James Pether Sörling

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-msk-cluster-encryptioninfo.html

> consider #145 overlap Could potentially include https://github.com/stelligent/cfn_nag/issues/130 as well, found some mapping from cwe -> nist https://github.com/mitre/heimdall_tools/blob/master/lib/data/cwe-nist-mapping.csv

More categories used in https://github.com/Hack23/sonar-cloudformation-plugin/blob/master/src/main/resources/cloudformation-rules.xml CWE-311 - Missing Encryption of Sensitive Data CWE-326 - Inadequate Encryption Strength CWE-732 - Incorrect Permission Assignment for Critical Resource CWE-257 - Storing Passwords in...

Used by sonarqube plugin https://www.hack23.com/sonar/coding_rules?activation=true&cwe=257&qprofile=AWruK8217ByUKgy37oNL

Contains mapping https://github.com/Hack23/sonar-cloudformation-plugin/blob/master/src/main/resources/cloudformation-rules.xml to Group the cfn-nag rules to CWE CWE-311 - Missing Encryption of Sensitive Data https://cwe.mitre.org/data/definitions/311 CWE-326 - Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326 CWE-732 - Incorrect Permission Assignment for...

https://github.com/stelligent/cfn_nag/issues/310 , do contain cwe:s used in cfn-nag https://github.com/Hack23/sonar-cloudformation-plugin/blob/master/src/main/resources/cloudformation-rules.xml CWE-311 - Missing Encryption of Sensitive Data CWE-326 - Inadequate Encryption Strength CWE-732 - Incorrect Permission Assignment for Critical Resource CWE-257...

https://github.com/Hack23/sonar-cloudformation-plugin/blob/master/src/main/resources/cloudformation-rules.xml contains mapping to Group the cfn-nag rules to NIST 800-53 800-53-AC-4 AC-4 INFORMATION FLOW ENFORCEMENT https://nvd.nist.gov/800-53/Rev4/control/AC-4 800-53-AC-6 AC-6 LEAST PRIVILEGE https://nvd.nist.gov/800-53/Rev4/control/AC-6 800-53-AU-12 AU-12 AUDIT GENERATION https://nvd.nist.gov/800-53/Rev4/control/AU-12 800-53-IA-5 IA-5 AUTHENTICATOR...

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-notebookinstance.html#cfn-sagemaker-notebookinstance-directinternetaccess

Think this could be an issue with https://github.com/stelligent/cfn-model , but not sure.

Did a workaround in sonar-cloudformation-plugin https://github.com/Hack23/sonar-cloudformation-plugin/blob/master/src/main/java/com/hack23/sonar/cloudformation/CloudformationRulesDefinition.java , used tags in the xml. Possible to use newRule.addCwe and newRule.addOwaspTop10 . Not perfect but it works.