Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Benchmark: 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion

Description

Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Separation of duties includes dividing mission functions and system support functions among different individuals or roles; conducting system support functions with different individuals (e.g., configuration management, quality assurance and testing, system management, programming, and network security); and ensuring that security personnel administering access control functions do not also administer audit functions. Because separation of duty violations can span systems and application domains, organizations consider the entirety of organizational systems and system components when developing policy on separation of duties.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion.

Run this benchmark in your terminal:

powerpipe benchmark run aws_compliance.benchmark.nist_800_171_rev_2_3_1_4

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_compliance.benchmark.nist_800_171_rev_2_3_1_4 --share

Controls

Tags

category = Compliance
nist_800_171_rev_2 = true
plugin = aws
service = AWS
type = Benchmark