Security Roadmap

Features / Functionalities 🔐✅

Category	Tags / Labels	Feature / Functionality	Status	Doc
Security & Audit (SecOps)	leverage security-audit passwords	Team Password Management: review, analyze and implement (passbolt, bitwarden, 1password, etc)	✅	❌
Security & Audit (SecOps)	leverage ci-cd-infrastructure secrets	Secrets Management: review, analyze and implement Hashicorp vault	2021 Q1	❌
Compliance (SecOps)	leverage secrets	aws-vault implementation	2021 Q1	❌
Security & Audit (SecOps)	leverage security-audit guardduty	AWS Guarduty (Cross-Org with Master and member accounts setup + Trusted IP Lists and Threat IP Lists / Creation + Deletion of Filters for your GuardDuty findings to avoid false possitives + CloudWatch Rule to Lambda/ Cw-Metrics w/ CloudWatch Dashboard)	✅	❌
Security & Audit (SecOps)	leverage security-audit inspector	AWS Inspector (w/ Ansible aws-inpector galaxy role per EC2)	2021 Q3	❌
Security & Audit (SecOps)	leverage security-audit cloudtrail	AWS CloudTrail w/ CloudWatch Dashboard + Alarms (include RootLogin) to Slack	✅	❌
Security & Audit (SecOps)	leverage security-audit firewall	AWS Firewall Manager (cross-org WAF + Shield integrated with ALBs, CloudFront and/or API-GW + Cross-org Sec group audit)	✅	❌
Security & Audit (SecOps)	leverage security-audit vpc	AWS VPC Flow Logs	✅	❌
Security & Audit (SecOps)	leverage security-audit	ScoutSuite / Prowler: set up continuous, automated reports for each account (Evaluate the use of CloudMapper)	2021 Q2	❌
Security & Audit (SecOps)	leverage security-audit users	Infra DevOps Tools OS Layer ( OS security updates and patches, root user config, ssh port, fail2ban )	✅	❌
Compliance (SecOps)	leverage security-audit compliance	AWS Config: implement audit controls (evaluate automatic remediation if applicable)	✅	❌
Compliance (SecOps)	leverage security-audit compliance	AWS Security Hub: implement audit controls	2021 Q3	❌
Compliance (SecOps)	leverage security-audit compliance	AWS Trusted Advisor: Review automated Costs Optimization, Performance, Security, Fault Tolerance and Service Limits audit results.	✅	❌
Compliance (SecOps)	leverage security-audit compliance kubernetes	Kubernetes Audit: implement on the clusters: KubeAudit, Kube-Bench, Kube-Hunter and Starboard.	2021 Q2	❌
Security & Audit (SecOps)	leverage security-audit ci-cd-pipeline	Security and Vulnerability static code analysis (code dependencies): implement tools to continuously analyze and report vulnerabilities, automated reports (OWASP, bandit, snyk, HawkEye scanner, yarn audit, etc)	2021 Q2	❌
Security & Audit (SecOps)	leverage security-audit docker	Containers: implement tools to continuously analyze and report on vulnerabilities (docker-bench-security, snyk, aquasecurity microscanner, docker-bench, aws ecr scan)	✅	❌
Security & Audit (SecOps)	leverage security-audit	Review and Fix all snyk high sev findings	2021 Q2	❌
Security & Audit (SecOps)	leverage security-audit	Security and cost analysis in the CI PR automated process (le-tf-aws / le-ansible / le-tf-vault / le-tf-github)	2021 Q1	❌
Security & Audit (SecOps)	leverage security-audit	Comply with AWS Security Maturity Roadmap 2021	2021 Q2	❌
Compliance (SecOps)	leverage security-audit compliance	Certified compliant by the Center for Internet Security (CIS) end-to-end CIS-compliant Reference Architecture (get compliance out of the box)	2021 Q2	❌
Security & Audit (SecOps)	leverage security-audit dashboard	Centralized DevSecOps Tools and Audit Report Dashboard	2021 Q3	❌