Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Ensure GuardDuty is Enabled Rule

This rule ensures that GuardDuty is enabled to enhance security measures.

RuleGuardDuty should be enabled
FrameworkNIST 800-171 Revision 2
Severity
High

Enable GuardDuty for NIST 800-171 Revision 2 Compliance

Description:

GuardDuty is a threat detection service offered by Amazon Web Services (AWS) that continuously monitors and analyzes your AWS account for malicious activity and unauthorized behavior. GuardDuty helps to identify potential security issues and provides real-time notifications, enabling you to respond quickly and effectively to threats.

To ensure compliance with the NIST 800-171 Revision 2 security standard, it is essential to enable GuardDuty and configure it to monitor your AWS resources. This rule enforces the requirement that GuardDuty should be enabled for NIST 800-171 Revision 2 compliance.

Troubleshooting Steps:

If GuardDuty is not yet enabled or not properly configured, you may follow the troubleshooting steps below:

  1. 1.

    Check GuardDuty status: Verify if GuardDuty is enabled for your AWS account. You can do this by logging into the AWS Management Console, navigating to the GuardDuty service, and checking if it is in the "Enabled" state. If it is not enabled, follow the steps below to enable it.

  2. 2.

    Enable GuardDuty: To enable GuardDuty, follow these steps:

    • Log into the AWS Management Console.
    • Navigate to the GuardDuty service.
    • Click on "Get Started" to begin the setup process.
    • Choose the AWS region where you want GuardDuty to be enabled.
    • Select the detection method that best suits your needs (enabling both the network flow and DNS log analysis is recommended for comprehensive threat detection).
    • Click on "Enable GuardDuty" to enable the service.
  3. 3.

    Configure GuardDuty: Once GuardDuty is enabled, it is essential to configure it properly to align with the NIST 800-171 Revision 2 compliance requirements. Consider the following steps:

    • Define custom findings and alerts based on the specific NIST 800-171 controls that GuardDuty should monitor.
    • Configure the severity levels for different types of findings to prioritize response efforts.
    • Establish notification mechanisms (e.g., email, Amazon Simple Notification Service) to receive real-time alerts when GuardDuty detects potential threats.
  4. 4.

    Review GuardDuty findings regularly: Monitor the GuardDuty findings regularly to identify any potential security threats or vulnerabilities. Investigate and remediate any findings promptly to ensure compliance.

Necessary Codes:

There are no specific codes required for enabling GuardDuty or configuring it for NIST 800-171 Revision 2 compliance. GuardDuty is implemented and managed through the AWS Management Console.

Remediation Steps:

To ensure compliance with the GuardDuty for NIST 800-171 Revision 2 rule, follow the steps below:

  1. 1.

    Enable GuardDuty:

    • Log into the AWS Management Console.
    • Navigate to the GuardDuty service.
    • Click on "Get Started" to begin the setup process.
    • Choose the AWS region where you want GuardDuty to be enabled.
    • Select the detection method (network flow and DNS log analysis are recommended).
    • Click on "Enable GuardDuty" to enable the service.
  2. 2.

    Configure GuardDuty:

    • Define custom findings and alerts based on the specific NIST 800-171 controls.
    • Configure severity levels for different types of findings.
    • Set up notification mechanisms to receive real-time alerts.
  3. 3.

    Review GuardDuty Findings:

    • Regularly monitor the GuardDuty findings in the AWS Management Console.
    • Investigate and remediate any findings promptly to ensure compliance with NIST 800-171 Revision 2.

By following these steps, you can enable and configure GuardDuty to meet the NIST 800-171 Revision 2 compliance requirements, enhancing the security of your AWS resources.

Is your System Free of Underlying Vulnerabilities?
Find Out Now