Benchmark: PR.PS-05
Description
Installation and execution of unauthorized software are prevented.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select PR.PS-05.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_csf_v2_pr_ps_05
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_csf_v2_pr_ps_05 --share
Controls
- EC2 auto scaling group launch configurations user data should not have any sensitive data
- EC2 instances should be managed by AWS Systems Manager
- ECS containers should run as non-privileged
- ECS containers should be limited to read-only access to root filesystems
- ECS task definitions should not share the host's process namespace
- ECS task definitions should not use root user.
- ECS task definition container definitions should be checked for host mode
- SSM managed instance associations should be compliant
- SSM managed instance patching should be compliant