Benchmark: 3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion
Description
Audit information includes all information (e.g., audit records, audit log settings, and audit reports) needed to successfully audit system activity. Audit logging tools are those programs and devices used to conduct audit and logging activities. This requirement focuses on the technical protection of audit information and limits the ability to access and execute audit logging tools to authorized individuals. Physical protection of audit information is addressed by media protection and physical and environmental protection requirements.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_800_171_rev_2_3_3_8Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_800_171_rev_2_3_3_8 --shareControls
- CloudTrail trail logs should be encrypted with KMS CMK
- CloudTrail trail log file validation should be enabled
- Log group encryption at rest should be enabled
- S3 bucket default encryption should be enabled
- S3 bucket object lock should be enabled
- S3 bucket policy should prohibit public access
- S3 buckets should prohibit public read access
- S3 buckets should prohibit public write access
- S3 bucket versioning should be enabled
- S3 public access should be blocked at account level