turbot/aws_compliance

Benchmark: CC8.1 The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives

Description

Manages Changes Throughout the System Lifecycle - A process for managing system changes throughout the lifecycle of the system and its components (infrastructure, data, software and procedures) is used to support system availability and processing integrity.

Authorizes Changes - A process is in place to authorize system changes prior to development.

Designs and Develops Changes - A process is in place to design and develop system changes.

Documents Changes - A process is in place to document system changes to support ongoing maintenance of the system and to support system users in performing their responsibilities.

Tracks System Changes - A process is in place to track system changes prior to implementation.

Configures Software - A process is in place to select and implement the configuration parameters used to control the functionality of software.

Tests System Changes - A process is in place to test system changes prior to implementation.

Approves System Changes - A process is in place to approve system changes prior to implementation.

Deploys System Changes - A process is in place to implement system changes.

Identifies and Evaluates System Changes - Objectives affected by system changes are identified, and the ability of the modified system to meet the objectives is evaluated throughout the system development life cycle.

Identifies Changes in Infrastructure, Data, Software, and Procedures Required to Remediate Incidents - Changes in infrastructure, data, software, and procedures required to remediate incidents to continue to meet objectives are identified, and the change process is initiated upon identification.

Creates Baseline Configuration of IT Technology - A baseline configuration of IT and control systems is created and maintained.

Provides for Changes Necessary in Emergency Situations - A process is in place for authorizing, designing, testing, approving and implementing changes necessary in emergency situations (that is, changes that need to be implemented in an urgent timeframe).

Protects Confidential Information - The entity protects confidential information during system design, development, testing, implementation, and change processes to meet the entity’s objectives related to confidentiality.

Protects Personal Information - The entity protects personal information during system design, development, testing, implementation, and change processes to meet the entity’s objectives related to privacy.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select CC8.1 The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives.

Run this benchmark in your terminal:

powerpipe benchmark run aws_compliance.benchmark.soc_2_cc_8_1

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_compliance.benchmark.soc_2_cc_8_1 --share

Controls

Tags