Benchmark: 3.4.9 Control and monitor user-installed software
Description
Users can install software in organizational systems if provided the necessary privileges. To maintain control over the software installed, organizations identify permitted and prohibited actions regarding software installation through policies. Permitted software installations include updates and security patches to existing software and applications from organization-approved 'app stores.' Prohibited software installations may include software with unknown or suspect pedigrees or software that organizations consider potentially malicious. The policies organizations select governing user-installed software may be organization-developed or provided by some external entity. Policy enforcement methods include procedural methods, automated methods, or both.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 3.4.9 Control and monitor user-installed software.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_800_171_rev_2_3_4_9
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_800_171_rev_2_3_4_9 --share
Controls
- EC2 instances should be managed by AWS Systems Manager
- SSM managed instance associations should be compliant