Benchmark: System Development Life Cycle (SA-3)
The organization manages the information system using organization-defined system development life cycle, defines and documents information security roles and responsibilities throughout the system development life cycle, identifies individuals having information security roles and responsibilities and integrates the organizational information security risk management process into system development life cycle activities.
steampipe check aws_compliance.benchmark.fedramp_low_rev_4_sa_3
- CodeBuild project plaintext environment variables should not contain sensitive AWS values
- CodeBuild GitHub or Bitbucket source repository URLs should use OAuth
- EC2 instances should be managed by AWS Systems Manager