Benchmark: Boundary Protection (SC-7)
Description
The information system: a. Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system; b. Implements subnetworks for publicly accessible system components that are [Selection: physically; logically] separated from internal organizational networks; and c. Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select Boundary Protection (SC-7).
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_5_sc_7
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_5_sc_7 --share
Benchmarks
- SC-7(2) Public Access
- SC-7(3) Access Points
- SC-7(4) External Telecommunications Services
- SC-7(5) Deny By Default — Allow By Exception
- SC-7(7) Split Tunneling For Remote Devices
- SC-7(9) Restrict Threatening Outgoing Communications Traffic
- SC-7(11) Restrict Incoming communications Traffic
- SC-7(12) Host-Based Protection
- SC-7(16) Prevent Discovery Of System Components
- SC-7(20) Prevent Discovery Of System Components
- SC-7(21) Isolation Of System Components
- SC-7(24) Personally Identifiable Information
- SC-7(25) Unclassified National Security System Connections
- SC-7(26) Classified National Security System Connections
- SC-7(27) Unclassified Non-National Security System Connections
- SC-7(28) Connections To Public Networks
- SC-7(a)
- SC-7(b)
- SC-7(c)