Ensure Rule Compliance: at least one multi-region AWS CloudTrail
Implement at least one multi-region AWS CloudTrail to adhere to the rule.
| Rule | At least one multi-region AWS CloudTrail should be present in an account |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Medium |
Rule Description
The rule requires the presence of at least one multi-region AWS CloudTrail in an AWS account to comply with the NIST 800-171 Revision 2 security standard.
Rule Details
The NIST 800-171 Revision 2 security standard is designed to protect Controlled Unclassified Information (CUI) in non-federal information systems and organizations. One of the requirements is to ensure the availability and integrity of audit records. To adhere to this requirement, at least one multi-region AWS CloudTrail must be set up in the AWS account.
AWS CloudTrail is a service that logs and monitors account activity within an AWS environment. It provides information about actions performed by various users, including API calls made to AWS services.
A multi-region CloudTrail provides increased reliability and redundancy by capturing and storing logs across separate geographical regions. This redundancy ensures that audit records are not lost if a specific region faces an outage or other issues. Therefore, setting up a multi-region CloudTrail enhances the availability and integrity of audit records, which is crucial for meeting the requirements of NIST 800-171 Revision 2.
Troubleshooting Steps
Troubleshooting steps may not be applicable for this rule as it primarily focuses on the configuration requirement rather than potential issues or errors.
Necessary Codes
N/A
Remediation
To remediate this rule and ensure compliance with NIST 800-171 Revision 2, follow the step-by-step guide below:
- 1.
Sign in to the AWS Management Console using your AWS account credentials.
- 2.
Open the AWS CloudTrail service.
- 3.
On the CloudTrail dashboard, click on "Create trail" or "Add new trail."
- 4.
Provide a unique name for the trail, for example, "NIST800171-MultiRegion-CloudTrail."
- 5.
Choose the "Apply trail to all regions" option to enable multi-region logging.
- 6.
Select the desired storage location for the CloudTrail logs. You can choose an existing S3 bucket or create a new one.
- 7.
Enable options for log file validation to ensure data integrity.
- 8.
Configure CloudTrail to log read-only events, management events, and data events based on your specific requirements.
- 9.
Optionally, configure CloudTrail to deliver log files to an S3 bucket in a separate AWS account for increased security and separation of duties.
- 10.
Review the trail settings and ensure that they align with the specifications of your AWS account and compliance requirements.
- 11.
Click on "Create" or "Save" to finalize the CloudTrail creation process.
Once the multi-region CloudTrail is created and active, it will start capturing and storing logs from all regions within your AWS account. This ensures compliance with the NIST 800-171 Revision 2 security standard. It is recommended to periodically review and monitor the CloudTrail logs for any unauthorized or suspicious activities.