Benchmark: CC4.2 COSO Principle 17: The entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate
Description
Assesses Results - Management and the board of directors, as appropriate, assess results of ongoing and separate evaluations.
Communicates Deficiencies - Deficiencies are communicated to parties responsible for taking corrective action and to senior management and the board of directors, as appropriate.
Monitors Corrective Action - Management tracks whether deficiencies are remedied on a timely basis.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select CC4.2 COSO Principle 17: The entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.soc_2_cc_4_2
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.soc_2_cc_4_2 --share
Controls
- CloudWatch alarm action should be enabled
- GuardDuty should be enabled
- GuardDuty findings should be archived