all InfoSec news
Does it make sense to enforce users to resolve issues generated by IaC scanning tools when all they report are best practice violations?
April 5, 2024, 7:04 p.m. | /u/cmellazchy
cybersecurity www.reddit.com
I have noticed that all the IaC scanning tools scan for best practices violations based on compliance framework policies like CIS Benchmarks or NIST cybersecurity framework policies etc.
For example, this is an issue which is modeled after a CIS AWS Benchmark policy:
>Ensure EC2 instance has IAM role.
In one of the tools I was looking at, this issue is reported …
best practice best practices compliance compliance framework cybersecurity engineer framework generated iac policies practice practices report scan scanning security security engineer tools work
More from www.reddit.com / cybersecurity
How does hiring in APT groups work?
14 hours ago |
www.reddit.com
State of WiFi Security in 2024
15 hours ago |
www.reddit.com
Prioritize Blue Team for Cybersecurity Success
17 hours ago |
www.reddit.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC