Benchmark: CC7.3 The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures
Description
Responds to Security Incidents - Procedures are in place for responding to security incidents and evaluating the effectiveness of those policies and procedures on a periodic basis.
Communicates and Reviews Detected Security Events - Detected security events are communicated to and reviewed by the individuals responsible for the management of the security program and actions are taken, if necessary.
Develops and Implements Procedures to Analyze Security Incidents - Procedures are in place to analyze security incidents and determine system impact.
Assesses the Impact on Personal Information - Detected security events are evaluated to determine whether they could or did result in the unauthorized disclosure or use of personal information and whether there has been a failure to comply with applicable laws or regulations.
Determines Personal Information Used or Disclosed - When an unauthorized use or disclosure of personal information has occurred, the affected information is identified.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select CC7.3 The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.soc_2_cc_7_3
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.soc_2_cc_7_3 --share
Controls
- API Gateway stage logging should be enabled
- CloudTrail trails should be integrated with CloudWatch logs
- CloudTrail trail log file validation should be enabled
- CloudWatch alarm should have an action configured
- Log group retention period should be at least 365 days
- ELB application and classic load balancer logging should be enabled
- Elasticsearch domain should send logs to CloudWatch
- GuardDuty should be enabled
- GuardDuty findings should be archived
- Lambda functions should be configured with a dead-letter queue
- Log group encryption at rest should be enabled
- OpenSearch domains should have audit logging enabled.
- OpenSearch domains logs to AWS CloudWatch Logs
- Database logging should be enabled
- AWS Redshift audit logging should be enabled
- S3 buckets should have event notifications enabled
- S3 bucket logging should be enabled
- AWS Security Hub should be enabled for an AWS Account
- VPC flow logs should be enabled
- WAF web ACL logging should be enabled