aws_compliance

Enable this rule to help with identification and documentation of AWS Elastic Compute Cloud (AWS EC2) vulnerabilities.

ssm_managed_instance_compliance_patch_compliant

gxp_21_cfr_part_11_11_10_a

11.10(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records

gxp_21_cfr_part_11_11_10_h

11.10(h) Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction

pci_dss_v40_requirement_11_3_1_1

11.3.1.1: All other applicable vulnerabilities (those not ranked as high-risk vulnerabilities or critical vulnerabilities according to the entity's vulnerability risk rankings)

pci_dss_v40_requirement_11_3_1_3

11.3.1.3: 3 Internal vulnerability scans are performed after any significant change

pci_dss_v40_requirement_11_3_1

11.3.1: Internal vulnerability scans are performed

cis_controls_v8_ig1_12_1

12.1 Ensure Network Infrastructure is Up-to-Date

hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_b

164.308(a)(1)(ii)(B) Risk management

hipaa_security_rule_2003_164_308_a_1_ii_b

hipaa_final_omnibus_security_rule_2013_164_308_a_5_ii_b

164.308(a)(5)(ii)(B) Protection from malicious software

hipaa_security_rule_2003_164_308_a_5_ii_b

pci_dss_v321_requirement_2_2_4

2.2.4 Configure system security parameters to prevent misuse

pci_dss_v321_requirement_2_2_5_b

2.2.5.b. Examine the documentation and security parameters to verify enabled functions are documented and support secure configuration

rbi_itf_nbfc_3_1_g

3.1.g Incident Management

nist_800_171_rev_2_3_14_2

3.14.2 Provide protection from malicious code at designated locations within organizational systems

nist_800_171_rev_2_3_14_3

3.14.3 Monitor system security alerts and advisories and take action in response

nist_800_172_3_14_7_e

3.14.7e Verify the correctness of [Assignment: organization-defined security critical or essential software, firmware, and hardware components] using [Assignment: organization-defined verification methods or techniques].

rbi_itf_nbfc_3_3

3.3 Vulnerability Management

nist_800_172_3_4_2_e

3.4.2e Employ automated mechanisms to detect misconfigured or unauthorized system components; after detection, [Selection (one or more): remove the components; place the components in a quarantine or remediation network] to facilitate patching, re-configuration, or other mitigations

rbi_itf_nbfc_3_5

3.5 Cyber Crisis Management Plan

pci_dss_v321_requirement_6_2

6.2 Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor- supplied security patches

pci_dss_v321_requirement_6_2_b

6.2.b For a sample of system components and related software, compare the list of security patches installed on each system to the most recent vendor security-patch list, to verify that the applicable critical vendor-supplied security patches are installed within one month of release, all applicable vendor-supplied security patches are installed within an appropriate time frame (for example, within three months)

pci_dss_v40_requirement_6_3_3

6.3.3: All system components are protected from known vulnerabilities by installing applicable security patches/updates

cis_controls_v8_ig1_7_1

7.1 Establish and Maintain a Vulnerability Management Process

cis_controls_v8_ig1_7_3

7.3 Perform Automated Operating System Patch Management

acsc_essential_eight_ml_1_2_5

ACSC-EE-ML1-2.5: Patch applications ML1

acsc_essential_eight_ml_1_6_5

ACSC-EE-ML1-6.5: Patch operating systems ML1

acsc_essential_eight_ml_1_6_6

ACSC-EE-ML1-6.6: Patch operating systems ML1

acsc_essential_eight_ml_1_6_7

ACSC-EE-ML1-6.7: Patch operating systems ML1

acsc_essential_eight_ml_2_6_5

ACSC-EE-ML2-6.5: Patch operating systems ML2

acsc_essential_eight_ml_2_6_6

ACSC-EE-ML2-6.6: Patch operating systems ML2

acsc_essential_eight_ml_2_6_7

ACSC-EE-ML2-6.7: Patch operating systems ML2

acsc_essential_eight_ml_3_2_9

ACSC-EE-ML3-2.9: Patch applications ML3

acsc_essential_eight_ml_3_6_5

ACSC-EE-ML3-6.5: Patch operating systems ML3

acsc_essential_eight_ml_3_6_6

ACSC-EE-ML3-6.6: Patch operating systems ML3

acsc_essential_eight_ml_3_6_7

ACSC-EE-ML3-6.7: Patch operating systems ML3

acsc_essential_eight_ml_3_6_8

ACSC-EE-ML3-6.8: Patch operating systems ML3

rbi_cyber_security_annex_i_6

Annex I (6)

fedramp_moderate_rev_4_si_2_2

Automated Flaw Remediation Status (SI-2(2))

cisa_cyber_essentials_booting_up_things_to_do_first_3

Booting Up: Things to Do First-3

soc_2_cc_3_2

CC3.2 COSO Principle 7: The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed

nist_800_53_rev_4_cm_8_3

CM-8(3) Automated Unauthorized Component Detection

fedramp_moderate_rev_4_cm_8_3_a

CM-8(3)(a)

nist_800_53_rev_5_cm_8_3_a

ffiec_d_2_ti_ti_b_2

D2.TI.Ti.B.2

ffiec_d_3_cc_pm_b_1

D3.CC.PM.B.1

ffiec_d_3_cc_pm_b_3

D3.CC.PM.B.3

ffiec_d_3_dc_th_b_1

D3.DC.Th.B.1

ffiec_d_3_pc_im_b_5

D3.PC.Im.B.5

nist_csf_v2_gv_oc_03

GV.OC-03

nist_csf_v2_id_im_01

ID.IM-01

nist_csf_v2_id_im_02

ID.IM-02

nist_csf_v2_id_ra_01

ID.RA-01

nist_csf_v2_id_ra_08

ID.RA-08

nist_csf_id_ra_1

ID.RA-1

fedramp_low_rev_4_cm_8

Information System Component Inventory (CM-8)

nist_csf_pr_ip_12

PR.IP-12

nist_csf_v2_pr_ps_01

PR.PS-01

nist_csf_v2_pr_ps_02

PR.PS-02

nist_csf_v2_pr_ps_03

PR.PS-03

nist_csf_v2_pr_ps_05

PR.PS-05

nist_800_53_rev_5_ra_3_a_1

RA-3(a)(1)

nist_800_53_rev_5_si_2_2

SI-2(2) Automated Flaw Remediation Status

nist_800_53_rev_4_si_2_2

SI-2(2) Automates Flaw Remediation Status

nist_800_53_rev_5_si_2_5

SI-2(5) Automatic Software And Firmware Updated

nist_800_53_rev_5_si_2_c

SI-2(c)

nist_800_53_rev_5_si_2_d

SI-2(d)

nist_800_53_rev_5_si_3_c_2

SI-3(c)(2)

fedramp_moderate_rev_4_si_7_1

SI-7(1) Integrity Checks

nist_800_53_rev_4_si_7_1

all_controls_ssm

cisa_cyber_essentials_your_systems_1

Your Systems-1

cisa_cyber_essentials_your_systems_2

Your Systems-2

SSM managed instance patching should be compliant

foundational_security_ssm_2

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: SSM managed instance patching should be compliant

Description

Usage

SQL

Tags