Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Enable CloudWatch Alarm Action

This rule ensures that CloudWatch alarm action is enabled for proactive monitoring.

RuleCloudWatch alarm action should be enabled
FrameworkNIST 800-171 Revision 2
Severity
High

Rule Description

This rule ensures that CloudWatch alarm actions are enabled for compliance with NIST 800-171 Revision 2.

The National Institute of Standards and Technology (NIST) Special Publication 800-171 Revision 2 provides guidelines for protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations. Enabling CloudWatch alarm actions helps meet the security requirements outlined in this framework.

Remediation Steps

To enable CloudWatch alarm actions for NIST 800-171 Revision 2 compliance, follow the steps below:

Step 1: Access AWS CloudWatch Console

  1. 1.
    Navigate to the AWS Management Console (https://console.aws.amazon.com).
  2. 2.
    Type "CloudWatch" in the search bar and select "CloudWatch" from the displayed options.

Step 2: Create or Update CloudWatch Alarm

  1. 1.
    In the CloudWatch dashboard, click on "Alarms" in the left sidebar.
  2. 2.
    Click on "Create alarm" or select an existing alarm that needs to be updated.

For creating a new alarm:

  1. 1.
    Select the desired metric (such as CPU utilization, network traffic, etc.) based on your specific use case.
  2. 2.
    Configure the alarm conditions based on the NIST 800-171 Revision 2 requirements.
    • Set appropriate threshold values, such as high and low thresholds, if applicable.
    • Define the period, evaluation period, and statistic type as required.
  3. 3.
    Enable the "Actions" section and configure actions to be performed when the alarm state is triggered.
    • Specify the actions to execute, such as sending a notification, executing an AWS Lambda function, or autoscaling.
    • Ensure the actions are appropriate for compliance with NIST 800-171 Revision 2.
  4. 4.
    Review and validate all alarm settings.
  5. 5.
    Click on "Create Alarm" to create the CloudWatch alarm.

For updating an existing alarm:

  1. 1.
    Select the existing alarm that needs to be updated from the list of alarms.
  2. 2.
    Modify the alarm condition, threshold values, or actions as necessary to conform with NIST 800-171 Revision 2.
  3. 3.
    Save the changes.

Troubleshooting

In case you encounter any issues while enabling CloudWatch alarm actions or configuring the alarm conditions, consider the following troubleshooting steps:

  1. 1.
    Permissions: Ensure that the AWS Identity and Access Management (IAM) user or role you are using has the necessary permissions to create or modify CloudWatch alarms. The IAM user or role should have appropriate permissions assigned to perform CloudWatch actions.
  2. 2.
    Metric Selection: Verify that you have selected the correct metric(s) for your CloudWatch alarm. Ensure that the selected metric(s) align with the requirements specified in NIST 800-171 Revision 2.
  3. 3.
    Threshold Settings: Double-check the configured threshold values for your alarm. Make sure they meet the compliance requirements based on NIST 800-171 Revision 2. Adjust the threshold values if needed.
  4. 4.
    Actions Configuration: Review the configured actions associated with the alarm. Ensure that they are configured to perform the appropriate steps required to meet the compliance requirements of NIST 800-171 Revision 2. Verify that the notification targets, Lambda functions, or autoscaling actions are properly set up and functioning correctly.

If the troubleshooting steps do not resolve the issue, consult the AWS documentation or contact AWS support for further assistance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now