Benchmark: 3.1 Access Control
Description
The access control family consists of security requirements detailing system logging. This includes who has access to what assets and reporting capabilities like account management, system privileges, and remote access logging to determine when users have access to the system and their level of access.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 3.1 Access Control.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_800_171_rev_2_3_1Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_800_171_rev_2_3_1 --shareBenchmarks
- 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems)
- 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute
- 3.1.3 Control the flow of CUI in accordance with approved authorizations
- 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion
- 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts
- 3.1.6 Use non-privileged accounts or roles when accessing nonsecurity functions
- 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs
- 3.1.12 Monitor and control remote access sessions
- 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions
- 3.1.14 Route remote access via managed access control points
- 3.1.20 Verify and control/limit connections to and use of external systems