Benchmark: ACSC-EE-ML3-6.5: Patch operating systems ML3
Description
Patches, updates or vendor mitigations for security vulnerabilities in operating systems of Internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select ACSC-EE-ML3-6.5: Patch operating systems ML3.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight_ml_3_6_5Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight_ml_3_6_5 --shareControls
- ECS fargate services should run on the latest fargate platform version
- EKS clusters should run on a supported Kubernetes version
- Elastic Beanstalk environment should have managed updates enabled
- Minor version upgrades should be automatically applied to ElastiCache for Redis cache clusters
- Lambda functions should use latest runtimes
- OpenSearch domains should be updated to the latest service software version
- RDS DB instance automatic minor version upgrade should be enabled
- AWS Redshift should have required maintenance settings
- SSM managed instance patching should be compliant