Benchmark: RC.RP-05
Description
The integrity of restored assets is verified, systems and services are restored, and normal operating status is confirmed.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select RC.RP-05.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_csf_v2_rc_rp_05
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_csf_v2_rc_rp_05 --share
Controls
- Backup recovery points should be encrypted
- Backup recovery points manual deletion should be disabled
- Backup recovery points should not expire before retention period
- CloudTrail trail log file validation should be enabled
- DynamoDB table point-in-time recovery should be enabled
- EFS file systems should be in a backup plan
- EFS file systems should be protected by backup plan
- FSx file system should be protected by backup plan
- GuardDuty should be enabled
- RDS DB instance backup should be enabled
- RDS DB instances should be in a backup plan
- RDS DB instance should be protected by backup plan
- AWS Security Hub should be enabled for an AWS Account