Benchmark: 1.1 Establish and Maintain Detailed Enterprise Asset Inventory
Description
Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data, to include: end-user devices (including portable and mobile), network devices, non-computing/IoT devices, and servers. Ensure the inventory records the network address (if static), hardware address, machine name, enterprise asset owner, department for each asset, and whether the asset has been approved to connect to the network. For mobile end-user devices, MDM type tools can support this process, where appropriate. This inventory includes assets connected to the infrastructure physically, virtually, remotely, and those within cloud environments. Additionally, it includes assets that are regularly connected to the enterprise’s network infrastructure, even if they are not under control of the enterprise. Review and update the inventory of all enterprise assets bi-annually, or more frequently.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 1.1 Establish and Maintain Detailed Enterprise Asset Inventory.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.cis_controls_v8_ig1_1_1
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.cis_controls_v8_ig1_1_1 --share
Controls
- EC2 stopped instances should be removed in 30 days
- SSM managed instance associations should be compliant
- VPC EIPs should be associated with an EC2 instance or ENI
- VPC network access control lists (network ACLs) should be associated with a subnet.
- VPC security groups should be associated with at least one ENI