Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable GuardDuty Rule for Access Control

This rule emphasizes the importance of enabling GuardDuty for optimal Access Control.

RuleGuardDuty should be enabled
FrameworkNIST 800-171 Revision 2
Severity
High

Rule Description

This rule ensures that AWS GuardDuty is enabled for the compliance with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 2 security controls. GuardDuty is a threat detection service offered by AWS that continuously monitors AWS accounts for malicious activities and suspicious behavior.

Troubleshooting Steps

If GuardDuty is not enabled for NIST 800-171 Revision 2 compliance, you can follow the below steps to troubleshoot and enable it:

  1. 1.

    Check GuardDuty Status:

    • Open the AWS Management Console.
    • Go to the GuardDuty service page.
    • Verify if GuardDuty is enabled and active in your AWS account.
    • If GuardDuty is not enabled, proceed to enable it.
  2. 2.

    Enable GuardDuty:

    • In the GuardDuty service page, click on "Enable GuardDuty".
    • Choose the AWS region where you want GuardDuty to be enabled.
    • Configure the GuardDuty settings as per your requirements.
    • Review the settings and click on "Enable GuardDuty".
  3. 3.

    Configure GuardDuty for NIST 800-171 Revision 2:

    • Navigate to the "Findings" tab in the GuardDuty console.
    • Select the settings icon and click on "Edit".
    • In the "Manage accounts" section, click on "Add accounts".
    • Add the AWS account(s) that need to be compliant with NIST 800-171 Revision 2.
    • Optionally, you can enable email notifications for findings and set up your preferred notification preferences.
    • Click on "Save changes" to apply the configuration.

Necessary Codes

No specific code is required to enable GuardDuty for NIST 800-171 Revision 2 compliance.

Remediation Steps

Follow the below step-by-step guide to remediate the rule and ensure GuardDuty is enabled for NIST 800-171 Revision 2 compliance:

  1. 1.

    Step 1: Access GuardDuty in AWS Management Console:

    • Sign in to the AWS Management Console.
    • Navigate to the GuardDuty service page.
  2. 2.

    Step 2: Enable GuardDuty:

    • If GuardDuty is not enabled, click on "Enable GuardDuty".
    • Choose the appropriate AWS region for GuardDuty.
    • Configure the GuardDuty settings based on your requirements.
    • Review the settings and click on "Enable GuardDuty".
  3. 3.

    Step 3: Configure GuardDuty for NIST 800-171 Revision 2:

    • In the GuardDuty console, click on the "Findings" tab.
    • Select the settings icon (gear-shaped) and click on "Edit".
    • Under the "Manage accounts" section, click on "Add accounts".
    • Enter the AWS account(s) that need to be compliant with NIST 800-171 Revision 2.
    • Optionally, set up email notifications for findings if required.
    • Click on "Save changes" to apply the configuration.
  4. 4.

    Step 4: Verify GuardDuty Compliance:

    • Review the GuardDuty service page and confirm that GuardDuty is enabled and active.
    • Validate that the AWS account(s) specified in the "Manage accounts" section are added.
    • Ensure that the email notifications, if configured, are being received as expected.

By following the above steps, GuardDuty will be enabled for NIST 800-171 Revision 2 compliance, helping you identify and detect potential security threats in your AWS environment.

Is your System Free of Underlying Vulnerabilities?
Find Out Now