v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Benchmark: CC6.3 The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity’s objectives

Description

Creates or Modifies Access to Protected Information Assets - Processes are in place to create or modify access to protected information assets based on authorization from the asset’s owner.

Removes Access to Protected Information Assets - Processes are in place to remove access to protected information assets when an individual no longer requires access.

Uses Role-Based Access Controls - Role-based access control is utilized to support segregation of incompatible functions.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select CC6.3 The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity’s objectives.

Run this benchmark in your terminal:

powerpipe benchmark run aws_compliance.benchmark.soc_2_cc_6_3

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_compliance.benchmark.soc_2_cc_6_3 --share

Controls

Tags

category = Compliance
plugin = aws
service = AWS/IAM
soc_2 = true
soc_2_item_id = 6.3
soc_2_section_id = cc6
soc_2_type = automated
type = Benchmark