Enable GuardDuty Rule for Risk Assessment
This rule specifies that GuardDuty must be enabled to ensure high security compliance.
| Rule | GuardDuty should be enabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ High |
Rule Description
The rule requires enabling Amazon GuardDuty for NIST 800-171 Revision 2 compliance. GuardDuty is a threat detection service that monitors your AWS environment for suspicious activity and unauthorized behavior. By enabling GuardDuty with the specific NIST 800-171 Revision 2 compliance setting, you ensure the security of your AWS resources according to the guidelines outlined in the NIST framework.
Troubleshooting Steps
If you encounter any issues while enabling GuardDuty for NIST 800-171 Revision 2 compliance, follow these troubleshooting steps:
- 1.
Check IAM permissions: Ensure that the IAM user or role you are using has the necessary permissions to enable GuardDuty and configure compliance settings. You should have the
permission.guardduty:UpdateConfiguration - 2.
Verify GuardDuty region: Make sure you are enabling GuardDuty in the correct AWS region. Different regions may have different compliance requirements.
- 3.
Check GuardDuty service status: Verify that GuardDuty is currently available in the region where you want to enable it. You can check the AWS Service Health Dashboard or use the AWS CLI command
to determine the status of GuardDuty.aws guardduty list-detectors - 4.
Review NIST 800-171 Revision 2 requirements: Double-check the specific requirements of the NIST 800-171 Revision 2 framework and ensure that you have configured GuardDuty settings accordingly.
Necessary Codes
No specific codes are required for enabling GuardDuty with the NIST 800-171 Revision 2 compliance setting. The steps below outline the configuration process.
Step-by-Step Guide
Follow these steps to enable GuardDuty for NIST 800-171 Revision 2 compliance:
- 1.
Log in to the AWS Management Console.
- 2.
Go to the GuardDuty service.
- 3.
On the GuardDuty dashboard, click on Get started if you haven't set up GuardDuty yet. If you have already enabled GuardDuty, skip to step 5.
- 4.
Follow the on-screen instructions to enable GuardDuty in your AWS account. This involves choosing the regions to enable GuardDuty in and defining the S3 bucket for storing findings.
- 5.
After GuardDuty is enabled, go to the Settings tab.
- 6.
In the Compliance settings section, click on Edit.
- 7.
Choose NIST 800-171 Revision 2 from the compliance standards dropdown menu.
- 8.
Click Save to apply the NIST 800-171 Revision 2 compliance setting.
GuardDuty will now be enabled with the NIST 800-171 Revision 2 compliance setting, allowing it to monitor your AWS environment and detect potential security threats according to the specified standards.
Please note that enabling GuardDuty and configuring compliance settings is just one component of achieving full compliance with the NIST 800-171 Revision 2 framework. Ensure you have implemented other necessary security measures and practices to meet all compliance requirements.