Benchmark: CC2.1 COSO Principle 13: The entity obtains or generates and uses relevant, quality information to support the functioning of internal control
Description
Identifies Information Requirements - A process is in place to identify the information required and expected to support the functioning of the other components of internal control and the achievement of the entity’s objectives.
Captures Internal and External Sources of Data - Information systems capture internal and external sources of data.
Processes Relevant Data Into Information - Information systems process and transform relevant data into information.
Maintains Quality Throughout Processing - Information systems produce information that is timely, current, accurate, complete, accessible, protected, verifiable, and retained. Information is reviewed to assess its relevance in supporting the internal control components.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select CC2.1 COSO Principle 13: The entity obtains or generates and uses relevant, quality information to support the functioning of internal control.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.soc_2_cc_2_1
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.soc_2_cc_2_1 --share
Controls
- All S3 buckets should log S3 data events in CloudTrail
- At least one trail should be enabled with security best practices
- AWS Config should be enabled