SOC 2 (Service Organization Control 2) Type II is a widely recognized auditing standard that focuses on a service organization's controls related to security, availability, processing integrity, confidentiality, and privacy. Achieving SOC 2 Type II compliance for cloud infrastructure requires a comprehensive approach that includes implementing various controls, processes, and policies. The following checklist provides a simple preview as you embark upon your SOC 2 compliance journey:
Reduce overhead with Teleport's infrastructure auto-discovery and SSO integration for automated onboarding and offboarding of employees.
Go beyond the minimum requirements with Teleport's built-in security controls, including multi-factor authentication, role-based access controls, and session recording.
Continuously monitor with Teleport's audit log and session recording capabilities, providing a complete record of all user activity.
SOC 2 Type II Control | How Teleport Helps Compliance |
---|---|
CC6.1 - Restricts Logical AccessLogical access to information assets, including hardware, data (at-rest, during processing, or in transmission), software, administrative authorities, mobile devices, output, and offline system components is restricted through the use of access control software and rule sets. | Teleport Enterprise supports robust Role-based Access Controls (RBAC) to:
|
CC6.1 - Identifies and Authenticates UsersPersons, infrastructure, and software are identified and authenticated prior to accessing information assets, whether locally or remotely. | Provide role-based access controls (RBAC) using short-lived certificates and your existing identity management service. Connecting locally or remotely is just as easy. |
CC6.1 - Considers Network SegmentationNetwork segmentation permits unrelated portions of the entity's information system to be isolated from each other. | Teleport enables Beyond Corp, Zero Trust network segmentation Connect to nodes behind firewalls or create reverse tunnels to a proxy server |
CC6.1 - Manages Points of AccessPoints of access by outside entities and the types of data that flow through the points of access are identified, inventoried, and managed. The types of individuals and systems using each point of access are identified, documented, and managed. | Label Nodes to inventory and create rules Create Labels from AWS Tags Teleport maintains a live list of all nodes within a cluster. This node list can be queried by users (who see a subset they have access to) and administrators any time. |
CC6.1 - Restricts Access to Information AssetsCombinations of data classification, separate data structures, port restrictions, access protocol restrictions, user identification, and digital certificates are used to establish access-control rules for information assets. | Teleport uses Certificates to grant access and create access control rules |
CC6.1 - Manages Identification and AuthenticationIdentification and authentication requirements are established, documented, and managed for individuals and systems accessing entity information, infrastructure, and software. | Teleport makes setting policies for SSH requirements easy since it works in the cloud and on premise with the same authentication security standards. |
CC6.1 - Manages Credentials for Infrastructure and SoftwareNew internal and external infrastructure and software are registered, authorized, and documented prior to being granted access credentials and implemented on the network or access point. Credentials are removed and access is disabled when access is no longer required or the infrastructure and software are no longer in use. | |
CC6.1 - Uses Encryption to Protect DataThe entity uses encryption to supplement other measures used to protect data at rest, when such protections are deemed appropriate based on assessed risk. | Teleport Audit logs can use DynamoDB encryption at rest. |
CC6.1 - Protects Encryption KeysProcesses are in place to protect encryption keys during generation, storage, use, and destruction. | Teleport acts as a Certificate Authority to issue SSH and x509 user certificates that are signed by the CA and are (by default) short-lived. |
CC6.2 - Controls Access Credentials to Protected AssetsInformation asset access credentials are created based on an authorization from the system's asset owner or authorized custodian. | |
CC6.2 - Removes Access to Protected Assets When AppropriateProcesses are in place to remove credential access when an individual no longer requires such access. | |
CC6.2 - Reviews Appropriateness of Access CredentialsThe appropriateness of access credentials is reviewed on a periodic basis for unnecessary and inappropriate individuals with credentials. | Teleport maintains a live list of all nodes within a cluster. This node list can be queried by users (who see a subset they have access to) and administrators any time. |
CC6.3 - Creates or Modifies Access to Protected Information AssetsProcesses are in place to create or modify access to protected information assets based on authorization from the asset's owner. | Build Approval Workflows to get authorization from asset owners. |
CC6.3 - Removes Access to Protected Information AssetsProcesses are in place to remove access to protected information assets when an individual no longer requires access. | Teleport uses temporary credentials and can be integrated with your version control system or even your HR system to revoke access with the Workflow API |
CC6.3 - Uses Role-Based Access ControlsRole-based access control is utilized to support segregation of incompatible functions. | |
CC6.3 - Reviews Access Roles and RulesThe appropriateness of access roles and access rules is reviewed on a periodic basis for unnecessary and inappropriate individuals with access and access rules are modified as appropriate. | Teleport maintains a live list of all nodes within a cluster. This node list can be queried by users (who see a subset they have access to) and administrators any time. |
CC6.6 - Restricts AccessThe types of activities that can occur through a communication channel (for example, FTP site, router port) are restricted. | Teleport makes it easy to restrict access to common ports like 21, 22 and instead have users tunnel to the server using Teleport. Teleport uses the following default ports. |
CC6.6 - Protects Identification and Authentication CredentialsIdentification and authentication credentials are protected during transmission outside system boundaries. | Yes, Teleport protects credentials outside your network allowing for Zero Trust network architecture |
CC6.6 - Requires Additional Authentication or CredentialsAdditional authentication information or credentials are required when accessing the system from outside its boundaries. | |
CC6.6 - Implements Boundary Protection SystemsBoundary protection systems (for example, firewalls, demilitarized zones, and intrusion detection systems) are implemented to protect external access points from attempts and unauthorized access and are monitored to detect such attempts. | Teleport offers a trusted clusters concept to manage trust across arbitrary infrastructure boundaries. |
CC6.7 - Uses Encryption Technologies or Secure Communication Channels to Protect DataEncryption technologies or secured communication channels are used to protect transmission of data and other communications beyond connectivity access points. | Teleport has strong encryption including a FedRAMP compliant FIPS mode |
CC7.2 - Implements Detection Policies, Procedures, and ToolsProcesses are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software. | Teleport creates detailed SSH Audit Logs with Metadata Use Enhanced Session Recording to catch malicious program execution |
CC7.2 - Designs Detection MeasuresDetection measures are designed to identify anomalies that could result from actual or attempted (1) compromise of physical barriers; (2) unauthorized actions of authorized personnel; (3) use of compromised identification and authentication credentials; (4) unauthorized access from outside the system boundaries; (5) compromise of authorized external parties; and (6) implementation or connection of unauthorized hardware and software. | |
CC7.3 - Communicates and Reviews Detected Security EventsDetected security events are communicated to and reviewed by the individuals responsible for the management of the security program and actions are taken, if necessary. | Use Session recording to replay and review suspicious sessions. |
CC7.3 - Develops and Implements Procedures to Analyze Security IncidentsProcedures are in place to analyze security incidents and determine system impact. | |
CC7.4 - Contains Security IncidentsProcedures are in place to contain security incidents that actively threaten entity objectives. | Use Teleport to quickly revoke access and contain an active incident. Use Shared Sessions so Multiple On-Call Engineers can collaborate and fight fires together. |
CC7.4 - Ends Threats Posed by Security IncidentsProcedures are in place to mitigate the effects of ongoing security incidents. | Use Teleport to quickly revoke access and contain an active incident. |
CC7.4 - Obtains Understanding of Nature of Incident and Determines Containment StrategyAn understanding of the nature (for example, the method by which the incident occurred and the affected system resources) and severity of the security incident is obtained to determine the appropriate containment strategy, including (1) a determination of the appropriate response time frame, and (2) the determination and execution of the containment approach. | |
CC7.4 - Evaluates the Effectiveness of Incident ResponseThe design of incident-response activities is evaluated for effectiveness on a periodic basis. | |
CC7.4 - Periodically Evaluates IncidentsPeriodically, management reviews incidents related to security, availability, processing integrity, confidentiality, and privacy and identifies the need for system changes based on incident patterns and root causes. | Use Session recording and audit logs to find patterns that lead to incidents |
CC7.5 - Determines Root Cause of the EventThe root cause of the event is determined. | |
CC7.5 - Improves Response and Recovery ProceduresLessons learned are analyzed and the incident-response plan and recovery procedures are improved. | Replay Session recordings at your 'after action review' or postmortem meetings |