Benchmark: ACSC-EE-ML1-2.5: Patch applications ML1
Description
Patches, updates or vendor mitigations for security vulnerabilities in internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select ACSC-EE-ML1-2.5: Patch applications ML1.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight_ml_1_2_5Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight_ml_1_2_5 --shareControls
- ECS fargate services should run on the latest fargate platform version
- EKS clusters should run on a supported Kubernetes version
- Elastic Beanstalk environment should have managed updates enabled
- Minor version upgrades should be automatically applied to ElastiCache for Redis cache clusters
- Lambda functions should use latest runtimes
- OpenSearch domains should be updated to the latest service software version
- RDS DB instance automatic minor version upgrade should be enabled
- AWS Redshift should have required maintenance settings
- SSM managed instance patching should be compliant