Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: GuardDuty should be enabled

This rule states that GuardDuty should be enabled to ensure high security compliance.

RuleGuardDuty should be enabled
FrameworkFedRAMP Moderate Revision 4
Severity
High

Rule Description: Enable GuardDuty for FedRAMP Moderate Revision 4

GuardDuty is a managed threat detection service provided by Amazon Web Services (AWS). Enabling GuardDuty for FedRAMP Moderate Revision 4 helps organizations maintain compliance with the FedRAMP security requirements.

When GuardDuty is enabled, it continuously monitors AWS accounts for suspicious activities or potential security vulnerabilities. It automates the process of threat detection and provides alerts for potential security incidents. GuardDuty helps organizations identify potential threats, such as unauthorized access attempts, malware, botnets, or data exfiltration.

By enabling GuardDuty for FedRAMP Moderate Revision 4, organizations can proactively identify and respond to security threats to ensure the security and compliance of their AWS environments.

Troubleshooting Steps:

  1. 1.

    Verify FedRAMP Compliance: Ensure that the AWS environment complies with the requirements of FedRAMP Moderate Revision 4. Review the security controls and configurations to confirm adherence to the necessary guidelines.

  2. 2.

    Check IAM Permissions: Verify that the AWS Identity and Access Management (IAM) roles and policies have the necessary permissions to enable GuardDuty and access GuardDuty findings.

  3. 3.

    Confirm Account Region: Ensure that GuardDuty is available in the region where the AWS account is located. Some AWS services may not be available in all regions.

  4. 4.

    Review AWS GuardDuty Documentation: Consult the AWS GuardDuty documentation for any specific troubleshooting steps or known issues related to enabling the service for FedRAMP Moderate Revision 4.

Necessary Codes:

There are no specific codes required for enabling GuardDuty for FedRAMP Moderate Revision 4. The configuration can be done through the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDKs.

Step-by-Step Guide for Remediation:

  1. 1.

    Sign in to the AWS Management Console using your AWS account credentials.

  2. 2.

    Navigate to the GuardDuty service by typing "GuardDuty" in the services search bar and selecting "GuardDuty" from the suggested options.

  3. 3.

    On the GuardDuty dashboard, click on "Get Started" or "Enable GuardDuty" button.

  4. 4.

    Choose the AWS region where you want to enable GuardDuty. Ensure that the selected region is available and compatible with FedRAMP Moderate Revision 4.

  5. 5.

    Configure the "Enable GuardDuty" settings according to your requirements. If you are unsure about the settings, refer to the AWS GuardDuty documentation or consult with your organization's IT or security team.

  6. 6.

    Review the summary of the configuration and click on "Enable GuardDuty" to initiate the setup process.

  7. 7.

    Once GuardDuty is enabled, you can start monitoring for security threats and receiving alerts on the GuardDuty dashboard.

  8. 8.

    Configure appropriate alert notifications, such as configuring Amazon Simple Notification Service (SNS) topics, to receive notifications for GuardDuty findings.

  9. 9.

    Regularly review GuardDuty findings and take necessary actions to address any potential security threats or vulnerabilities identified by the service.

Note: It is recommended to regularly review the AWS documentation and stay updated with the latest GuardDuty features, enhancements, and best practices to optimize the usage of the service and ensure continuous security and compliance with FedRAMP Moderate Revision 4.

Is your System Free of Underlying Vulnerabilities?
Find Out Now