Benchmark: 3.4 Configuration Management
Description
CM controls are specific to an organization's configuration management policies. This includes a baseline configuration to operate as the basis for future builds or changes to information systems. Additionally, this includes information system component inventories and a security impact analysis control.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 3.4 Configuration Management.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_800_171_rev_2_3_4
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_800_171_rev_2_3_4 --share
Benchmarks
- 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles
- 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems
- 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems
- 3.4.4 Analyze the security impact of changes prior to implementation
- 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems
- 3.4.6 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities
- 3.4.7 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services
- 3.4.9 Control and monitor user-installed software