Benchmark: SI-4(a)(b)(c)
Description
The organization: a. Monitors the information system to detect: 1. Attacks and indicators of potential attacks in accordance with [Assignment: organization- defined monitoring objectives]; and 2. Unauthorized local, network, and remote connections; b. Identifies unauthorized use of the information system through [Assignment: organization- defined techniques and methods]; c. Deploys monitoring devices: i. strategically within the information system to collect organization-determined essential information; and (ii) at ad hoc locations within the system to track specific types of transactions of interest to the organization.
Usage
Browse dashboards and select SI-4(a)(b)(c):
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_compliance.benchmark.fedramp_moderate_rev_4_si_4_a_b_cSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.benchmark.fedramp_moderate_rev_4_si_4_a_b_cControls
- API Gateway stage should be associated with waf
- CloudTrail trails should be integrated with CloudWatch logs
- CloudWatch alarm should have an action configured
- EC2 instance detailed monitoring should be enabled
- ELB application load balancers should have Web Application Firewall (WAF) enabled
- GuardDuty should be enabled
- GuardDuty findings should be archived
- AWS Security Hub should be enabled for an AWS Account
- Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs)