Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Security Groups Should Restrict Ingress TCP and UDP Access from 0.0.0.0/0

This rule ensures that VPC security groups limit inbound traffic to specified IP range, enhancing network security.

RuleVPC security groups should restrict ingress TCP and UDP access from 0.0.0.0/0
FrameworkGxP 21 CFR Part 11
Severity
High

Rule Description:

This rule enforces the restriction of ingress TCP and UDP access from the open IP range 0.0.0.0/0 for GxP (Good Practices) compliance, specifically for the requirements outlined in 21 CFR Part 11.

Troubleshooting Steps:

If there are any issues related to this rule, you may encounter the following situations:

  1. 1.
    Misconfigured security group: Check if the security group associated with the VPC is misconfigured and does not have the necessary ingress restrictions.
  2. 2.
    Incorrect IP range: Verify if the IP range 0.0.0.0/0 is not properly restricted for TCP and UDP ingress traffic.
  3. 3.
    Missing GxP compliance: Ensure that the TCP and UDP access restrictions are not missing for the GxP compliance as specified in 21 CFR Part 11.

Necessary Codes:

There are no specific codes required for this rule. However, you need to modify the existing security group settings.

Step-by-Step Guide for Remediation:

  1. 1.
    Access the AWS Management Console.
  2. 2.
    Navigate to the VPC (Virtual Private Cloud) dashboard.
  3. 3.
    Choose the appropriate VPC where the security group is located.
  4. 4.
    From the left menu, select "Security Groups".
  5. 5.
    Identify the security group that requires modification based on the GxP 21 CFR Part 11 regulations.
  6. 6.
    Select the security group to view its details and rules.
  7. 7.
    Review the existing inbound rules and ensure there are no TCP or UDP access rules from the IP range 0.0.0.0/0.
  8. 8.
    If there are any existing rules allowing TCP or UDP access from 0.0.0.0/0, click on the "Edit" button or the rule itself.
  9. 9.
    Modify the rule to restrict access from specific IP ranges or addresses that comply with GxP 21 CFR Part 11 guidelines.
  10. 10.
    Save the modified rule.
  11. 11.
    Confirm that there are no other rules in the security group allowing unrestricted TCP and UDP access.
  12. 12.
    Repeat these steps for all necessary security groups within the VPC.

By following these steps, you will ensure the VPC security groups comply with the rule/policy of restricting ingress TCP and UDP access from 0.0.0.0/0 for GxP 21 CFR Part 11.

Is your System Free of Underlying Vulnerabilities?
Find Out Now