GuardDuty Findings should be Archived Rule

This rule ensures that GuardDuty findings are properly archived as per compliance standards.

Rule	GuardDuty findings should be archived
Framework	NIST 800-171 Revision 2
Severity	✔ Medium

Rule/Policy Description:

The GuardDuty findings in Amazon Web Services (AWS) should be archived to ensure compliance with the NIST 800-171 Revision 2 security standard. The NIST 800-171 is a set of guidelines provided by the National Institute of Standards and Technology for protecting controlled unclassified information (CUI) in non-federal systems and organizations.

Troubleshooting Steps (if any):

If there are any issues with archiving GuardDuty findings, the following troubleshooting steps can be followed:

1.
Ensure that the AWS GuardDuty service is enabled in your AWS account.

2.
Verify that the necessary IAM permissions are assigned to the user or role responsible for archiving GuardDuty findings.

3.
Check if there are any network connectivity issues between your AWS account and the target archive destination.

4.
Review the GuardDuty configuration settings to ensure that findings are being generated and detected properly.

Necessary codes (if any):

There are no specific codes required for this rule/policy. The configuration settings within AWS GuardDuty and the chosen archive destination will handle the archiving process.

Step-by-step Guide for Remediation:

1.
Log in to the AWS Management Console.

2.
Navigate to the AWS GuardDuty service.

3.
Ensure that GuardDuty is enabled by checking the status on the main dashboard.

4.
Identify the archive destination where the GuardDuty findings should be stored. This could be an S3 bucket, CloudWatch Logs, or a third-party solution that supports archival of GuardDuty findings.

5.
Configure GuardDuty to send findings to the chosen archive destination by following these steps:
- In the GuardDuty console, click on "Settings" in the left sidebar.
- Under "Findings export", click on "Edit".
- Select the desired archive destination from the dropdown menu.
- Configure any additional settings, such as the frequency of exports or the encryption options.
- Click "Save" to apply the changes.

6.
Test the archive process by generating new GuardDuty findings or reviewing existing ones.

7.
Verify that the findings are being successfully archived to the configured destination.

8.
Regularly monitor the archive destination to ensure that all GuardDuty findings are being captured and stored correctly.

9.
If any issues arise during the archiving process, refer to the troubleshooting steps mentioned above.

10.
Periodically review and update the archive destination or settings as needed to align with any changes in compliance or security requirements.

Note: It's important to regularly perform audits to validate that the GuardDuty findings are being correctly archived and compliant with the NIST 800-171 Revision 2 standard.

GuardDuty Findings should be Archived Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule/Policy Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps (if any):

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary codes (if any):

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule/Policy Description:

Troubleshooting Steps (if any):

Necessary codes (if any):

Step-by-step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities?
Find Out Now