Benchmark: Developer Configuration Management (SA-10)
Description
The organization requires the developer of the information system, system component, or information system service to: a. Perform configuration management during system, component, or service [Selection (one or more): design; development; implementation; operation]; b. Document, manage, and control the integrity of changes to [Assignment: organization-defined configuration items under configuration management]; c. Implement only organization-approved changes to the system, component, or service; d. Document approved changes to the system, component, or service and the potential security impacts of such changes; and e. Track security flaws and flaw resolution within the system, component, or service and report findings to [Assignment: organization-defined personnel].
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select Developer Configuration Management (SA-10).
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_4_sa_10
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_4_sa_10 --share
Controls
- EC2 instances should be managed by AWS Systems Manager
- GuardDuty should be enabled
- GuardDuty findings should be archived
- AWS Security Hub should be enabled for an AWS Account