Benchmark: ACSC-EE-ML3-6.6: Patch operating systems ML3
Description
Patches, updates or vendor mitigations for security vulnerabilities in operating systems of workstations, servers and network devices are applied within two weeks of release, or within 48 hours if an exploit exists.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select ACSC-EE-ML3-6.6: Patch operating systems ML3.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight_ml_3_6_6
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight_ml_3_6_6 --share
Controls
- ECS fargate services should run on the latest fargate platform version
- EKS clusters should run on a supported Kubernetes version
- Elastic Beanstalk environment should have managed updates enabled
- Minor version upgrades should be automatically applied to ElastiCache for Redis cache clusters
- Lambda functions should use latest runtimes
- OpenSearch domains should be updated to the latest service software version
- RDS DB instance automatic minor version upgrade should be enabled
- AWS Redshift should have required maintenance settings
- SSM managed instance patching should be compliant