Benchmark: System Development Life Cycle (SA-3)
Description
The organization manages the information system using organization-defined system development life cycle, defines and documents information security roles and responsibilities throughout the system development life cycle, identifies individuals having information security roles and responsibilities and integrates the organizational information security risk management process into system development life cycle activities.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select System Development Life Cycle (SA-3).
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_4_sa_3
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_4_sa_3 --share
Controls
- CodeBuild project plaintext environment variables should not contain sensitive AWS values
- CodeBuild GitHub or Bitbucket source repository URLs should use OAuth
- EC2 instances should be managed by AWS Systems Manager