Benchmark: 4.1 Establish and Maintain a Secure Configuration Process
Description
Establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile, non-computing/IoT devices, and servers) and software (operating systems and applications). Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 4.1 Establish and Maintain a Secure Configuration Process.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.cis_controls_v8_ig1_4_1Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.cis_controls_v8_ig1_4_1 --shareControls
- AWS account should be part of AWS Organizations
- At least one trail should be enabled with security best practices
- EBS volumes should be attached to EC2 instances
- EC2 stopped instances should be removed in 30 days
- AWS Redshift should have required maintenance settings
- SSM managed instance associations should be compliant