turbot/aws_compliance

Benchmark: AC-3(4) Discretionary Access Control

Description

Enforce [Assignment: organization-defined discretionary access control policy] over the set of covered subjects and objects specified in the policy, and where the policy specifies that a subject that has been granted access to information can do one or more of the following: (a) Pass the information to any other subjects or objects; (b) Grant its privileges to other subjects; (c) Change security attributes on subjects, objects, the system, or the system’s components; (d) Choose the security attributes to be associated with newly created or revised objects; or (e) Change the rules governing access control.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select AC-3(4) Discretionary Access Control.

Run this benchmark in your terminal:

powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_5_ac_3_4

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_5_ac_3_4 --share

Benchmarks

Controls

Tags