Benchmark: 2.4 Maintain an inventory of system components that are in scope for PCI DSS
Description
Maintaining a current list of all system components will enable an organization to accurately and efficiently define the scope of their environment for implementing PCI DSS controls. Without an inventory, some system components could be forgotten, and be inadvertently excluded from the organization's configuration standards.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 2.4 Maintain an inventory of system components that are in scope for PCI DSS.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v321_requirement_2_4Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v321_requirement_2_4 --shareBenchmarks
Controls
- AWS Config should be enabled
- EC2 instances should be managed by AWS Systems Manager
- SSM managed instance associations should be compliant
- VPC EIPs should be associated with an EC2 instance or ENI