Question 1

Is auto_minor_version_upgrade enforced for FFIEC Cybersecurity Assessment Tool?

Accepted Answer

Yes, Ensure that AWS Relational Database Service (RDS) database instances are configured for automatic minor version upgrades. The rule is non-compliant if the value of 'autoMinorVersionUpgrade' is false.

Question 2

Is backup_retention_period enforced for FFIEC Cybersecurity Assessment Tool?

Accepted Answer

Yes, The backup feature of AWS RDS creates backups of your databases and transaction logs.

Question 3

Is cloudwatch_log_group_retention_in_days enforced for FFIEC Cybersecurity Assessment Tool?

Accepted Answer

Yes, Ensure a minimum duration of event log data is retained for your log groups to help with troubleshooting and forensics investigations.

Question 4

Is deletion_protection enforced for FFIEC Cybersecurity Assessment Tool?

Accepted Answer

Yes, Ensure AWS Relational Database Service (AWS RDS) instances have deletion protection enabled.

Question 5

Is enabled_cloudwatch_logs_exports enforced for FFIEC Cybersecurity Assessment Tool?

Accepted Answer

Yes, To help with logging and monitoring within your environment, ensure AWS Relational Database Service (AWS RDS) logging is enabled.

Question 6

Is monitoring_interval enforced for FFIEC Cybersecurity Assessment Tool?

Accepted Answer

Yes, Enable AWS Relational Database Service (AWS RDS) to help monitor AWS RDS availability. This provides detailed visibility into the health of your AWS RDS database instances.

Question 7

Is multi_az enforced for FFIEC Cybersecurity Assessment Tool?

Accepted Answer

Yes, Multi-AZ support in AWS Relational Database Service (AWS RDS) provides enhanced availability and durability for database instances.

Question 8

Is publicly_accessible enforced for FFIEC Cybersecurity Assessment Tool?

Accepted Answer

Yes, Manage access to resources in the AWS Cloud by ensuring that AWS Relational Database Service (AWS RDS) instances are not public.

Question 9

Is storage_encrypted enforced for FFIEC Cybersecurity Assessment Tool?

Accepted Answer

Yes, To help protect data at rest, ensure that encryption is enabled for your AWS Relational Database Service (AWS RDS) instances.

AWS RDS Terraform module

Terraform Module Source