Prowler allows you to execute checks based on requirements defined in compliance frameworks.
List Available Compliance Frameworks¶
In order to see which compliance frameworks are cover by Prowler, you can use option
List Requirements of Compliance Frameworks¶
For each compliance framework, you can use option
--list-compliance-requirements to list its requirements:
Example for the first requirements of CIS 1.5 for AWS:
Listing CIS 1.5 AWS Compliance Requirements: Requirement Id: 1.1 - Description: Maintain current contact details - Checks: account_maintain_current_contact_details Requirement Id: 1.2 - Description: Ensure security contact information is registered - Checks: account_security_contact_information_is_registered Requirement Id: 1.3 - Description: Ensure security questions are registered in the AWS account - Checks: account_security_questions_are_registered_in_the_aws_account Requirement Id: 1.4 - Description: Ensure no 'root' user account access key exists - Checks: iam_no_root_access_key Requirement Id: 1.5 - Description: Ensure MFA is enabled for the 'root' user account - Checks: iam_root_mfa_enabled [redacted]
Execute Prowler based on Compliance Frameworks¶
As we mentioned, Prowler can be execute to analyse you environment based on a specific compliance framework, to do it, you can use option
Create and contribute adding other Security Frameworks¶
This information is part of the Developer Guide and can be found here: https://docs.prowler.cloud/en/latest/tutorials/developer-guide/.