top of page
EC2.2
The VPC default security group should not allow inbound and outbound traffic
Severity
Cloud Platforms
Resources
Related Standards
Automated
HIGH
AWS
Amazon EC2
AWS CIS Foundations v1.2 & v1.4, AWS Foundational Best Practice, CIS v8, PCI DSS v3.2.1, CDR, ISO27001, SOC2, NIST CSF, NIST.800-53.r5,
YES
This AWS control checks that the default security group of a VPC does not allow inbound or outbound traffic.
bottom of page