Restrict which resource types can be deployed in your environment. Limiting resource types can reduce the complexity and attack surface of your environment while also helping to manage costs. Compliance results are only shown for non-compliant resources.
Default Deny Allowed Audit, Deny, Disabled
Rule resource types
The following 1 compliance controls are associated with this Policy definition 'Not allowed resource types' (6c112d4e-5bc7-47ae-a041-ea2d9dccd749)
A large financial institution is required to'
(a) implement a centralised automated tracking system to manage its technology asset inventory; and
(b) establish a dedicated in-house cyber risk management function to manage cyber risks or emerging cyber threats. The cyber risk management function shall be responsible for the following:
(i) perform detailed analysis on cyber threats, provide risk assessments on potential cyber-attacks and ensure timely review and escalation of all high-risk cyber threats to senior management and the board; and
(ii) proactively identify potential vulnerabilities including those arising from infrastructure hosted with third party service providers through the simulation of sophisticated 'Red Team' attacks on its current security controls.