{"description": "To ensure the system can cryptographically verify base software packages\ncome from Amazon (and to connect to the Amazon Network to receive them),\nthe Amazon GPG key must properly be installed. To install the Amazon GPG\nkey, run:\n<pre>$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-linux-2023</pre>", "rationale": "Changes to software components can have significant effects on the overall\nsecurity of the operating system. This requirement ensures the software has\nnot been tampered with and that it has been provided by a trusted vendor.\nThe Amazon GPG key is necessary to cryptographically verify packages are\nfrom Amazon.", "severity": "high", "references": {"cis-csc": ["11", "2", "3", "9"], "cjis": ["5.10.4.1"], "cobit5": ["APO01.06", "BAI03.05", "BAI06.01", "BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS06.02"], "cui": ["3.4.8"], "hipaa": ["164.308(a)(1)(ii)(D)", "164.312(b)", "164.312(c)(1)", "164.312(c)(2)", "164.312(e)(2)(i)"], "isa-62443-2009": ["4.3.4.3.2", "4.3.4.3.3", "4.3.4.4.4"], "isa-62443-2013": ["SR 3.1", "SR 3.3", "SR 3.4", "SR 3.8", "SR 7.6"], "iso27001-2013": ["A.11.2.4", "A.12.1.2", "A.12.2.1", "A.12.5.1", "A.12.6.2", "A.14.1.2", "A.14.1.3", "A.14.2.2", "A.14.2.3", "A.14.2.4"], "nerc-cip": ["CIP-003-8 R4.2", "CIP-003-8 R6", "CIP-007-3 R4", "CIP-007-3 R4.1", "CIP-007-3 R4.2", "CIP-007-3 R5.1"], "nist": ["CM-5(3)", "SI-7", "SC-12", "SC-12(3)", "CM-6(a)"], "nist-csf": ["PR.DS-6", "PR.DS-8", "PR.IP-1"], "ospp": ["FPT_TUD_EXT.1", "FPT_TUD_EXT.2"], "pcidss": ["Req-6.2"], "srg": ["SRG-OS-000366-GPOS-00153"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the Amazon GPG Key is not installed", "ocil": "To ensure that the GPG key is installed, run:\n<pre>$ rpm -q --queryformat \"%{SUMMARY}\\n\" gpg-pubkey</pre>\nThe command should return the string below:\n<pre>Amazon Linux <amazon-linux@amazon.com> public key</pre>", "oval_external_content": null, "fixtext": "Install Ubuntu 22.04 GPG key. Run the following command:\n$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-linux-2023", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure Amazon GPG Key Installed", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/updating/ensure_amazon_gpgkey_installed/rule.yml", "template": null}