Benchmark: 7.1 Establish and Maintain a Vulnerability Management Process
Description
Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 7.1 Establish and Maintain a Vulnerability Management Process.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.cis_controls_v8_ig1_7_1
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.cis_controls_v8_ig1_7_1 --share
Controls
- GuardDuty should be enabled
- AWS Security Hub should be enabled for an AWS Account
- SSM managed instance patching should be compliant