HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Terraform
Terraform Home

Pre-written policy library reference

This topic provides reference information about the Sentinel policy libraries that HashiCorp authors and maintains. For instructions on how to run the policy libraries, refer to Run pre-written Sentinel policies .

AWS policies

HashiCorp publishes pre-written policies for the following AWS standards.

Center for Internet Security (CIS)

The Center for Internet Security (CIS) is a non-profit organization that publishes prescriptive guidance for configuring secure cloud services. Refer to the CIS website for additional information.

CIS refers to their standards as benchmarks. HashiCorp publishes pre-written policies that support the following CIS benchmarks for AWS:

  • Amazon Web Services Foundations version 1.2. Refer to the AWS documentation for additional information about this version.
  • Amazon Web Services Foundations version 1.4. Refer to the AWS documentation for additional information about this version.
  • Amazon Web Services Foundations version 3.0. Refer to the AWS documentation for additional information about this version.

Refer to the CIS policy set for AWS GitHub repository for details about these policies.

Foundational Security Best Practices (FSBP)

The Foundational Security Best Practices (FSBP) standard enforces security best practices on AWS resources. HashiCorp publishes pre-written policies that support the following AWS FSBP standards:

  • AWS Foundational Security Best Practices v1.0.0. Refer to the AWS documentation for additional information.

Refer to the AWS FSBP policy set repository for details about these policies.

ISO/IEC 27001:2013 Annex A

International Electrotechnical Commission (IEC) and International Organization for Standardization (ISO) are independent, non-governmental, not-for-profit organizations that develop and publish international software standards.

The ISO/IEC 27001:2013 standard defines guidelines on how to establish, implement, maintain, and continually improve an information security management system. Annex A describes a set of information security controls, including cloud services governance, for mitigating risks identified in an information security management system. Refer to the AWS ISO/IEC 27001:2013 Annex A user guide for more information about the standard.

Refer to the 27001:2013 Annex A policy set repository for details about the policies HashiCorp publishes and maintains to support ISO/IEC 27001:2013 Annex A.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is set of rules for protecting payment data throughout the data's lifecycle. Compliance with PCI DSS is mandatory for organizations that handle credit card information. Refer to the PCI DSS website for more information about the standard.

Refer to the PCI DSS policy set reposity for details about the policies HashiCorp publishes and maintains.

NIST SP 800-53 Revision 5

NIST Special Publication 800-53 Revision 5 (NIST SP 800-53 Rev. 5) framework provides a catalog of security and privacy requirements for protecting the confidentiality, integrity, and availability of information systems and critical resources. Refer to the AWS NIST SP 800-53 documentation information about the AWS implementation.

Refer to Pre-written Sentinel Policies for AWS NIST Foundations Benchmarking repository for details about these policies.

Edit this page on GitHub