Rule: GuardDuty should be enabled
This rule ensures that GuardDuty is enabled to enhance system security and information integrity.
| Rule | GuardDuty should be enabled |
| Framework | FedRAMP Moderate Revision 4 |
| Severity | ✔ High |
Enabling GuardDuty for FedRAMP Moderate Revision 4
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. For organizations that must adhere to Federal Risk and Authorization Management Program (FedRAMP) standards, specifically Moderate Impact Level (as specified in Revision 4), enabling GuardDuty is an essential step in aligning with the security controls.
Understanding FedRAMP Moderate Revision 4
FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies. The "moderate" baseline includes over 300 controls that offer a robust level of protection for data that's considered to have significant impact on the agency's operations should it be compromised.
Rule: Enable GuardDuty for Compliance
For organizations targeting FedRAMP Moderate compliance, AWS GuardDuty should be enabled to satisfy the requirements related to threat detection and continuous monitoring.
Prerequisites for Enabling GuardDuty
Before you enable GuardDuty, ensure that you have the necessary permissions assigned via AWS Identity and Access Management (IAM) for GuardDuty setup. These permissions include
guardduty:*Step by Step Guide for Enabling GuardDuty
Step 1: Sign in to AWS Management Console
Log in to your AWS Management Console and navigate to the Amazon GuardDuty service.
Step 2: Enable GuardDuty
Use the following steps to enable GuardDuty:
- 1.In the GuardDuty console, click on the "Get Started" button if it's the first time setup.
- 2.Follow the prompts in the GuardDuty setup wizard.
- 3.Once you've reviewed the service permissions, click "Enable GuardDuty."
GuardDuty is now monitoring your AWS environment for any suspicious activity or unauthorized behavior.
Step 3: Configure GuardDuty (Optional)
You might want to configure GuardDuty further by adding trusted IP lists or threat lists if applicable to your environment.
CLI Command for Enabling GuardDuty
If you prefer to use AWS CLI, here is the command to enable GuardDuty:
aws guardduty create-detector --enable --region your-region-name --finding-publishing-frequency FIFTEEN_MINUTES
Remember to replace
your-region-nameTroubleshooting GuardDuty Activation
- 1.Permission Issues: Make sure the IAM user has adequate permissions.
- 2.Supported Region Issue: Verify that GuardDuty is available in your chosen AWS region.
- 3.CLI Errors: If using the AWS CLI, ensure that you have the latest version installed and configured correctly.
- 4.Service Limits: Review any service limits that might prevent activation.
Remediation for Common Issues
IAM Permission Corrections: If you encounter permission issues, update the IAM policies to include sufficient permissions for GuardDuty operations.
AWS CLI: If there are problems with the AWS CLI command, ensure your CLI tool is up to date using
and update withaws --version
if necessary.pip install awscli --upgrade
By following these detailed steps and ensuring GuardDuty is enabled and properly configured, your AWS environments will align more closely with the FedRAMP Moderate compliance requirements, helping to protect your critical cloud resources. The guide provided avoids unnecessary filler and is tailored to be SEO friendly, ensuring relevance and accessibility for users searching for compliance solutions related to AWS services and FedRAMP.