Description:

This policy enables frequent system updates and scans for all production IT infrastructure. This will help to keep the organization's systems up-to-date with the latest security patches and identify any vulnerabilities that may be present.

Rationale:

Keeping systems up-to-date with the latest security patches is essential for preventing cyberattacks. By identifying and remediating vulnerabilities, organizations can reduce their risk of being hacked. This policy is important because it ensures that all of the organization's production IT infrastructure is updated and scanned on a regular basis.

Impact:

The impact of enabling frequent system updates and scans configured will vary depending on the specific vulnerabilities that are found. However, in general, this policy will help to improve the security of the organization's infrastructure and reduce the risk of cyberattacks.

Default Value:

AWS will initially recommend that system updates and scans be enabled for all production IT infrastructure. However, organizations may choose to disable system updates and scans for certain resources, such as those that are not exposed to the internet.

Pre-requisites:

To enable frequent system updates and scans configured, the following pre-requisites must be met:

  • The organization must have an AWS account.
  • The organization must have the appropriate permissions to enable system updates and scans.
  • The organization must have a system update and scan process in place.

Remediation Steps:

If any vulnerabilities are found during the system update and scan process, the organization must take steps to remediate them. The remediation steps will vary depending on the specific vulnerability.

Test Plan:

The organization should develop a test plan to verify that the system update and scan process is working properly. The test plan should include steps to verify that all of the production IT infrastructure is being updated and scanned and that any vulnerabilities that are found are being properly remediated.

Implementation Plan:

The organization should develop an implementation plan to enable frequent system updates and scans configured. The implementation plan should include steps to configure the system update and scan process, schedule the system updates and scans, and notify the appropriate personnel of any vulnerabilities that are found.

AWS CLI Process:

To enable frequent system updates and scans configured using the AWS CLI, the following command can be used:

aws configure set update_frequency daily aws configure set scan_configuration daily

Using AWS GUI:

To enable frequent system updates and scans configured using the AWS GUI, the following steps can be followed:

  1. Go to the AWS Systems Manager console.
  2. Click on the "Settings" tab.
  3. Click on the "Update frequency" and "Scan configuration" settings.
  4. Set the update frequency to "Daily" and the scan configuration to "Daily".
  5. Click on the "Save" button.

Backout Plan:

If the system update and scan process is not working properly or if any vulnerabilities are found that cannot be remediated, the organization may need to back out of the policy. To do this, the organization can reset the update frequency and scan configuration to their default values.

Note:

  • This policy is not intended to be a comprehensive guide to system updates and scans. For more information, please refer to the AWS Systems Manager documentation.
  • This policy is subject to change.

Reference:

  • AWS Systems Manager documentation: https://docs.aws.amazon.com/systems-manager/latest/userguide/

Section 2:

  • Tags and Keywords: system updates, scans, security