Benchmark: Flaw Remediation (SI-2)
Description
The organization: a.Identifies, reports, and corrects information system flaws; b.Tests software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; c.Installs security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates; and d.Incorporates flaw remediation into the organizational configuration management process.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Flaw Remediation (SI-2).
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.fedramp_high_si_2Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.fedramp_high_si_2 --shareControls
- Ensure that 'HTTP Version' is the latest, if used to run the Function app
- Ensure that 'HTTP Version' is the latest, if used to run the Web app
- System updates should be installed on your machines
- A vulnerability assessment solution should be enabled on your virtual machines
- Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version
- Azure Defender for App Service should be enabled
- Microsoft Defender for Containers should be enabled
- Azure Defender for Key Vault should be enabled
- Azure Defender for Resource Manager should be enabled
- Azure Defender for servers should be enabled
- Azure Defender for Azure SQL Database servers should be enabled
- Microsoft Defender for Storage (Classic) should be enabled
- SQL databases should have vulnerability findings resolved