Benchmark: Information Handling and Retention (SI-12)
Description
The organization handles and retains information within the information system and information output from the system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select Information Handling and Retention (SI-12).
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.fedramp_moderate_rev_4_si_12
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.fedramp_moderate_rev_4_si_12 --share
Controls
- Backup plan min frequency and min retention check
- Log group retention period should be at least 365 days
- DynamoDB table point-in-time recovery should be enabled
- DynamoDB table should be protected by backup plan
- EBS volumes should be protected by a backup plan
- EC2 instances should be protected by backup plan
- EFS file systems should be protected by backup plan
- ElastiCache Redis cluster automatic backup should be enabled with retention period of 15 days or greater
- FSx file system should be protected by backup plan
- RDS Aurora clusters should be protected by backup plan
- RDS DB instance backup should be enabled
- RDS DB instance should be protected by backup plan
- AWS Redshift clusters should have automatic snapshots enabled
- S3 bucket versioning should be enabled