Profile Applicability:
Level 1
Description:
The deployment environment should be designed and managed so that it can be reliably recreated or reproduced from source configurations, code, and infrastructure definitions. This includes using infrastructure as code (IaC), configuration management tools, and automated deployment pipelines to ensure consistency across environments and reduce manual errors.
Rationale:
Reproducible environments help avoid configuration drift, reduce deployment errors, and enable rapid recovery or scaling. They support consistent testing, facilitate troubleshooting, and improve overall operational efficiency and security posture.
Impact:
Pros:
Ensures consistency between development, testing, and production environments.
Reduces manual configuration errors and deployment failures.
Enables rapid disaster recovery and scaling.
Facilitates auditability and compliance through documented infrastructure.
Cons:
Requires initial setup and investment in automation tools and processes.
May introduce complexity for teams unfamiliar with automation or IaC.
Default value:
Deployment environments are often manually configured, which can lead to inconsistencies and errors.
Audit:
Review deployment processes and infrastructure configurations to verify the use of automated tools and scripts that enable environment reproducibility. Validate documentation and version control for infrastructure definitions.
Remediation:
Implement infrastructure as code and configuration management practices. Use automated deployment pipelines and maintain version-controlled configuration files. Train teams on best practices for reproducible environments.
References:
HashiCorp Terraform Documentation: https://www.terraform.io/docs/index.html
AWS CloudFormation User Guide: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html
CIS Controls v8, Control 6 – Maintenance, Monitoring, and Analysis of Audit Logs: https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/