Benchmark: CM-8(3) Automated Unauthorized Component Detection
Description
The organization employs automated mechanisms to detect the presence of unauthorized hardware, software, and firmware components within the information system and takes actions (disables network access by such components, isolates the components etc) when unauthorized components are detected.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select CM-8(3) Automated Unauthorized Component Detection.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_4_cm_8_3
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_4_cm_8_3 --share
Controls
- EC2 instances should be managed by AWS Systems Manager
- SSM managed instance associations should be compliant
- SSM managed instance patching should be compliant