Benchmark: 11.10(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records
Description
Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following: (a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 11.10(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.gxp_21_cfr_part_11_11_10_aSnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.gxp_21_cfr_part_11_11_10_a --shareControls
- Backup plan min frequency and min retention check
- Backup recovery points should be encrypted
- Backup recovery points manual deletion should be disabled
- Backup recovery points should not expire before retention period
- At least one trail should be enabled with security best practices
- CloudTrail trail log file validation should be enabled
- DynamoDB table auto scaling should be enabled
- DynamoDB tables should be in a backup plan
- DynamoDB table point-in-time recovery should be enabled
- DynamoDB table should be protected by backup plan
- EBS volumes should be in a backup plan
- EBS volumes should be protected by a backup plan
- EBS volumes should be attached to EC2 instances
- EC2 instance should have EBS optimization enabled
- EC2 instances should be protected by backup plan
- EC2 instances should be managed by AWS Systems Manager
- EC2 stopped instances should be removed in 30 days
- EFS file systems should be in a backup plan
- EFS file systems should be protected by backup plan
- ElastiCache Redis cluster automatic backup should be enabled with retention period of 15 days or greater
- ELB application load balancer deletion protection should be enabled
- ELB classic load balancers should have cross-zone load balancing enabled
- FSx file system should be protected by backup plan
- RDS Aurora clusters should be protected by backup plan
- RDS DB instance backup should be enabled
- RDS DB instances should have deletion protection enabled
- RDS DB instances should be in a backup plan
- RDS DB instance multiple az should be enabled
- RDS DB instance should be protected by backup plan
- AWS Redshift clusters should have automatic snapshots enabled
- S3 bucket cross-region replication should be enabled
- S3 bucket object lock should be enabled
- S3 bucket versioning should be enabled
- SSM managed instance associations should be compliant
- SSM managed instance patching should be compliant
- Both VPN tunnels provided by AWS Site-to-Site VPN should be in UP status