diff --git a/plugins/aws/bedrock/customModelEncryptionEnabled.js b/plugins/aws/bedrock/customModelEncryptionEnabled.js index d00e8eb910..c1ef8660cc 100644 --- a/plugins/aws/bedrock/customModelEncryptionEnabled.js +++ b/plugins/aws/bedrock/customModelEncryptionEnabled.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Custom Model Encryption Enabled', category: 'AI & ML', + owasp: ['LLM10'], domain: 'Machine Learning', severity: 'High', description: 'Ensure that an Amazon Bedrock custom models are encrypted with desired encryption level.', diff --git a/plugins/aws/bedrock/customModelInVpc.js b/plugins/aws/bedrock/customModelInVpc.js index 8b6bfeece4..61f507ed44 100644 --- a/plugins/aws/bedrock/customModelInVpc.js +++ b/plugins/aws/bedrock/customModelInVpc.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Custom Model In VPC', category: 'AI & ML', + owasp: ['LLM07'], domain: 'Machine Learning', severity: 'Low', description: 'Ensure that an Amazon Bedrock custom model is configured with a VPC.', diff --git a/plugins/aws/bedrock/privateCustomModel.js b/plugins/aws/bedrock/privateCustomModel.js index f9bd2468c1..daccf924ad 100644 --- a/plugins/aws/bedrock/privateCustomModel.js +++ b/plugins/aws/bedrock/privateCustomModel.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Private Custom Model', category: 'AI & ML', + owasp: ['LLM07'], domain: 'Machine Learning', severity: 'Medium', description: 'Ensure that an Amazon Bedrock custom model is configured within a private VPC.', diff --git a/plugins/aws/comprehend/flywheelInVpc.js b/plugins/aws/comprehend/flywheelInVpc.js index 8cbcbdb3bd..d42b23fe5a 100644 --- a/plugins/aws/comprehend/flywheelInVpc.js +++ b/plugins/aws/comprehend/flywheelInVpc.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Amazon Comprehend Flywheel In VPC', category: 'AI & ML', + owasp: ['LLM07', 'LLM04', 'LLM02'], domain: 'Compute', severity: 'Low', description: 'Ensure that an Amazon Comprehend Flywheel is configured with a VPC.', diff --git a/plugins/aws/comprehend/outputResultEncryption.js b/plugins/aws/comprehend/outputResultEncryption.js index 8032e75147..ad52573e5d 100644 --- a/plugins/aws/comprehend/outputResultEncryption.js +++ b/plugins/aws/comprehend/outputResultEncryption.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Amazon Comprehend Output Result Encryption', category: 'AI & ML', + owasp: ['LLM07', 'LLM02'], domain: 'Compute', severity: 'High', description: 'Ensures the Comprehend service is using encryption for all result output.', diff --git a/plugins/aws/comprehend/volumeEncryption.js b/plugins/aws/comprehend/volumeEncryption.js index 07d1e87faa..39a4fa4fc4 100644 --- a/plugins/aws/comprehend/volumeEncryption.js +++ b/plugins/aws/comprehend/volumeEncryption.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Amazon Comprehend Volume Encryption', category: 'AI & ML', + owasp: ['LLM07', 'LLM02'], domain: 'Compute', severity: 'High', description: 'Ensures the Comprehend service is using encryption for all volumes storing data at rest.', diff --git a/plugins/aws/forecast/datasetExportEncrypted.js b/plugins/aws/forecast/datasetExportEncrypted.js index 83aa164de7..ee610c0183 100644 --- a/plugins/aws/forecast/datasetExportEncrypted.js +++ b/plugins/aws/forecast/datasetExportEncrypted.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Forecast Dataset Export Encrypted', category: 'AI & ML', + owasp: ['LLM02'], domain: 'Content Delivery', severity: 'High', description: 'Ensure that AWS Forecast exports have encryption enabled before they are being saved on S3.', diff --git a/plugins/aws/forecast/forecastDatasetEncrypted.js b/plugins/aws/forecast/forecastDatasetEncrypted.js index 70c4c256d0..988ddc0f96 100644 --- a/plugins/aws/forecast/forecastDatasetEncrypted.js +++ b/plugins/aws/forecast/forecastDatasetEncrypted.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Forecast Dataset Encrypted', category: 'AI & ML', + owasp: ['LLM04', 'LLM02'], domain: 'Content Delivery', severity: 'High', description: 'Ensure that AWS Forecast datasets are using desired KMS key for data encryption.', diff --git a/plugins/aws/frauddetector/fraudDetectorDataEncrypted.js b/plugins/aws/frauddetector/fraudDetectorDataEncrypted.js index 803225679c..17a3dd901f 100644 --- a/plugins/aws/frauddetector/fraudDetectorDataEncrypted.js +++ b/plugins/aws/frauddetector/fraudDetectorDataEncrypted.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Fraud Detector Data Encrypted', category: 'AI & ML', + owasp: ['LLM04', 'LLM02'], domain: 'Application Integration', severity: 'High', description: 'Ensure that Amazon Fraud Detector has encryption enabled for data at rest with desired KMS encryption level.', diff --git a/plugins/aws/healthlake/dataStoreEncrypted.js b/plugins/aws/healthlake/dataStoreEncrypted.js index c543c87851..cb6cf88b81 100644 --- a/plugins/aws/healthlake/dataStoreEncrypted.js +++ b/plugins/aws/healthlake/dataStoreEncrypted.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'HealthLake Data Store Encrypted', category: 'AI & ML', + owasp: ['LLM04', 'LLM02'], domain: 'Content Delivery', severity: 'High', description: 'Ensure that AWS HealthLake Data Store is using desired encryption level.', diff --git a/plugins/aws/kendra/kendraIndexEncrypted.js b/plugins/aws/kendra/kendraIndexEncrypted.js index 8494393f3a..58b5f5fab4 100644 --- a/plugins/aws/kendra/kendraIndexEncrypted.js +++ b/plugins/aws/kendra/kendraIndexEncrypted.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Kendra Index Encrypted', category: 'AI & ML', + owasp: ['LLM02'], domain: 'Databases', severity: 'High', description: 'Ensure that the Kendra index is encrypted using desired encryption level.', diff --git a/plugins/aws/lex/lexAudioLogsEncrypted.js b/plugins/aws/lex/lexAudioLogsEncrypted.js index 03e0f59716..9c658608a9 100644 --- a/plugins/aws/lex/lexAudioLogsEncrypted.js +++ b/plugins/aws/lex/lexAudioLogsEncrypted.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Audio Logs Encrypted', category: 'AI & ML', + owasp: ['LLM02'], domain: 'Content Delivery', severity: 'High', description: 'Ensure that Amazon Lex audio logs are encrypted using desired KMS encryption level', diff --git a/plugins/aws/lookout/modelDataEncrypted.js b/plugins/aws/lookout/modelDataEncrypted.js index d956d2f8e5..80149c351f 100644 --- a/plugins/aws/lookout/modelDataEncrypted.js +++ b/plugins/aws/lookout/modelDataEncrypted.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Model Data Encrypted', category: 'AI & ML', + owasp: ['LLM10', 'LLM04', 'LLM02'], domain: 'Management and Governance', severity: 'High', description: 'Ensure that Lookout for Vision model data is encrypted using desired KMS encryption level', diff --git a/plugins/aws/sagemaker/notebookDataEncrypted.js b/plugins/aws/sagemaker/notebookDataEncrypted.js index a49abb31a6..45ca19e804 100644 --- a/plugins/aws/sagemaker/notebookDataEncrypted.js +++ b/plugins/aws/sagemaker/notebookDataEncrypted.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Notebook Data Encrypted', category: 'AI & ML', + owasp: ['LLM07', 'LLM02', 'LLM10'], domain: 'Compute', severity: 'High', description: 'Ensure Notebook data is encrypted', diff --git a/plugins/aws/sagemaker/notebookDirectInternetAccess.js b/plugins/aws/sagemaker/notebookDirectInternetAccess.js index f5caa163fc..41c676085a 100644 --- a/plugins/aws/sagemaker/notebookDirectInternetAccess.js +++ b/plugins/aws/sagemaker/notebookDirectInternetAccess.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Notebook Direct Internet Access', category: 'AI & ML', + owasp: ['LLM07'], domain: 'Compute', severity: 'Medium', description: 'Ensure Notebook Instance is not publicly available.', diff --git a/plugins/aws/sagemaker/notebookInstanceInVpc.js b/plugins/aws/sagemaker/notebookInstanceInVpc.js index 11a6532395..5f34c3b476 100644 --- a/plugins/aws/sagemaker/notebookInstanceInVpc.js +++ b/plugins/aws/sagemaker/notebookInstanceInVpc.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Notebook instance in VPC', category: 'AI & ML', + owasp: ['LLM07'], domain: 'Compute', severity: 'Medium', description: 'Ensure that Amazon SageMaker Notebook instances are launched within a VPC.', diff --git a/plugins/aws/translate/translateJobOutputEncrypted.js b/plugins/aws/translate/translateJobOutputEncrypted.js index e178e77e7d..0982ca5017 100644 --- a/plugins/aws/translate/translateJobOutputEncrypted.js +++ b/plugins/aws/translate/translateJobOutputEncrypted.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws'); module.exports = { title: 'Translate Job Output Encrypted', category: 'AI & ML', + owasp: ['LLM02'], domain: 'Compute', severity: 'High', description: 'Ensure that your Amazon Translate jobs have CMK encryption enabled for output data residing on S3.', diff --git a/plugins/azure/databricks/workspaceDbfsInfraEncryption.js b/plugins/azure/databricks/workspaceDbfsInfraEncryption.js index 28aa1934f8..341ffeb733 100644 --- a/plugins/azure/databricks/workspaceDbfsInfraEncryption.js +++ b/plugins/azure/databricks/workspaceDbfsInfraEncryption.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'Databricks Workspace DBFS Infrastructure Encryption', category: 'AI & ML', + owasp: ['LLM02', 'LLM04'], domain: 'Machine Learning', severity: 'Medium', description: 'Ensures that DBFS root storage for Databricks premium workspace has infrastructure encryption enabled.', diff --git a/plugins/azure/databricks/workspaceManagedDiskCmk.js b/plugins/azure/databricks/workspaceManagedDiskCmk.js index ef2c396651..0ba51a6c7b 100644 --- a/plugins/azure/databricks/workspaceManagedDiskCmk.js +++ b/plugins/azure/databricks/workspaceManagedDiskCmk.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'Databricks Workspace Managed Disk CMK Encrypted', category: 'AI & ML', + owasp: ['LLM02', 'LLM04'], domain: 'Machine Learning', severity: 'Medium', description: 'Ensures that Databricks premium workspace managed disk is encrypted with CMK.', diff --git a/plugins/azure/databricks/workspaceManagedServicesCmk.js b/plugins/azure/databricks/workspaceManagedServicesCmk.js index 041ad423a5..8d0a8a76f8 100644 --- a/plugins/azure/databricks/workspaceManagedServicesCmk.js +++ b/plugins/azure/databricks/workspaceManagedServicesCmk.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'Databricks Workspace Managed Services CMK Encrypted', category: 'AI & ML', + owasp: ['LLM02', 'LLM04'], domain: 'Machine Learning', severity: 'Medium', description: 'Ensures that Databricks premium workspace managed services are encrypted with CMK.', diff --git a/plugins/azure/databricks/workspaceSecureCluster.js b/plugins/azure/databricks/workspaceSecureCluster.js index 83ec1be8c9..63cf778fd1 100644 --- a/plugins/azure/databricks/workspaceSecureCluster.js +++ b/plugins/azure/databricks/workspaceSecureCluster.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'Databricks Workspace Secure Cluster', category: 'AI & ML', + owasp: ['LLM07'], domain: 'Machine Learning', severity: 'Medium', description: 'Ensures that Azure Databricks Workspace has secure cluster connectivity enabled.', diff --git a/plugins/azure/machinelearning/mlRegistryPublicAccess.js b/plugins/azure/machinelearning/mlRegistryPublicAccess.js index db08920738..e94a2fbb43 100644 --- a/plugins/azure/machinelearning/mlRegistryPublicAccess.js +++ b/plugins/azure/machinelearning/mlRegistryPublicAccess.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'Machine Learning Registry Public Access Disabled', category: 'AI & ML', + owasp: ['LLM07'], domain: 'Machine Learning', severity: 'Medium', description: 'Ensures that Azure Machine Learning registries are not publicly accessible.', diff --git a/plugins/azure/machinelearning/mlWorkspaceHBI.js b/plugins/azure/machinelearning/mlWorkspaceHBI.js index de1135ed55..818f269ff8 100644 --- a/plugins/azure/machinelearning/mlWorkspaceHBI.js +++ b/plugins/azure/machinelearning/mlWorkspaceHBI.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'Machine Learning Workspace High Business Impact Enabled', category: 'AI & ML', + owasp: ['LLM02'], domain: 'Machine Learning', severity: 'Medium', description: 'Ensures that Machine Learning workspaces have High Business Impact (HBI) feature enabled.', diff --git a/plugins/azure/machinelearning/workspacePublicAccessDisabled.js b/plugins/azure/machinelearning/workspacePublicAccessDisabled.js index 81ddbbb611..1053ce21f6 100644 --- a/plugins/azure/machinelearning/workspacePublicAccessDisabled.js +++ b/plugins/azure/machinelearning/workspacePublicAccessDisabled.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'Machine Learning Workspace Public Access Disabled', category: 'AI & ML', + owasp: ['LLM07'], domain: 'Machine Learning', severity: 'High', description: 'Ensures that Azure Machine Learning workspaces are not publicly accessible.', diff --git a/plugins/azure/openai/accountCMKEncrypted.js b/plugins/azure/openai/accountCMKEncrypted.js index 82e68a978d..9d6d3d061b 100644 --- a/plugins/azure/openai/accountCMKEncrypted.js +++ b/plugins/azure/openai/accountCMKEncrypted.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'OpenAI Account CMK Encrypted', category: 'AI & ML', + owasp: ['LLM02', 'LLM04'], domain: 'Machine Learning', severity: 'High', description: 'Ensures that Azure OpenAI accounts are encrypted using CMK.', diff --git a/plugins/azure/openai/accountManagedIdentity.js b/plugins/azure/openai/accountManagedIdentity.js index a1c4ca4189..128ca2ffea 100644 --- a/plugins/azure/openai/accountManagedIdentity.js +++ b/plugins/azure/openai/accountManagedIdentity.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'OpenAI Account Managed Identity Enabled', category: 'AI & ML', + owasp: ['LLM07'], domain: 'Machine Learning', severity: 'Medium', description: 'Ensures a system or user assigned managed identity is enabled to authenticate to Azure OpenAI accounts.', diff --git a/plugins/azure/openai/accountPublicAccessDisabled.js b/plugins/azure/openai/accountPublicAccessDisabled.js index e5ab13c2c5..454a9059e2 100644 --- a/plugins/azure/openai/accountPublicAccessDisabled.js +++ b/plugins/azure/openai/accountPublicAccessDisabled.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'OpenAI Account Public Access Disabled', category: 'AI & ML', + owasp: ['LLM07'], domain: 'Machine Learning', severity: 'High', description: 'Ensures that Azure OpenAI accounts are not publicly accessible.', diff --git a/plugins/azure/synapse/synapseWorkspacPrivateEndpoint.js b/plugins/azure/synapse/synapseWorkspacPrivateEndpoint.js index c375d75561..27ef97ba40 100644 --- a/plugins/azure/synapse/synapseWorkspacPrivateEndpoint.js +++ b/plugins/azure/synapse/synapseWorkspacPrivateEndpoint.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'Synapse Workspace Private Endpoints', category: 'AI & ML', + owasp: ['LLM07'], domain: 'Machine Learning', severity: 'Medium', description: 'Ensure that Azure Synapse workspace is accessible only through managed private endpoints.', diff --git a/plugins/azure/synapse/synapseWorkspaceAdAuthEnabled.js b/plugins/azure/synapse/synapseWorkspaceAdAuthEnabled.js index 80606b792a..7f4b1d7697 100644 --- a/plugins/azure/synapse/synapseWorkspaceAdAuthEnabled.js +++ b/plugins/azure/synapse/synapseWorkspaceAdAuthEnabled.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'Synapse Workspace AD Auth Enabled', category: 'AI & ML', + owasp: ['LLM07'], domain: 'Machine Learning', severity: 'Medium', description: 'Ensures that Azure Synapse workspace has Active Directory (AD) authentication enabled.', diff --git a/plugins/azure/synapse/workspaceDoubleEncryption.js b/plugins/azure/synapse/workspaceDoubleEncryption.js index 4382d68ff3..8bb843c532 100644 --- a/plugins/azure/synapse/workspaceDoubleEncryption.js +++ b/plugins/azure/synapse/workspaceDoubleEncryption.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'Synapse Workspace Double Encryption Enabled', category: 'AI & ML', + owasp: ['LLM10', 'LLM04', 'LLM02'], domain: 'Machine Learning', severity: 'High', description: 'Ensures that Azure Synapse workspaces have double Encryption enabled.', diff --git a/plugins/azure/synapse/workspaceManagedIdentity.js b/plugins/azure/synapse/workspaceManagedIdentity.js index 51e45b6c04..74b3d91141 100644 --- a/plugins/azure/synapse/workspaceManagedIdentity.js +++ b/plugins/azure/synapse/workspaceManagedIdentity.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure'); module.exports = { title: 'Synapse Workspace Managed Identity', category: 'AI & ML', + owasp: ['LLM07'], domain: 'Machine Learning', severity: 'Medium', description: 'Ensure that Azure Synapse workspace has managed identity enabled.', diff --git a/plugins/google/vertexai/modelEncryption.js b/plugins/google/vertexai/modelEncryption.js index ae333e5744..8f3c6450e7 100644 --- a/plugins/google/vertexai/modelEncryption.js +++ b/plugins/google/vertexai/modelEncryption.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/google'); module.exports = { title: 'Vertex AI Model Encryption', category: 'AI & ML', + owasp: ['LLM010', 'LLM07'], domain: 'Machine Learning', severity: 'High', description: 'Ensure that Vertex AI models are encrypted using desired encryption protection level.', diff --git a/plugins/google/vertexai/vertexAIDatasetEncryption.js b/plugins/google/vertexai/vertexAIDatasetEncryption.js index 99fa9bc192..237b1879d7 100644 --- a/plugins/google/vertexai/vertexAIDatasetEncryption.js +++ b/plugins/google/vertexai/vertexAIDatasetEncryption.js @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/google'); module.exports = { title: 'Vertex AI Dataset Encryption', category: 'AI & ML', + owasp: ['LLM02', 'LLM04', 'LLM10'], domain: 'Machine Learning', severity: 'High', description: 'Ensure that Vertex AI datasets are encrypted using desired encryption protection level.',