Skip to main content
ClaudeWave
Skill323 repo starsupdated today

cis-aws-compute-16.1

This manual audit control verifies that applications and clients communicating within AWS SimSpace Weaver implement encryption protocols like TLS to protect data in transit. Use this control when validating security configurations for SimSpace Weaver deployments to ensure compliance with CIS encryption standards, as the service itself does not manage or enforce encryption at the application-client level.

View sourceRepository: CyberStrike
Install in Claude Code
Copy
git clone --depth 1 https://github.com/CyberStrikeus/CyberStrike /tmp/cis-aws-compute-16.1 && cp -r /tmp/cis-aws-compute-16.1/.cyberstrike/skill/CIS_benchmarks/Cloud_Providers/AWS/CIS_AWS_Compute_Services_Benchmark_v1.1.0/cis-aws-compute-16.1 ~/.claude/skills/cis-aws-compute-16.1
Then start a new Claude Code session; the skill loads automatically.
Definition

SKILL.md

# 16.1 Ensure communications between your applications and clients is encrypted (Manual)

## Description

SimSpace Weaver doesn't manage communications between your apps and the clients.

## Rationale

Be sure to implement some form of authentication and encryption for all client sessions while using SimSpace Weaver.

## Impact

N/A

## Audit Procedure

### Using AWS Console

There is no setting for encryption setup for your clients and applications within SimSpace Weaver service. For this audit you have to confirm that the communication is configured in the app and the client with encryption to protect that traffic.

### Using AWS CLI

N/A - This control is manual. There are no AWS CLI commands specific to SimSpace Weaver encryption settings as the encryption must be configured at the application/client level.

## Expected Result

Communications between applications and clients running inside SimSpace Weaver are configured with encryption (e.g., TLS) to protect traffic.

## Remediation

### Using AWS Console

Confirm that the communication you have configured between your application and clients that run inside of SimSpace Weaver are encrypted.

### Using AWS CLI

N/A - Remediation is application-level and not managed through AWS CLI.

## Default Value

SimSpace Weaver does not manage or enforce encryption between applications and clients by default. This is the responsibility of the application developer.

## References

1. https://docs.aws.amazon.com/simspaceweaver/latest/userguide/security_best-practices.html

## CIS Controls

| Controls Version | Control                                           | IG 1 | IG 2 | IG 3 |
| ---------------- | ------------------------------------------------- | ---- | ---- | ---- |
| v8               | 3.10 Encrypt Sensitive Data in Transit            |      | X    | X    |
| v7               | 14.4 Encrypt All Sensitive Information in Transit |      | X    | X    |

## Profile

Level 1 | Manual
More from this repository
cis-aws-compute-10.1Skill

Ensure Managed Platform updates is configured

cis-aws-compute-10.2Skill

Ensure Persistent logs is setup and configured to S3

cis-aws-compute-10.3Skill

Ensure access logs are enabled

cis-aws-compute-10.4Skill

Ensure that HTTPS is enabled on load balancer

cis-aws-compute-11.1Skill

Ensure customer-managed keys are used to encrypt AWS Fargate ephemeral storage data for Amazon ECS

cis-aws-compute-12.1Skill

Ensure AWS Config is Enabled for Lambda and Serverless

cis-aws-compute-12.10Skill

Ensure Lambda functions do not allow unknown cross account access via permission policies

cis-aws-compute-12.11Skill

Ensure that the runtime environment versions used for your Lambda functions do not have end of support dates