Simplifying Zero Trust Security for AWS with Teleport
Jan 23
Virtual
Register Now
Teleport logoTry For Free
Background image
Compliance

Streamlining SOC 2 Compliance

Easily implement access controls required to ace your SOC 2 audit

SOC 2 Logo

SOC (Service Organization Control) 2 Type II is a widely recognized auditing standard, developed by the American Institute of Certified Public Accountants (AICPA),that focuses on a service organization's controls related to security, availability, processing integrity, confidentiality, and privacy. Achieving SOC 2 Type II compliance for cloud infrastructure requires a comprehensive approach that includes implementing various controls, processes, and policies.

Need SOC 2 Help?

Get in touch

Teleport Features for SOC 2 Controls

Logical & Physical Access (CC6)

Control Name

ID

Teleport Capability

Restricts Logical Access

CC6.1

Teleport Enterprise supports robust Role-based Access Controls (RBAC) to:

  • Control which SSH nodes a user can or cannot access.
  • Control cluster level configuration (session recording, configuration, etc.)
  • Control which UNIX logins a user is allowed to use when logging into a server.

Identifies and Authenticates Users

CC6.1

Teleport provides role-based access controls (RBAC) using short-lived certificates, integrated with your existing identity management service. Connecting locally or remotely is just as easy.

Considers Network Segmentation

CC6.1

Teleport enables Beyond Corp, Zero Trust network segmentation

Teleport connects to nodes behind firewalls or creates reverse tunnels to a proxy server

Manages Points of Access

CC6.1

  • Label Nodes to inventory and create rules
  • Create Labels from AWS Tags
  • Teleport maintains a live list of all nodes within a cluster. This node list can be queried by users (who see a subset they have access to) and administrators any time.


Restricts Access to Information Assets

CC6.1

Teleport uses certificates to grant access and create access control rules

Manages Identification and Authentication

CC6.1

Teleport makes setting policies for SSH requirements and other protocols easy since it works in the cloud and on premise with the same authentication security standards.

Manages Credentials for Infrastructure and Software

CC6.1

Invite nodes to your cluster with short lived tokens.

Uses Encryption to Protect Data

CC6.1

Teleport Audit logs can use DynamoDB encryption at rest.

Protects Encryption Keys

CC6.1

Teleport acts as a Certificate Authority to issue SSH and x509 user certificates that are signed by the CA and are (by default) short-lived.

Controls Access Credentials to Protected Assets

CC6.2

Request Approval from the command line

Build Approval Workflows

Send approvals to tools like Slack or Jira

Removes Access to Protected Assets When Appropriate

CC6.2

Teleport issues temporary credentials based on an employees role and are revoked upon job change, termination or end of a maintenance window

Reviews Appropriateness of Access Credentials

CC6.2

Teleport maintains a live list of all nodes within a cluster. This node list can be queried by users (who see a subset they have access to) and administrators any time.

Creates or Modifies Access to Protected Information Assets

CC6.3

Build Approval Workflows to get authorization from asset owners.

Removes Access to Protected Information Assets

CC6.3

Teleport uses temporary credentials and can be integrated with your version control system or even your HR system to revoke access with the Workflow API

Uses Role-Based Access Controls

CC6.3

Role based access control ("RBAC") allows Teleport administrators to grant granular access permissions to users.

Reviews Access Roles and Rules

CC6.3

Teleport maintains a live list of all nodes within a cluster. This node list can be queried by users (who see a subset they have access to) and administrators any time.

Restricts Access

CC6.6

Teleport makes it easy to restrict access to common ports like 21, 22 and instead have users tunnel to the server using Teleport. Teleport uses the following default ports.

Protects Identification and Authentication Credentials

CC6.6

Teleport protects credentials outside your network allowing for Zero Trust network architecture

Requires Additional Authentication or Credentials

CC6.6

Teleport can manage MFA with TOTP or U2F Standards or connect to your Identity Provider using SAML, OAUTH or OIDC.

Implements Boundary Protection Systems

CC6.6

Teleport offers a trusted clusters concept to manage trust across arbitrary infrastructure boundaries.

Uses Encryption Technologies or Secure Communication Channels to Protect Data

CC6.7

Teleport has strong encryption including a FedRAMP compliant FIPS mode.

System Operations (CC7)

Control Name

ID

Teleport Capability

Implements Detection Policies, Procedures, and Tools

CC7.2

Teleport creates detailed SSH Audit Logs with Metadata

Use Enhanced Session Recording to catch malicious program execution

Designs Detection Measures

CC7.2

Use Enhanced Session Recording to catch malicious program execution, capture TCP connections and log programs accessing files on the system the should not be accessing.

Communicates and Reviews Detected Security Events

CC7.3

Use Session recording to replay and review suspicious sessions.

Develops and Implements Procedures to Analyze Security Incidents

CC7.3

Analyze detailed logs and replay recorded sessions to determine impact. See exactly what files were accessed during an incident.

Contains Security Incidents

CC7.4

Use Teleport to quickly revoke access and contain an active incident.

Use Shared Sessions so Multiple On-Call Engineers can collaborate and fight fires together.

Ends Threats Posed by Security Incidents

CC7.4

Use Teleport to quickly revoke access and contain an active incident.

Obtains Understanding of Nature of Incident and Determines Containment Strategy

CC7.4

Use Teleport's Session Recording and Replay along with logs to understand what actions led to an incident.

Evaluates the Effectiveness of Incident Response

CC7.4

Use audit logs and session recordings to find pain points in your incident response plan and improve effectiveness.

Periodically Evaluates Incidents

CC7.4

Use Session recording and audit logs to find patterns that lead to incidents.

Determines Root Cause of the Event

CC7.5

Use Session recording and audit logs to find root cause.

Improves Response and Recovery Procedures

CC7.5

Replay Session recordings at your 'after action review' or postmortem meetings.

Additional Resources

Blog Post

The NIS2 Directive is Here. What Happens Next?

Webinar

2024 Secure Infrastructure Access Report: Key Insights and Trends

Webinar

Navigating Access Challenges in Kubernetes-Based Infrastructure

Try Teleport today

In the cloud, self-hosted, or open source.
View developer docs

Get Started
pam