Up to Documentation

FAQ: Frequently Asked Questions

FAQ

What is JASP

Q: What is JASP?

JASP is a platform for security automation. At the present time, it is a platform for checking security in an AWS environment.

Q: Is JASP just for AWS?

The vision for JASP is to be a platform for security automation. We started with AWS.

Q: Is JASP free?

No. Starting in May 2019, we have removed support for the free tier. To run scans, new and existing users will need to upgrade to the paid subscription tier.

Getting Started

Q: Do I need to give Jemurai / JASP access to my AWS account?

Yes. We perform the service by connecting to your AWS environment with read only privileges and asking a bunch of questions, which we call checks. If we can’t ask the questions, we can’t give you the answers.

Q: Should I use STS or a read only user?

Generally, we recommend using STS. See: Creating an AWS STS Role for JASP and Creating an AWS Read-only User for JASP

What does JASP check?

Q: Does JASP check everything?

No. While we are constantly working to add checks and identify new potential issues, there is no way we could (or would) assert that we check everything. A clean bill of health from JASP is not a guarantee of any kind.

Q: Can we request a check?

Yes. Absolutely. Please contact support@jemurai.com and we will provide a timeline for implementing a check. We may not implement certain checks, say if they require access to data in an instance, but our goal is to identify all of the things you would want us to find.

Q: Does JASP check S3?

Yes. JASP checks for public, unencrypted or otherwise loosely configured S3 buckets.

Q: Does JASP check IAM?

Yes. JASP checks for several types of things in IAM including a strong password policy, recent root account access key usage, MFA, etc.