top of page

EC2.2

The VPC default security group should not allow inbound and outbound traffic

Severity

Cloud Platforms

Resources

Related Standards

Automated

HIGH

AWS

Amazon EC2

AWS CIS Foundations v1.2 & v1.4, AWS Foundational Best Practice, CIS v8, PCI DSS v3.2.1, CDR, ISO27001, SOC2, NIST CSF, NIST.800-53.r5,

YES

This AWS control checks that the default security group of a VPC does not allow inbound or outbound traffic.

bottom of page