Benchmark: CM-8(3)(a)
Description
Detect the presence of unauthorized hardware, software, and firmware components within the system using [Assignment: organization-defined automated mechanisms] [Assignment: organization-defined frequency].
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select CM-8(3)(a).
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_5_cm_8_3_a
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_5_cm_8_3_a --share
Controls
- EC2 instances should be managed by AWS Systems Manager
- GuardDuty should be enabled
- SSM managed instance associations should be compliant
- SSM managed instance patching should be compliant