Benchmark: D3.PC.Am.B.10

Description

Production and non-production environments are segregated to prevent unauthorized access or changes to information assets. (*N/A if no production environment exists at the institution or the institution's third party.)

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select D3.PC.Am.B.10.

Run this benchmark in your terminal:

powerpipe benchmark run aws_compliance.benchmark.ffiec_d_3_pc_am_b_10

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_compliance.benchmark.ffiec_d_3_pc_am_b_10 --share

Controls

• EC2 instances should be in a VPC
• VPC security groups should restrict ingress access on ports 20, 21, 22, 3306, 3389, 4333 from 0.0.0.0/0
• VPC security groups should restrict ingress SSH access from 0.0.0.0/0
• VPC security groups should restrict ingress TCP and UDP access from 0.0.0.0/0

Tags