Vendor services misconfigurations

API Gateway is not using AWS WAF

Platform(s)
Compliance Frameworks

AWS Foundational Security Best Practices Controls, CCPA, cis_8, CPRA, iso_27001_2022, iso_27002_2022, mpa, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, Orca Best Practices, PDPA, UK Cyber Essentials

Description

API Gateway {AwsApiGatewayEndpoint} is not using Web Application Firewall (WAF). WAF helps protect APIs from common web exploits