all InfoSec news
Does it make sense to enforce users to resolve issues generated by IaC scanning tools when all they report are best practice violations?
April 5, 2024, 7:04 p.m. | /u/cmellazchy
cybersecurity www.reddit.com
I have noticed that all the IaC scanning tools scan for best practices violations based on compliance framework policies like CIS Benchmarks or NIST cybersecurity framework policies etc.
For example, this is an issue which is modeled after a CIS AWS Benchmark policy:
>Ensure EC2 instance has IAM role.
In one of the tools I was looking at, this issue is reported …
best practice best practices compliance compliance framework cybersecurity engineer framework generated iac policies practice practices report scan scanning security security engineer tools work
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Information Security Cyber Risk Analyst
@ Intel | USA - AZ - Chandler
Senior Cloud Security Engineer (Fullstack)
@ Grab | Petaling Jaya, Malaysia
Principal Product Security Engineer
@ Oracle | United States
Cybersecurity Strategy Director
@ Proofpoint | Sunnyvale, CA
Information Security Consultant/Auditor
@ Devoteam | Lisboa, Portugal
IT Security Engineer til Netcompany IT Services
@ Netcompany | Copenhagen, Denmark