Benchmark: Boundary Protection (SC-7)
Description
The information system: a. Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system; b. Implements subnetworks for publicly accessible system components that are [Selection: physically; logically] separated from internal organizational networks; and c. Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select Boundary Protection (SC-7).
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.nist_800_53_rev_5_sc_7
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.nist_800_53_rev_5_sc_7 --share
Controls
- Ensure that IP forwarding is not enabled on Instances
- Check for open firewall rules allowing RDP from the internet
- Check for open firewall rules allowing SSH from the internet