7 for all customs checks beyond CIS. Group 5 and 6 are not used, they are free just in case CIS adds more groups to the benchmark in the future. I added other groups of checks as you can see in the groups folders. Basically a group is a way to customize your set of checks, for example GDPR is a group with checks from other groups. SCORED is also part of CIS, some checks result may be scored to use in a scoring report, I have scoring report implemented in Prowler as a proof of concept (use LEVEL is CIS as well, all CIS benchmarks come with two levels, level1 is a practical and prudent type of security level and level2 it is for more comprehensive or defense in depth security. I have them implemented also as groups in Prowler ( Is that now more clear? The list of checks was taken from https://d1.awsstatic.com/whitepapers/compliance/GDPR_Compliance_on_AWS.pdf as stated in #189 and I didn't know about that blog post to be honest. I agree that the output could be more GDPR related than just the checks original tittles but you can create your own reports based on the csv output. In any case, let me know what type of improvements you would make to Prowler to better fit your needs and we can add it to the enchancements list. |
|
This was great info! Thanks all! |
Just ran a gdpr scan with the tool and curious to know what the field: TITLE_ID maps to.
For example for TITLE_ID 7.18 does that map to Article 7 of the GDPR articles?
How about for TITLE_ID 7.XXX ... does that mean those map to Article 7 of the GDPR article?
You can find the articles here: http://www.privacy-regulation.eu/en/
The text was updated successfully, but these errors were encountered: