aws_compliance

Checks if AWS FSx File Systems are protected by a backup plan. The rule is non-compliant if the AWS FSx File System is not covered by a backup plan.

fsx_file_system_protected_by_backup_plan

pci_dss_v40_requirement_10_3_3

10.3.3: Audit log files, including those for externalfacing technologies, are promptly backed up to a secure, central, internal log server(s) or other media that is difficult to modify

gxp_21_cfr_part_11_11_10_a

11.10(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records

gxp_eu_annex_11_operational_phase_16

16 Business Continuity

hipaa_security_rule_2003_164_308_a_7_i

164.308(a)(7)(i) Contingency plan

hipaa_final_omnibus_security_rule_2013_164_308_a_7_i

hipaa_security_rule_2003_164_308_a_7_ii_a

164.308(a)(7)(ii)(A) Data backup plan

hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_a

hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_b

164.308(a)(7)(ii)(B) Disaster recovery plan

hipaa_security_rule_2003_164_308_a_7_ii_b

hipaa_security_rule_2003_164_308_a_7_ii_c

164.308(a)(7)(ii)(C) Emergency mode operation plan

hipaa_final_omnibus_security_rule_2013_164_308_a_7_ii_c

hipaa_final_omnibus_security_rule_2013_164_310_d_2_iv

164.310(d)(2)(iv) Data backup and storage

hipaa_security_rule_2003_164_310_d_2_iv

hipaa_security_rule_2003_164_312_a_2_ii

164.312(a)(2)(ii) Emergency access procedure

hipaa_final_omnibus_security_rule_2013_164_312_a_2_ii

gxp_eu_annex_11_operational_phase_17

17 Archiving

pci_dss_v321_requirement_3_1_c

3.1.c For a sample of system components that store cardholder data examine files and system records to verify that the data stored does not exceed the requirements defined in the data retention policy and observe the deletion mechanism to verify data is deleted securely

nist_800_171_rev_2_3_13_2

3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems

nist_800_171_rev_2_3_8_9

3.8.9 Protect the confidentiality of backup CUI at storage locations

gxp_eu_annex_11_project_phase_4_8

4.8 Validation - Data Transfer

gxp_eu_annex_11_operational_phase_5

5 Data

rbi_itf_nbfc_6_3

6.3 Backup and Recovery

gxp_eu_annex_11_operational_phase_7_2

7.2 Data Storage - Backups

soc_2_a_1_2

A1.2 The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives

acsc_essential_eight_ml_1_8_1

ACSC-EE-ML1-8.1: Regular backups ML1

acsc_essential_eight_ml_1_8_2

ACSC-EE-ML1-8.2: Regular backups ML1

acsc_essential_eight_ml_1_8_3

ACSC-EE-ML1-8.3: Regular backups ML1

acsc_essential_eight_ml_2_8_1

ACSC-EE-ML2-8.1: Regular backups ML2

acsc_essential_eight_ml_2_8_2

ACSC-EE-ML2-8.2: Regular backups ML2

acsc_essential_eight_ml_2_8_3

ACSC-EE-ML2-8.3: Regular backups ML2

acsc_essential_eight_ml_3_8_1

ACSC-EE-ML3-8.1: Regular backups ML3

acsc_essential_eight_ml_3_8_2

ACSC-EE-ML3-8.2: Regular backups ML3

acsc_essential_eight_ml_3_8_3

ACSC-EE-ML3-8.3: Regular backups ML3

cisa_cyber_essentials_booting_up_things_to_do_first_1

Booting Up: Things to Do First-1

soc_2_cc_7_4

CC7.4 The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate

fedramp_moderate_rev_4_cp_9_b

CP-9(b)

all_controls_fsx

nist_csf_v2_id_am_08

ID.AM-08

fedramp_moderate_rev_4_si_12

Information Handling and Retention (SI-12)

fedramp_low_rev_4_cp_9

Information System Backup (CP-9)

fedramp_low_rev_4_cp_10

Information System Recovery And Reconstitution (CP-10)

fedramp_moderate_rev_4_cp_10

nist_csf_v2_pr_ds_11

PR.DS-11

nist_csf_pr_ip_9

PR.IP-9

nist_csf_v2_pr_ir_02

PR.IR-02

nist_csf_v2_rc_rp_05

RC.RP-05

nist_csf_rc_rp_1

RC.RP-1

nist_csf_rs_rp_1

RS.RP-1

cisa_cyber_essentials_your_data_4

Your Data-4

cisa_cyber_essentials_your_systems_3

Your Systems-3

FSx file system should be protected by backup plan

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: FSx file system should be protected by backup plan

Description

Usage

SQL

Tags