Benchmark: ACSC-EE-ML1-6.6: Patch operating systems ML1
Description
Patches, updates or vendor mitigations for security vulnerabilities in operating systems of workstations, servers and network devices are applied within one month of release.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select ACSC-EE-ML1-6.6: Patch operating systems ML1.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight_ml_1_6_6Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight_ml_1_6_6 --shareControls
- ECS fargate services should run on the latest fargate platform version
- EKS clusters should run on a supported Kubernetes version
- Elastic Beanstalk environment should have managed updates enabled
- Minor version upgrades should be automatically applied to ElastiCache for Redis cache clusters
- Lambda functions should use latest runtimes
- OpenSearch domains should be updated to the latest service software version
- RDS DB instance automatic minor version upgrade should be enabled
- AWS Redshift should have required maintenance settings
- SSM managed instance patching should be compliant