Rule: Logging should be enabled on AWS WAFv2 Web ACLs

The logging feature should be enabled on AWS WAFv2 Regional and Global Web Access Control Lists (ACLs) to ensure compliance with NIST 800-171 Revision 2. Enabling logging allows capturing detailed information about web traffic and potential security threats or attacks. This information is crucial for monitoring and analysis purposes, and it also helps in meeting regulatory requirements such as NIST 800-171 Revision 2.

There are no specific code snippets required for enabling logging on AWS WAFv2 ACLs. Instead, configuration changes need to be made through the AWS Management Console or AWS Command Line Interface (CLI).

Navigate to the AWS Management Console using your provided credentials.

From the dashboard, search for and select "AWS WAFv2" to open the AWS WAFv2 console.

Select either the "Global Web ACLs" or "Regional Web ACLs" tab based on the type of ACLs you want to enable logging for.

Choose the Web ACL for which you want to enable logging by clicking on its name.

Under the "Logging and monitoring" section, click on "Edit" to modify the ACL settings.

Enable the "Logging configuration" toggle switch to turn on logging for the selected ACL.

Specify the log destination where the logs will be sent. This can be an Amazon Kinesis Data Firehose delivery stream, Amazon S3 bucket, or AWS CloudWatch Logs.

Optionally, you can configure logging filters to specify the type of requests you want to log. This helps in reducing the log size and focusing on specific events of interest.

Click on "Save changes" to apply the logging configuration to the selected Web ACL.

Enabling logging on AWS WAFv2 Regional and Global Web ACLs is essential for NIST 800-171 Revision 2 compliance. By following the step-by-step guide provided, you can ensure that the necessary logging configuration is correctly applied for monitoring and analyzing web traffic and potential security threats.