This rule ensures the presence of at least one enabled trail in a specific region.
Rule | At least one enabled trail should be present in a region |
Framework | NIST 800-171 Revision 2 |
Severity | ✔ Low |
Rule Description:
According to the NIST 800-171 Revision 2 compliance standard, it is required to have at least one enabled trail present in a specific region. This rule helps in ensuring the monitoring and tracking of activities within the region for security and compliance purposes.
Remediation Steps:
To remediate this rule and comply with the NIST 800-171 Revision 2 standard, follow the step-by-step guide below:
Step 1: Log in to the AWS Management Console
Access the AWS Management Console using valid credentials at https://console.aws.amazon.com.
Step 2: Select the desired region
From the menu located at the top-right corner of the AWS Management Console, select the desired region where the trail needs to be present.
Step 3: Open the CloudTrail service
Type "CloudTrail" in the AWS services search box and click on the "CloudTrail" service when it appears.
Step 4: Create a new trail
In the CloudTrail service, click on the "Trails" option in the left-hand menu, then click on the "Create trail" button.
Step 5: Configure the trail
In the trail creation wizard, provide a distinctive name for the trail and select the appropriate settings based on your requirements and compliance policies. Ensure that the trail is enabled during the configuration process.
Step 6: Define the trail storage location
Specify the desired Amazon S3 bucket where the CloudTrail logs will be stored. If you don't have an existing bucket, you can create one by following the prompts.
Step 7: Configure trail log file settings
Assign a prefix and define whether the log files should be encrypted or not. Adjust other settings as needed.
Step 8: Enable additional optional features
Choose whether to enable additional optional features like log file validation, CloudWatch Logs integration, or Global services. Enable them based on your specific requirements and compliance needs.
Step 9: Configure trail management events (optional)
If required, you can configure specific management events that should be logged by the trail.
Step 10: Configure data events (optional)
Optionally, configure the specific AWS service data events that should be logged by the trail.
Step 11: Review and create the trail
Review all the settings and configurations you have provided for the trail. Once reviewed, click on the "Create" button to create the trail.
Step 12: Repeat for other desired regions
Repeat the above steps for each additional region where an enabled trail is required as per the NIST 800-171 Revision 2 compliance standard.
Troubleshooting Steps:
If you encounter any issues or face troubleshooting requirements while implementing this rule, you can follow the steps below to resolve them:
Issue: Error creating a trail.
Issue: Trail not being enabled.
Issue: CloudTrail logs not being delivered to the specified S3 bucket.
Issue: CloudTrail logs not being recorded for specific AWS services.
If none of the above troubleshooting steps resolve your issues, refer to the AWS CloudTrail documentation for further assistance.
Relevant Codes (if applicable):
There are no specific codes applicable to this rule as the remediation steps involve creating and configuring the trail through the AWS Management Console.