Benchmark: 11.10(c) Protection of records to enable their accurate and ready retrieval throughout the records retention period
Description
Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following: (c) Protection of records to enable their accurate and ready retrieval throughout the records retention period.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 11.10(c) Protection of records to enable their accurate and ready retrieval throughout the records retention period.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.gxp_21_cfr_part_11_11_10_cSnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.gxp_21_cfr_part_11_11_10_c --shareControls
- At least one enabled trail should be present in a region
- CloudTrail trail logs should be encrypted with KMS CMK
- CloudTrail trail log file validation should be enabled
- Log group retention period should be at least 365 days
- DynamoDB tables should be in a backup plan
- DynamoDB table point-in-time recovery should be enabled
- EBS volumes should be in a backup plan
- EC2 instance should have EBS optimization enabled
- ECR repositories should have lifecycle policies configured
- EFS file systems should be in a backup plan
- ElastiCache Redis cluster automatic backup should be enabled with retention period of 15 days or greater
- RDS DB instance backup should be enabled
- RDS DB instance encryption at rest should be enabled
- RDS DB instances should be in a backup plan
- RDS DB snapshots should be encrypted at rest
- RDS snapshots should prohibit public access
- AWS Redshift clusters should have automatic snapshots enabled
- Redshift cluster encryption in transit should be enabled
- Redshift cluster audit logging and encryption should be enabled
- Redshift clusters should prohibit public access
- S3 bucket cross-region replication should be enabled
- S3 bucket default encryption should be enabled
- S3 buckets should enforce SSL
- S3 buckets should have lifecycle policies configured
- S3 buckets should prohibit public read access
- S3 buckets should prohibit public write access
- S3 buckets with versioning enabled should have lifecycle policies configured
- S3 bucket versioning should be enabled
- SageMaker endpoint configuration encryption should be enabled
- SageMaker notebook instances should not have direct internet access
- SageMaker notebook instance encryption should be enabled