Benchmark: Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Description
It focuses on hardening your organization’s systems such as servers, network devices, applications, firewalls, wireless access points, etc. Most of the operating systems and devices come with factory default setting such as usernames, passwords, and other insecure configuration parameters. These default usernames and passwords are simple to guess, and most are even published on the Internet.Such default passwords and other security parameters are not permissible per this requirement. This requirement also asks to maintain an inventory of all the systems, configuration/hardening procedures. These procedures need to be followed every time a new system is introduced in the IT infrastructure.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_2Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_2 --shareBenchmarks
- 2.1 Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing a system on the network
- 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards