Amazon Inspector Lambda standard scanning should be enabled
Description
This control verifies whether Amazon Inspector Lambda standard scanning is enabled. For a standalone account, the control fails if Amazon Inspector Lambda standard scanning is disabled in the account. In a multi-account environment, the control fails if the delegated Amazon Inspector administrator account and all member accounts do not have Lambda standard scanning enabled. In a multi-account environment, the control generates findings in only the delegated Amazon Inspector administrator account. Only the delegated administrator can enable or disable the Lambda standard scanning feature for member accounts in the organization. Amazon Inspector member accounts cannot modify this configuration from their accounts. The control generates FAILED findings if the delegated administrator has a suspended member account that does not have Amazon Inspector Lambda standard scanning enabled. To achieve a PASSED finding, the delegated administrator must disassociate these suspended accounts in Amazon Inspector.
Remediation
To remediate Amazon Inspector Lambda standard scanning, you need to enable Lambda standard scanning in Amazon Inspector.
Steps
- Navigate to the Amazon Inspector console
- Go to 'Settings' in the left navigation
- Select 'Lambda' under 'Scanning'
- Enable 'Lambda standard scanning'
- Configure scanning settings as needed
- Save the configuration
- Verify Lambda standard scanning is active
- For multi-account environments, ensure all member accounts have Lambda standard scanning enabled
- Disassociate any suspended accounts if needed
- Set up monitoring and alerting for scan results