prowler-compliance
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseWhen to Use
适用场景
Use this skill when:
- Creating a new compliance framework for any provider
- Adding requirements to existing frameworks
- Mapping checks to compliance controls
- Understanding compliance framework structures and attributes
在以下场景使用本技能:
- 为任意提供商创建新的合规框架
- 向现有框架添加要求
- 将检查项映射到合规控制措施
- 了解合规框架的结构和属性
Compliance Framework Location
合规框架存放位置
Frameworks are JSON files located in:
prowler/compliance/{provider}/{framework_name}_{provider}.jsonSupported Providers:
- - Amazon Web Services
aws - - Microsoft Azure
azure - - Google Cloud Platform
gcp - - Kubernetes
kubernetes - - GitHub
github - - Microsoft 365
m365 - - Alibaba Cloud
alibabacloud - - Cloudflare
cloudflare - - Oracle Cloud
oraclecloud - - Oracle Cloud Infrastructure
oci - - NHN Cloud
nhn - - MongoDB Atlas
mongodbatlas - - Infrastructure as Code
iac - - Large Language Models
llm
框架为JSON文件,存放路径:
prowler/compliance/{provider}/{framework_name}_{provider}.json支持的提供商:
- - 亚马逊云服务(Amazon Web Services)
aws - - 微软Azure
azure - - 谷歌云平台(Google Cloud Platform)
gcp - - Kubernetes
kubernetes - - GitHub
github - - 微软365(Microsoft 365)
m365 - - 阿里云
alibabacloud - - Cloudflare
cloudflare - - 甲骨文云(Oracle Cloud)
oraclecloud - - 甲骨文云基础设施(Oracle Cloud Infrastructure)
oci - - NHN Cloud
nhn - - MongoDB Atlas
mongodbatlas - - 基础设施即代码(Infrastructure as Code)
iac - - 大语言模型(Large Language Models)
llm
Base Framework Structure
基础框架结构
All compliance frameworks share this base structure:
json
{
"Framework": "FRAMEWORK_NAME",
"Name": "Full Framework Name with Version",
"Version": "X.X",
"Provider": "PROVIDER",
"Description": "Framework description...",
"Requirements": [
{
"Id": "requirement_id",
"Description": "Requirement description",
"Name": "Optional requirement name",
"Attributes": [...],
"Checks": ["check_name_1", "check_name_2"]
}
]
}所有合规框架共享以下基础结构:
json
{
"Framework": "FRAMEWORK_NAME",
"Name": "Full Framework Name with Version",
"Version": "X.X",
"Provider": "PROVIDER",
"Description": "Framework description...",
"Requirements": [
{
"Id": "requirement_id",
"Description": "Requirement description",
"Name": "Optional requirement name",
"Attributes": [...],
"Checks": ["check_name_1", "check_name_2"]
}
]
}Framework-Specific Attribute Structures
框架专属属性结构
Each framework type has its own attribute model. Below are the exact structures used by Prowler:
每种框架类型都有自己的属性模型。以下是Prowler使用的具体结构:
CIS (Center for Internet Security)
CIS(互联网安全中心,Center for Internet Security)
Framework ID format: (e.g., )
cis_{version}_{provider}cis_5.0_awsjson
{
"Id": "1.1",
"Description": "Maintain current contact details",
"Checks": ["account_maintain_current_contact_details"],
"Attributes": [
{
"Section": "1 Identity and Access Management",
"SubSection": "Optional subsection",
"Profile": "Level 1",
"AssessmentStatus": "Automated",
"Description": "Detailed attribute description",
"RationaleStatement": "Why this control matters",
"ImpactStatement": "Impact of implementing this control",
"RemediationProcedure": "Steps to fix the issue",
"AuditProcedure": "Steps to verify compliance",
"AdditionalInformation": "Extra notes",
"DefaultValue": "Default configuration value",
"References": "https://docs.example.com/reference"
}
]
}Profile values: , , , , ,
AssessmentStatus values: ,
Level 1Level 2E3 Level 1E3 Level 2E5 Level 1E5 Level 2AutomatedManual框架ID格式: (例如:)
cis_{version}_{provider}cis_5.0_awsjson
{
"Id": "1.1",
"Description": "Maintain current contact details",
"Checks": ["account_maintain_current_contact_details"],
"Attributes": [
{
"Section": "1 Identity and Access Management",
"SubSection": "Optional subsection",
"Profile": "Level 1",
"AssessmentStatus": "Automated",
"Description": "Detailed attribute description",
"RationaleStatement": "Why this control matters",
"ImpactStatement": "Impact of implementing this control",
"RemediationProcedure": "Steps to fix the issue",
"AuditProcedure": "Steps to verify compliance",
"AdditionalInformation": "Extra notes",
"DefaultValue": "Default configuration value",
"References": "https://docs.example.com/reference"
}
]
}Profile可选值: , , , , ,
AssessmentStatus可选值: ,
Level 1Level 2E3 Level 1E3 Level 2E5 Level 1E5 Level 2AutomatedManualISO 27001
ISO 27001
Framework ID format: (e.g., )
iso27001_{year}_{provider}iso27001_2022_awsjson
{
"Id": "A.5.1",
"Description": "Policies for information security should be defined...",
"Name": "Policies for information security",
"Checks": ["securityhub_enabled"],
"Attributes": [
{
"Category": "A.5 Organizational controls",
"Objetive_ID": "A.5.1",
"Objetive_Name": "Policies for information security",
"Check_Summary": "Summary of what is being checked"
}
]
}Note: and use this exact spelling (not "Objective").
Objetive_IDObjetive_Name框架ID格式: (例如:)
iso27001_{year}_{provider}iso27001_2022_awsjson
{
"Id": "A.5.1",
"Description": "Policies for information security should be defined...",
"Name": "Policies for information security",
"Checks": ["securityhub_enabled"],
"Attributes": [
{
"Category": "A.5 Organizational controls",
"Objetive_ID": "A.5.1",
"Objetive_Name": "Policies for information security",
"Check_Summary": "Summary of what is being checked"
}
]
}注意: 和使用此精确拼写(非"Objective")。
Objetive_IDObjetive_NameENS (Esquema Nacional de Seguridad - Spain)
ENS(西班牙国家安全框架,Esquema Nacional de Seguridad - Spain)
Framework ID format: (e.g., )
ens_rd2022_{provider}ens_rd2022_awsjson
{
"Id": "op.acc.1.aws.iam.2",
"Description": "Proveedor de identidad centralizado",
"Checks": ["iam_check_saml_providers_sts"],
"Attributes": [
{
"IdGrupoControl": "op.acc.1",
"Marco": "operacional",
"Categoria": "control de acceso",
"DescripcionControl": "Detailed control description in Spanish",
"Nivel": "alto",
"Tipo": "requisito",
"Dimensiones": ["trazabilidad", "autenticidad"],
"ModoEjecucion": "automatico",
"Dependencias": []
}
]
}Nivel values: , , ,
Tipo values: , , ,
Dimensiones values: , , , ,
opcionalbajomedioaltorefuerzorequisitorecomendacionmedidaconfidencialidadintegridadtrazabilidadautenticidaddisponibilidad框架ID格式: (例如:)
ens_rd2022_{provider}ens_rd2022_awsjson
{
"Id": "op.acc.1.aws.iam.2",
"Description": "Proveedor de identidad centralizado",
"Checks": ["iam_check_saml_providers_sts"],
"Attributes": [
{
"IdGrupoControl": "op.acc.1",
"Marco": "operacional",
"Categoria": "control de acceso",
"DescripcionControl": "Detailed control description in Spanish",
"Nivel": "alto",
"Tipo": "requisito",
"Dimensiones": ["trazabilidad", "autenticidad"],
"ModoEjecucion": "automatico",
"Dependencias": []
}
]
}Nivel可选值: , , ,
Tipo可选值: , , ,
Dimensiones可选值: , , , ,
opcionalbajomedioaltorefuerzorequisitorecomendacionmedidaconfidencialidadintegridadtrazabilidadautenticidaddisponibilidadMITRE ATT&CK
MITRE ATT&CK
Framework ID format: (e.g., )
mitre_attack_{provider}mitre_attack_awsMITRE uses a different requirement structure:
json
{
"Name": "Exploit Public-Facing Application",
"Id": "T1190",
"Tactics": ["Initial Access"],
"SubTechniques": [],
"Platforms": ["Containers", "IaaS", "Linux", "Network", "Windows", "macOS"],
"Description": "Adversaries may attempt to exploit a weakness...",
"TechniqueURL": "https://attack.mitre.org/techniques/T1190/",
"Checks": ["guardduty_is_enabled", "inspector2_is_enabled"],
"Attributes": [
{
"AWSService": "Amazon GuardDuty",
"Category": "Detect",
"Value": "Minimal",
"Comment": "Explanation of how this service helps..."
}
]
}For Azure: Use instead of
For GCP: Use instead of
Category values: , ,
Value values: , ,
AzureServiceAWSServiceGCPServiceAWSServiceDetectProtectRespondMinimalPartialSignificant框架ID格式: (例如:)
mitre_attack_{provider}mitre_attack_awsMITRE采用不同的要求结构:
json
{
"Name": "Exploit Public-Facing Application",
"Id": "T1190",
"Tactics": ["Initial Access"],
"SubTechniques": [],
"Platforms": ["Containers", "IaaS", "Linux", "Network", "Windows", "macOS"],
"Description": "Adversaries may attempt to exploit a weakness...",
"TechniqueURL": "https://attack.mitre.org/techniques/T1190/",
"Checks": ["guardduty_is_enabled", "inspector2_is_enabled"],
"Attributes": [
{
"AWSService": "Amazon GuardDuty",
"Category": "Detect",
"Value": "Minimal",
"Comment": "Explanation of how this service helps..."
}
]
}针对Azure: 使用替代
针对GCP: 使用替代
Category可选值: , ,
Value可选值: , ,
AzureServiceAWSServiceGCPServiceAWSServiceDetectProtectRespondMinimalPartialSignificantNIST 800-53
NIST 800-53
Framework ID format: (e.g., )
nist_800_53_revision_{version}_{provider}nist_800_53_revision_5_awsjson
{
"Id": "ac_2_1",
"Name": "AC-2(1) Automated System Account Management",
"Description": "Support the management of system accounts...",
"Checks": ["iam_password_policy_minimum_length_14"],
"Attributes": [
{
"ItemId": "ac_2_1",
"Section": "Access Control (AC)",
"SubSection": "Account Management (AC-2)",
"SubGroup": "AC-2(3) Disable Accounts",
"Service": "iam"
}
]
}框架ID格式: (例如:)
nist_800_53_revision_{version}_{provider}nist_800_53_revision_5_awsjson
{
"Id": "ac_2_1",
"Name": "AC-2(1) Automated System Account Management",
"Description": "Support the management of system accounts...",
"Checks": ["iam_password_policy_minimum_length_14"],
"Attributes": [
{
"ItemId": "ac_2_1",
"Section": "Access Control (AC)",
"SubSection": "Account Management (AC-2)",
"SubGroup": "AC-2(3) Disable Accounts",
"Service": "iam"
}
]
}Generic Compliance (Fallback)
通用合规框架(备选)
For frameworks without specific attribute models:
json
{
"Id": "requirement_id",
"Description": "Requirement description",
"Name": "Optional name",
"Checks": ["check_name"],
"Attributes": [
{
"ItemId": "item_id",
"Section": "Section name",
"SubSection": "Subsection name",
"SubGroup": "Subgroup name",
"Service": "service_name",
"Type": "type"
}
]
}对于没有专属属性模型的框架:
json
{
"Id": "requirement_id",
"Description": "Requirement description",
"Name": "Optional name",
"Checks": ["check_name"],
"Attributes": [
{
"ItemId": "item_id",
"Section": "Section name",
"SubSection": "Subsection name",
"SubGroup": "Subgroup name",
"Service": "service_name",
"Type": "type"
}
]
}AWS Well-Architected Framework
AWS Well-Architected框架
Framework ID format:
aws_well_architected_framework_{pillar}_pillar_awsjson
{
"Id": "SEC01-BP01",
"Description": "Establish common guardrails...",
"Name": "Establish common guardrails",
"Checks": ["account_part_of_organizations"],
"Attributes": [
{
"Name": "Establish common guardrails",
"WellArchitectedQuestionId": "securely-operate",
"WellArchitectedPracticeId": "sec_securely_operate_multi_accounts",
"Section": "Security",
"SubSection": "Security foundations",
"LevelOfRisk": "High",
"AssessmentMethod": "Automated",
"Description": "Detailed description",
"ImplementationGuidanceUrl": "https://docs.aws.amazon.com/..."
}
]
}框架ID格式:
aws_well_architected_framework_{pillar}_pillar_awsjson
{
"Id": "SEC01-BP01",
"Description": "Establish common guardrails...",
"Name": "Establish common guardrails",
"Checks": ["account_part_of_organizations"],
"Attributes": [
{
"Name": "Establish common guardrails",
"WellArchitectedQuestionId": "securely-operate",
"WellArchitectedPracticeId": "sec_securely_operate_multi_accounts",
"Section": "Security",
"SubSection": "Security foundations",
"LevelOfRisk": "High",
"AssessmentMethod": "Automated",
"Description": "Detailed description",
"ImplementationGuidanceUrl": "https://docs.aws.amazon.com/..."
}
]
}KISA ISMS-P (Korea)
KISA ISMS-P(韩国)
Framework ID format: (e.g., )
kisa_isms_p_{year}_{provider}kisa_isms_p_2023_awsjson
{
"Id": "1.1.1",
"Description": "Requirement description",
"Name": "Requirement name",
"Checks": ["check_name"],
"Attributes": [
{
"Domain": "1. Management System",
"Subdomain": "1.1 Management System Establishment",
"Section": "1.1.1 Section Name",
"AuditChecklist": ["Checklist item 1", "Checklist item 2"],
"RelatedRegulations": ["Regulation 1"],
"AuditEvidence": ["Evidence type 1"],
"NonComplianceCases": ["Non-compliance example"]
}
]
}框架ID格式: (例如:)
kisa_isms_p_{year}_{provider}kisa_isms_p_2023_awsjson
{
"Id": "1.1.1",
"Description": "Requirement description",
"Name": "Requirement name",
"Checks": ["check_name"],
"Attributes": [
{
"Domain": "1. Management System",
"Subdomain": "1.1 Management System Establishment",
"Section": "1.1.1 Section Name",
"AuditChecklist": ["Checklist item 1", "Checklist item 2"],
"RelatedRegulations": ["Regulation 1"],
"AuditEvidence": ["Evidence type 1"],
"NonComplianceCases": ["Non-compliance example"]
}
]
}C5 (Germany Cloud Computing Compliance Criteria Catalogue)
C5(德国云计算合规标准目录,Germany Cloud Computing Compliance Criteria Catalogue)
Framework ID format: (e.g., )
c5_{provider}c5_awsjson
{
"Id": "BCM-01",
"Description": "Requirement description",
"Name": "Requirement name",
"Checks": ["check_name"],
"Attributes": [
{
"Section": "BCM Business Continuity Management",
"SubSection": "BCM-01",
"Type": "Basic Criteria",
"AboutCriteria": "Description of criteria",
"ComplementaryCriteria": "Additional criteria"
}
]
}框架ID格式: (例如:)
c5_{provider}c5_awsjson
{
"Id": "BCM-01",
"Description": "Requirement description",
"Name": "Requirement name",
"Checks": ["check_name"],
"Attributes": [
{
"Section": "BCM Business Continuity Management",
"SubSection": "BCM-01",
"Type": "Basic Criteria",
"AboutCriteria": "Description of criteria",
"ComplementaryCriteria": "Additional criteria"
}
]
}CCC (Cloud Computing Compliance)
CCC(云计算合规,Cloud Computing Compliance)
Framework ID format: (e.g., )
ccc_{provider}ccc_awsjson
{
"Id": "CCC.C01",
"Description": "Requirement description",
"Name": "Requirement name",
"Checks": ["check_name"],
"Attributes": [
{
"FamilyName": "Cryptography & Key Management",
"FamilyDescription": "Family description",
"Section": "CCC.C01",
"SubSection": "Key Management",
"SubSectionObjective": "Objective description",
"Applicability": ["IaaS", "PaaS", "SaaS"],
"Recommendation": "Recommended action",
"SectionThreatMappings": [{"threat": "T1190"}],
"SectionGuidelineMappings": [{"guideline": "NIST"}]
}
]
}框架ID格式: (例如:)
ccc_{provider}ccc_awsjson
{
"Id": "CCC.C01",
"Description": "Requirement description",
"Name": "Requirement name",
"Checks": ["check_name"],
"Attributes": [
{
"FamilyName": "Cryptography & Key Management",
"FamilyDescription": "Family description",
"Section": "CCC.C01",
"SubSection": "Key Management",
"SubSectionObjective": "Objective description",
"Applicability": ["IaaS", "PaaS", "SaaS"],
"Recommendation": "Recommended action",
"SectionThreatMappings": [{"threat": "T1190"}],
"SectionGuidelineMappings": [{"guideline": "NIST"}]
}
]
}Prowler ThreatScore
Prowler ThreatScore
Framework ID format: (e.g., )
prowler_threatscore_{provider}prowler_threatscore_awsProwler ThreatScore is a custom security scoring framework developed by Prowler that evaluates AWS account security based on four main pillars:
| Pillar | Description |
|---|---|
| 1. IAM | Identity and Access Management controls (authentication, authorization, credentials) |
| 2. Attack Surface | Network exposure, public resources, security group rules |
| 3. Logging and Monitoring | Audit logging, threat detection, forensic readiness |
| 4. Encryption | Data at rest and in transit encryption |
Scoring System:
- LevelOfRisk (1-5): Severity of the security issue
- = Critical (e.g., root MFA, public S3 buckets)
5 - = High (e.g., user MFA, public EC2)
4 - = Medium (e.g., password policies, encryption)
3 - = Low
2 - = Informational
1
- Weight: Impact multiplier for score calculation
- = Critical controls (root security, public exposure)
1000 - = High-impact controls (user authentication, monitoring)
100 - = Standard controls (password policies, encryption)
10 - = Low-impact controls (best practices)
1
json
{
"Id": "1.1.1",
"Description": "Ensure MFA is enabled for the 'root' user account",
"Checks": ["iam_root_mfa_enabled"],
"Attributes": [
{
"Title": "MFA enabled for 'root'",
"Section": "1. IAM",
"SubSection": "1.1 Authentication",
"AttributeDescription": "The root user account holds the highest level of privileges within an AWS account. Enabling MFA enhances security by adding an additional layer of protection.",
"AdditionalInformation": "Enabling MFA enhances console security by requiring the authenticating user to both possess a time-sensitive key-generating device and have knowledge of their credentials.",
"LevelOfRisk": 5,
"Weight": 1000
}
]
}Available for providers: AWS, Kubernetes, M365
框架ID格式: (例如:)
prowler_threatscore_{provider}prowler_threatscore_awsProwler ThreatScore是Prowler开发的自定义安全评分框架,基于四大核心支柱评估AWS账户安全:
| 支柱 | 描述 |
|---|---|
| 1. IAM | 身份与访问管理控制措施(认证、授权、凭证) |
| 2. Attack Surface | 网络暴露面、公共资源、安全组规则 |
| 3. Logging and Monitoring | 审计日志、威胁检测、取证就绪性 |
| 4. Encryption | 静态数据与传输中数据加密 |
评分体系:
- LevelOfRisk(1-5):安全问题的严重程度
- = 关键(例如:root用户MFA、公共S3存储桶)
5 - = 高(例如:用户MFA、公共EC2实例)
4 - = 中(例如:密码策略、加密)
3 - = 低
2 - = 信息性
1
- Weight:分数计算的影响乘数
- = 关键控制措施(root用户安全、公共暴露)
1000 - = 高影响控制措施(用户认证、监控)
100 - = 标准控制措施(密码策略、加密)
10 - = 低影响控制措施(最佳实践)
1
json
{
"Id": "1.1.1",
"Description": "Ensure MFA is enabled for the 'root' user account",
"Checks": ["iam_root_mfa_enabled"],
"Attributes": [
{
"Title": "MFA enabled for 'root'",
"Section": "1. IAM",
"SubSection": "1.1 Authentication",
"AttributeDescription": "The root user account holds the highest level of privileges within an AWS account. Enabling MFA enhances security by adding an additional layer of protection.",
"AdditionalInformation": "Enabling MFA enhances console security by requiring the authenticating user to both possess a time-sensitive key-generating device and have knowledge of their credentials.",
"LevelOfRisk": 5,
"Weight": 1000
}
]
}支持的提供商: AWS、Kubernetes、M365
Available Compliance Frameworks
可用合规框架
AWS (41 frameworks)
AWS(41个框架)
| Framework | File Name |
|---|---|
| CIS 1.4, 1.5, 2.0, 3.0, 4.0, 5.0 | |
| ISO 27001:2013, 2022 | |
| NIST 800-53 Rev 4, 5 | |
| NIST 800-171 Rev 2 | |
| NIST CSF 1.1, 2.0 | |
| PCI DSS 3.2.1, 4.0 | |
| HIPAA | |
| GDPR | |
| SOC 2 | |
| FedRAMP Low/Moderate | |
| ENS RD2022 | |
| MITRE ATT&CK | |
| C5 Germany | |
| CISA | |
| FFIEC | |
| RBI Cyber Security | |
| AWS Well-Architected | |
| AWS FTR | |
| GxP 21 CFR Part 11, EU Annex 11 | |
| KISA ISMS-P 2023 | |
| NIS2 | |
| 框架 | 文件名 |
|---|---|
| CIS 1.4、1.5、2.0、3.0、4.0、5.0 | |
| ISO 27001:2013、2022 | |
| NIST 800-53 Rev 4、5 | |
| NIST 800-171 Rev 2 | |
| NIST CSF 1.1、2.0 | |
| PCI DSS 3.2.1、4.0 | |
| HIPAA | |
| GDPR | |
| SOC 2 | |
| FedRAMP Low/Moderate | |
| ENS RD2022 | |
| MITRE ATT&CK | |
| C5 Germany | |
| CISA | |
| FFIEC | |
| RBI Cyber Security | |
| AWS Well-Architected | |
| AWS FTR | |
| GxP 21 CFR Part 11、EU Annex 11 | |
| KISA ISMS-P 2023 | |
| NIS2 | |
Azure (15+ frameworks)
Azure(15+个框架)
| Framework | File Name |
|---|---|
| CIS 2.0, 2.1, 3.0, 4.0 | |
| ISO 27001:2022 | |
| ENS RD2022 | |
| MITRE ATT&CK | |
| PCI DSS 4.0 | |
| NIST CSF 2.0 | |
| 框架 | 文件名 |
|---|---|
| CIS 2.0、2.1、3.0、4.0 | |
| ISO 27001:2022 | |
| ENS RD2022 | |
| MITRE ATT&CK | |
| PCI DSS 4.0 | |
| NIST CSF 2.0 | |
GCP (15+ frameworks)
GCP(15+个框架)
| Framework | File Name |
|---|---|
| CIS 2.0, 3.0, 4.0 | |
| ISO 27001:2022 | |
| HIPAA | |
| MITRE ATT&CK | |
| PCI DSS 4.0 | |
| NIST CSF 2.0 | |
| 框架 | 文件名 |
|---|---|
| CIS 2.0、3.0、4.0 | |
| ISO 27001:2022 | |
| HIPAA | |
| MITRE ATT&CK | |
| PCI DSS 4.0 | |
| NIST CSF 2.0 | |
Kubernetes (6 frameworks)
Kubernetes(6个框架)
| Framework | File Name |
|---|---|
| CIS 1.8, 1.10, 1.11 | |
| ISO 27001:2022 | |
| PCI DSS 4.0 | |
| 框架 | 文件名 |
|---|---|
| CIS 1.8、1.10、1.11 | |
| ISO 27001:2022 | |
| PCI DSS 4.0 | |
Other Providers
其他提供商
- GitHub:
cis_1.0_github.json - M365: ,
cis_4.0_m365.jsoniso27001_2022_m365.json - NHN:
iso27001_2022_nhn.json
- GitHub:
cis_1.0_github.json - M365: ,
cis_4.0_m365.jsoniso27001_2022_m365.json - NHN:
iso27001_2022_nhn.json
Best Practices
最佳实践
- Requirement IDs: Follow the original framework numbering exactly (e.g., "1.1", "A.5.1", "T1190", "ac_2_1")
- Check Mapping: Map to existing checks when possible. Use for manual-only requirements
Checks: [] - Completeness: Include all framework requirements, even those without automated checks
- Version Control: Include framework version in and
NamefieldsVersion - File Naming: Use format
{framework}_{version}_{provider}.json - Validation: Prowler validates JSON against Pydantic models at startup - invalid JSON will cause errors
- 要求ID: 严格遵循原始框架编号(例如:"1.1"、"A.5.1"、"T1190"、"ac_2_1")
- 检查项映射: 尽可能映射到现有检查项。对于仅手动的要求,使用
Checks: [] - 完整性: 包含所有框架要求,即使没有自动化检查项
- 版本控制: 在和
Name字段中包含框架版本Version - 文件命名: 使用格式
{framework}_{version}_{provider}.json - 验证: Prowler在启动时会根据Pydantic模型验证JSON - 无效JSON会导致错误
Commands
命令示例
bash
undefinedbash
undefinedList available frameworks for a provider
列出提供商的可用框架
prowler {provider} --list-compliance
prowler {provider} --list-compliance
Run scan with specific compliance framework
使用特定合规框架运行扫描
prowler aws --compliance cis_5.0_aws
prowler aws --compliance cis_5.0_aws
Run scan with multiple frameworks
使用多个框架运行扫描
prowler aws --compliance cis_5.0_aws pci_4.0_aws
prowler aws --compliance cis_5.0_aws pci_4.0_aws
Output compliance report in multiple formats
以多种格式输出合规报告
prowler aws --compliance cis_5.0_aws -M csv json html
undefinedprowler aws --compliance cis_5.0_aws -M csv json html
undefinedCode References
代码参考
- Compliance Models:
prowler/lib/check/compliance_models.py - Compliance Processing:
prowler/lib/check/compliance.py - Compliance Output:
prowler/lib/outputs/compliance/
- 合规模型:
prowler/lib/check/compliance_models.py - 合规处理:
prowler/lib/check/compliance.py - 合规输出:
prowler/lib/outputs/compliance/
Resources
相关资源
- Templates: See assets/ for framework JSON templates
- Documentation: See references/compliance-docs.md for additional resources
- 模板: 查看assets/获取框架JSON模板
- 文档: 查看references/compliance-docs.md获取更多资源