Merge pull request #825 from turbot/release/v0.98

CHANGELOG.md

@@ -1,3 +1,9 @@
+## v0.98 [2024-08-30]
+
+_What's new?_
+
+- Added Australian Cyber Security Center (ACSC) Essential Eight benchmark (`powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight`). ([#823](https://github.com/turbot/steampipe-mod-aws-compliance/pull/823))
+
 ## v0.97 [2024-08-12]
 
 _What's new?_

README.md

@@ -5,7 +5,7 @@
 >
 > All v0.x versions of this mod will work in both Steampipe and Powerpipe, but v1.0.0 onwards will be in Powerpipe format only.
 
-540+ checks covering industry defined security best practices across all AWS regions. Includes full support for multiple best practice benchmarks including **the latest (v3.0.0) CIS benchmark**, CIS AWS Compute Services, PCI DSS, AWS Foundational Security, CISA Cyber Essentials, FedRAMP, FFIEC, GxP 21 CFR Part 11, GxP EU Annex 11, HIPAA Final Omnibus Security Rule 2013, HIPAA Security Rule 2003, NIST 800-53, NIST CSF, NIST 800-172, Reserve Bank of India, Audit Manager Control Tower, and more!
+540+ checks covering industry defined security best practices across all AWS regions. Includes full support for multiple best practice benchmarks including **the latest (v3.0.0) CIS benchmark**, CIS AWS Compute Services, PCI DSS, AWS Foundational Security, CISA Cyber Essentials, FedRAMP, FFIEC, GxP 21 CFR Part 11, GxP EU Annex 11, HIPAA Final Omnibus Security Rule 2013, HIPAA Security Rule 2003, NIST 800-53, NIST CSF, NIST 800-172, Reserve Bank of India, Audit Manager Control Tower, Australian Cyber Security Center (ACSC) Essential Eight, and more!
 
 Run checks in a dashboard:
 ![image](https://raw.githubusercontent.com/turbot/steampipe-mod-aws-compliance/main/docs/aws_cis_v300_dashboard.png)

acsc_essential_eight/acsc_essential_eight.sp

@@ -0,0 +1,21 @@
+locals {
+  acsc_essential_eight_common_tags = merge(local.aws_compliance_common_tags, {
+    acsc_essential_eight = "true"
+    type                 = "Benchmark"
+  })
+}
+
+benchmark "acsc_essential_eight" {
+  title         = "Australian Cyber Security Center (ACSC) Essential Eight"
+  description   = "The Australian Cyber Security Center (ACSC) Essential Eight is a set of baseline security strategies designed to mitigate cyber security incidents. The Essential Eight is a prioritized list of mitigation strategies that organizations can implement to protect their systems against a range of adversaries. The Essential Eight is based on the Australian Signals Directorate (ASD) Strategies to Mitigate Cyber Security Incidents."
+  documentation = file("./acsc_essential_eight/docs/acsc_essential_eight_overview.md")
+  children = [
+    benchmark.acsc_essential_eight_ml_1,
+    benchmark.acsc_essential_eight_ml_2,
+    benchmark.acsc_essential_eight_ml_3
+  ]
+
+  tags = merge(local.acsc_essential_eight_common_tags, {
+    type = "Benchmark"
+  })
+}

acsc_essential_eight/docs/acsc_essential_eight_overview.md

@@ -0,0 +1,5 @@
+## Overview
+
+The ACSC Essential Eight is a set of baseline security strategies designed to mitigate cybersecurity incidents. The Essential Eight is a prioritized list of mitigation strategies that organizations can implement to protect their systems against a range of adversaries. The Essential Eight is based on the Australian Signals Directorate (ASD)’s experience in cyber operations and incident response. The Essential Eight is designed to be complementary to other cybersecurity frameworks, such as the NIST Cybersecurity Framework and ISO 27001.
+
+The Essential Eight is divided into two groups: Essential Eight Maturity Model and Essential Eight Strategies. The Essential Eight Maturity Model is a set of maturity levels that organizations can use to assess their cybersecurity posture. The Essential Eight Strategies are a set of mitigation strategies that organizations can implement to protect their systems against a range of adversaries.