Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Enable GuardDuty

Ensure GuardDuty is enabled for high-level system and communication protection compliance.

RuleGuardDuty should be enabled
FrameworkFedRAMP Low Revision 4
Severity
High

Rule Description:

The GuardDuty service should be enabled for FedRAMP Low Revision 4 compliance. GuardDuty is an Amazon Web Services (AWS) managed threat detection service that continuously monitors for suspicious activity, malicious behavior, and unauthorized access in your AWS environment. By enabling GuardDuty, you can enhance the security of your cloud infrastructure and comply with the security requirements set forth by FedRAMP Low Revision 4.

Troubleshooting Steps:

If GuardDuty is not enabled for FedRAMP Low Revision 4, follow the troubleshooting steps below to enable it:

  1. 1.

    Access the AWS Management Console and log in to your AWS account with appropriate credentials.

  2. 2.

    Navigate to the GuardDuty service using the search bar or by selecting it from the list of services.

  3. 3.

    In the GuardDuty console, click on the "Enable GuardDuty" button.

  4. 4.

    Review the configuration options and ensure that the detection level is set to the appropriate level for FedRAMP Low Revision 4 compliance.

  5. 5.

    Configure the appropriate S3 bucket for storing findings and/or enable Amazon SNS notifications for timely alerts.

  6. 6.

    Select the AWS accounts or organization units that should be monitored by GuardDuty. Ensure that all relevant accounts are included and properly configured.

  7. 7.

    Click on the "Enable GuardDuty" button to activate the service.

  8. 8.

    Once enabled, GuardDuty will start monitoring your AWS environment for threats and generating findings.

  9. 9.

    Regularly review the GuardDuty findings and take necessary actions to remediate any security issues detected.

Necessary Codes:

No specific codes are required to enable GuardDuty for FedRAMP Low Revision 4 compliance. The configuration is done through the AWS Management Console.

Step-by-Step Guide for Remediation:

Step 1: Access AWS Management Console

  1. 1.

    Open a web browser and visit the AWS Management Console.

  2. 2.

    Enter your AWS account credentials and click "Sign In".

Step 2: Navigate to GuardDuty

  1. 1.

    In the AWS Management Console, use the search bar at the top and search for "GuardDuty".

  2. 2.

    Click on the "GuardDuty" service from the search results.

Step 3: Enable GuardDuty

  1. 1.

    In the GuardDuty console, click on the "Enable GuardDuty" button located in the upper right corner.

  2. 2.

    Review the configuration options on the Enable GuardDuty page.

  3. 3.

    Ensure that the detection level is set to the appropriate level for FedRAMP Low Revision 4 compliance.

  4. 4.

    Configure the findings storage by selecting the appropriate S3 bucket or enable Amazon SNS notifications for alerts.

  5. 5.

    Select the AWS accounts or organization units that should be monitored by GuardDuty.

  6. 6.

    Once all configurations are done, click on the "Enable GuardDuty" button to activate the service.

Step 4: Review and Remediate Findings

  1. 1.

    Once GuardDuty is enabled, it will start monitoring your AWS environment for threats.

  2. 2.

    Regularly review the GuardDuty findings in the GuardDuty console.

  3. 3.

    Investigate each finding to determine its severity and impact.

  4. 4.

    Take necessary actions to remediate any security issues identified by GuardDuty.

  5. 5.

    Continuously monitor and review GuardDuty findings to maintain compliance with FedRAMP Low Revision 4.

Conclusion:

Enabling GuardDuty for FedRAMP Low Revision 4 compliance provides continuous monitoring for suspicious activity, malicious behavior, and unauthorized access in your AWS environment. By following the step-by-step guide and regularly reviewing and remediating GuardDuty findings, you can strengthen the security posture of your cloud infrastructure and adhere to FedRAMP Low Revision 4 requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now