Rule: At Least One Enabled Trail Should Be Present in a Region

This rule ensures the presence of at least one enabled CloudTrail trail in a specific region.

Rule	At least one enabled trail should be present in a region
Framework	FedRAMP Moderate Revision 4
Severity	✔ Low

Rule Description:

This rule requires that there should be at least one enabled trail present in a specific region to comply with the FedRAMP Moderate Revision 4 security standards. The purpose of this rule is to ensure that logging and monitoring capabilities are in place to track and detect any suspicious activities or security breaches within the region.

Troubleshooting Steps:

If this rule is not compliant, the following troubleshooting steps can be performed:

1.
Check if there are any trails enabled in the specific region.

2.
Ensure that the region where the rule is applied is correct.

3.
Verify the status of the trails and ensure they are enabled.

4.
If no trails are present or enabled, follow the remediation steps below.

Remediation:

To remediate this issue and ensure compliance with the rule, follow the step-by-step guide below:

Step 1: Create an AWS CloudTrail Trail

1.
Open the AWS Management Console.

2.
Go to the CloudTrail service.

3.
Click on "Trails" in the left-hand navigation menu.

4.
Click on "Create trail".

5.
Provide a unique name for the trail.

6.
Select the desired region where the rule is applied.

7.
Choose the appropriate settings for the trail, such as logging all management events, data events, or specific S3 buckets.

8.
Configure the storage location for the trail logs.

9.
Enable log file validation to ensure data integrity.

10.
(Optional) Enable CloudWatch Logs integration for real-time monitoring.

11.
Click on "Create trail" to create the new trail.

Step 2: Enable the AWS CloudTrail Trail

1.
In the CloudTrail service, go to "Trails".

2.
Select the newly created trail.

3.
Click on "Actions" and select "Enable trail".

4.
Confirm the region and click "Enable" to enable the trail.

Step 3: Verify Compliance

1.
Navigate back to the AWS Security Hub console.

2.
Go to the specific region where the rule is applied.

3.
Click on "Standards" in the left-hand navigation menu.

4.
Find the "FedRAMP Moderate Revision 4" standard.

5.
Check the compliance status for this rule.

6.
Verify if the trail is enabled and compliant with the rule.

By following these steps, you will be able to create and enable a CloudTrail trail in the specific region, ensuring compliance with the FedRAMP Moderate Revision 4 security standards.

Rule: At Least One Enabled Trail Should Be Present in a Region

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 1: Create an AWS CloudTrail Trail

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 2: Enable the AWS CloudTrail Trail

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 3: Verify Compliance

Is your System Free of Underlying Vulnerabilities? Find Out Now

Step 1: Create an AWS CloudTrail Trail

Step 2: Enable the AWS CloudTrail Trail

Step 3: Verify Compliance

Is your System Free of Underlying Vulnerabilities?
Find Out Now