Benchmark: Identification of Risks Related to External Parties
Description
The risks to the organization's information and information assets from business processes involving external parties shall be identified, and appropriate controls implemented before granting access.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select Identification of Risks Related to External Parties.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.hipaa_hitrust_v92_identification_of_risks_related_to_external_parties
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.hipaa_hitrust_v92_identification_of_risks_related_to_external_parties --share
Benchmarks
- Access to the organizations information and systems by external parties
- Remote access connections between the organization and external parties are encrypted
- Access granted to external parties is limited to the minimum necessary and granted only for the duration required
- The identification of risks related to external party access takes into account a minimal set of specifically defined issues