Rule: At Least One Enabled Trail in a Region
This rule ensures at least one enabled CloudTrail trail is present in a specific region.
| Rule | At least one enabled trail should be present in a region |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Low |
Rule Description:
According to the GxP 21 CFR Part 11 regulations, at least one enabled trail should be present in each region. This rule ensures proper data integrity, traceability, and compliance with regulatory requirements.
Troubleshooting Steps:
If there is no enabled trail present in a region for GxP 21 CFR Part 11 compliance, follow these troubleshooting steps:
- 1.
Verify Logging and Monitoring Settings: Check if the logging and monitoring settings are properly configured for the region where the trail is missing. Ensure that the required logs are enabled and capturing the necessary activities.
- 2.
Check CloudTrail Configuration: Validate the CloudTrail configuration in the AWS Management Console or through the CLI. Ensure that the correct region is enabled, and the trail is active and tracking the appropriate events.
- 3.
Verify Trail Attributes: Review the settings and attributes of the existing trail in the region. Make sure that the trail has the necessary attributes specific to GxP 21 CFR Part 11 compliance, such as log file encryption, log file integrity validation, and retention period.
- 4.
Check IAM Roles and Permissions: Ensure that the IAM roles associated with CloudTrail have sufficient permissions to capture the required activities. Verify if the required IAM policies are attached to the IAM roles to grant access to the necessary resources.
- 5.
Ensure Service Integration: Ensure that the relevant AWS services used in the region are integrated with CloudTrail. Some services might require explicit configuration to send their logs to CloudTrail. Check the documentation for each AWS service to enable CloudTrail integration.
- 6.
Review Event Selector: Verify the event selector configuration for the trail. Confirm that it includes the events required for GxP 21 CFR Part 11 compliance. Adjust the event selector settings to capture the necessary activities if needed.
- 7.
Check Trail Status: Validate the status of the trail in the CloudTrail console. If the trail is not being logged in the desired region, check for any service disruptions or issues reported by AWS.
Necessary Codes:
No specific codes are required for this rule.
Step-by-step Guide for Remediation:
To ensure there is at least one enabled trail in a region for GxP 21 CFR Part 11 compliance, follow these steps:
- 1.
Log in to the AWS Management Console.
- 2.
Navigate to the CloudTrail service.
- 3.
Select the region where the trail is missing or not enabled.
- 4.
Click on "Trails" in the left-hand navigation menu.
- 5.
Review the existing trails in the region and identify if any trail is enabled.
- 6.
If no trails are enabled, click on "Create Trail" to create a new trail.
- 7.
Configure the trail settings according to your specific requirements, ensuring the following:
a. Choose a descriptive and meaningful trail name. b. Select the desired storage location for the log files. c. Enable log file encryption and log file integrity validation. d. Set an appropriate log file retention period. e. Choose the appropriate management events and data events as per GxP 21 CFR Part 11 requirements. f. Provide an existing S3 bucket for delivering the log files or create a new one.
- 8.
Review and confirm the configuration, then click on "Create" to create the trail.
- 9.
Once the trail is created, verify its status and make sure it is "enabled."
- 10.
Repeat these steps for each region to ensure compliance with GxP 21 CFR Part 11.
Remember to regularly review and monitor the created trails to ensure ongoing compliance with the regulations.