Benchmark: PR.PS-01
Description
Configuration management practices are established and applied.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select PR.PS-01.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_csf_v2_pr_ps_01
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_csf_v2_pr_ps_01 --share
Controls
- Auto Scaling groups with a load balancer should use health checks
- At least one enabled trail should be present in a region
- CloudTrail trail logs should be encrypted with KMS CMK
- CloudTrail trail log file validation should be enabled
- Directory Service directories manual snapshots limit should not be less than 2
- DLM EBS snapshot lifecycle policy should be enabled
- EC2 instances should be managed by AWS Systems Manager
- Network Firewall policies should have at least one rule group associated
- Stateless network firewall rule group should not be empty
- Secrets Manager secrets should be rotated within a specified number of days
- SSM managed instance associations should be compliant
- SSM managed instance patching should be compliant