Benchmark: System Development Life Cycle (SA-3)
Description
Manages the information system using Assignment: organization-defined system development life cycle that incorporates information security considerations; defines and documents information security roles and responsibilities throughout the system development life cycle; identifies individuals having information security roles and responsibilities; and integrates the organizational information security risk management process into system development life cycle activities.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select System Development Life Cycle (SA-3).
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.nist_800_53_rev_5_sa_3
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.nist_800_53_rev_5_sa_3 --share
Controls
- Ensure '3625 (trace flag)' database flag for Cloud SQL SQL Server instance is set to 'off'
- Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
- Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured