Benchmark: Developer Configuration Management (SA-10)
The organization requires the developer of the information system, system component, or information system service to: a. Perform configuration management during system, component, or service [Selection (one or more): design; development; implementation; operation]; b. Document, manage, and control the integrity of changes to [Assignment: organization-defined configuration items under configuration management]; c. Implement only organization-approved changes to the system, component, or service; d. Document approved changes to the system, component, or service and the potential security impacts of such changes; and e. Track security flaws and flaw resolution within the system, component, or service and report findings to [Assignment: organization-defined personnel].
steampipe check aws_compliance.benchmark.fedramp_moderate_rev_4_sa_10
- EC2 instances should be managed by AWS Systems Manager
- GuardDuty should be enabled
- GuardDuty findings should be archived
- AWS Security Hub should be enabled for an AWS Account