Benchmark: SI-4(a)(b)(c)
Description
The organization: a. Monitors the information system to detect: 1. Attacks and indicators of potential attacks in accordance with [Assignment: organization- defined monitoring objectives]; and 2. Unauthorized local, network, and remote connections; b. Identifies unauthorized use of the information system through [Assignment: organization- defined techniques and methods]; c. Deploys monitoring devices: i. strategically within the information system to collect organization-determined essential information; and (ii) at ad hoc locations within the system to track specific types of transactions of interest to the organization.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select SI-4(a)(b)(c).
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.fedramp_moderate_rev_4_si_4_a_b_c
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.fedramp_moderate_rev_4_si_4_a_b_c --share
Controls
- API Gateway stage should be associated with waf
- CloudTrail trails should be integrated with CloudWatch logs
- CloudWatch alarm should have an action configured
- EC2 instance detailed monitoring should be enabled
- ELB application load balancers should have Web Application Firewall (WAF) enabled
- GuardDuty should be enabled
- GuardDuty findings should be archived
- AWS Security Hub should be enabled for an AWS Account
- Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs)