Benchmark: SOC 2
Overview
System and Organization Controls (SOC) 2 is an auditing procedure that ensures a company's data is securely managed.
System and Organization Controls (SOC), defined by the American Institute of Certified Public Accountants (AICPA), is the name of a suite of reports produced during an audit. It's intended for use by service organizations (organizations that provide information systems as a service to other organizations) to issue validated reports of internal controls over those information systems to the users of those services. The reports focus on controls grouped into five categories known as Trust Service Principles.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select SOC 2.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.soc_2Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.soc_2 --shareBenchmarks
- CC1 Common Criteria Related to Control Environment
- CC2 Common Criteria Related to Communication and Information
- CC3 Common Criteria Related to Risk Assessment
- CC4 Monitoring Activities
- CC6 Logical and Physical Access
- CC7 System Operations
- CC8 Change Management
- A1 Additional Criterial for Availability
- C1 Additional Criterial for Confidentiality