Reino: Environment

Esta seção contém tudo o que fica fora do código-fonte, porém que é essencial para a segurança do produto que está sendo criado. Como os problemas tratados neste domínio não são diretamente relacionados com o código-fonte, nós o separamos dos demais domínios.

AWS CloudFormation Misconfiguration: DynamoDB Backup Disabled

Abstract
Uma configuração desativa um recurso de backup ou recuperação de dados.
Explanation
Backups e controles de recuperação de dados protegem os dados e garantem sua disponibilidade para que a empresa possa manter as operações diárias.
References
[1] Standards Mapping - FIPS200 CM
[2] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[3] Standards Mapping - NIST Special Publication 800-53 Revision 4 SI-2 Flaw Remediation (P1)
[4] Standards Mapping - NIST Special Publication 800-53 Revision 5 SI-2 Flaw Remediation
[5] Standards Mapping - OWASP API 2023 API8 Security Misconfiguration
[6] Standards Mapping - OWASP Top 10 2017 A9 Using Components with Known Vulnerabilities
[7] Standards Mapping - OWASP Top 10 2021 A06 Vulnerable and Outdated Components
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.2
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.3.3
[10] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 10.2 - Threat and Vulnerability Management
[11] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 10.2 - Threat and Vulnerability Management
[12] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 10.2 - Threat and Vulnerability Management, Control Objective C.1.6 - Web Software Components & Services
desc.structural.iac.misconfiguration_backup_disabled.base
Abstract
Uma configuração desativa um recurso de backup ou recuperação de dados.
Explanation
Backups e controles de recuperação de dados protegem os dados e garantem sua disponibilidade para que a empresa possa manter as operações diárias.
References
[1] Standards Mapping - FIPS200 CM
[2] Standards Mapping - General Data Protection Regulation (GDPR) Insufficient Data Protection
[3] Standards Mapping - NIST Special Publication 800-53 Revision 4 SI-2 Flaw Remediation (P1)
[4] Standards Mapping - NIST Special Publication 800-53 Revision 5 SI-2 Flaw Remediation
[5] Standards Mapping - OWASP API 2023 API8 Security Misconfiguration
[6] Standards Mapping - OWASP Top 10 2017 A9 Using Components with Known Vulnerabilities
[7] Standards Mapping - OWASP Top 10 2021 A06 Vulnerable and Outdated Components
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.2
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.3.3
[10] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 10.2 - Threat and Vulnerability Management
[11] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 10.2 - Threat and Vulnerability Management
[12] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 10.2 - Threat and Vulnerability Management, Control Objective C.1.6 - Web Software Components & Services
desc.structural.iac.misconfiguration_backup_disabled.base