Back to All Checks
High SSM Regional

EC2 instances managed by Systems Manager should have a patch compliance status of COMPLIANT after a patch installation

PCI DSSNIST

Description

This control checks the compliance status of Systems Manager patch compliance on EC2 instances.

Remediation

To remediate non-compliant patches, install the required patches on your noncompliant instances using the AWS Systems Manager console.

Steps

  1. Open the AWS Systems Manager console.
  2. Choose Run Command, then choose Run command.
  3. Select AWS-RunPatchBaseline and change the Operation to Install.
  4. Choose the noncompliant instances and run the command.
  5. Monitor the new compliance status in the Compliance section.

Compliance

PCI DSSNIST
Start Your Free Security Check