Rule: CloudTrail Trail Log File Validation Should be Enabled
This rule ensures that CloudTrail trail log file validation is enabled to enhance system and communications protection.
| Rule | CloudTrail trail log file validation should be enabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Critical |
Rule Description:
CloudTrail is a service provided by AWS that records API calls made within your AWS account. Enabling CloudTrail trail log file validation for NIST 800-171 Revision 2 ensures the security and integrity of the log files produced by CloudTrail. By validating the log files, potential tampering or unauthorized modifications can be detected, allowing for accurate auditing and forensic analysis of API activity.
Troubleshooting Steps:
If CloudTrail trail log file validation is not enabled for NIST 800-171 Revision 2, follow the steps below to troubleshoot the issue:
- 1.Check if AWS CloudTrail is enabled for your account. Determine the region where CloudTrail is enabled.
- 2.Access the AWS Management Console and navigate to the CloudTrail service.
- 3.Select the trail that needs to be validated and click on "Edit" button.
- 4.Under the "Data Events" section, ensure that the "Enable log file validation" option is selected.
- 5.If the option is already selected, verify if the "Log file integrity validation" is "Enabled" at the trail level by navigating to the "Advanced settings" section.
- 6.If log file validation is not enabled, enable it by selecting the appropriate option.
- 7.Save the changes by clicking on the "Continue" or "Save Changes" button.
Necessary codes:
There are no specific codes required to enable CloudTrail trail log file validation for NIST 800-171 Revision 2. The configuration can be done through the AWS Management Console or by using AWS CLI commands.
Step-by-step Guide for Remediation:
- 1.Open the AWS Management Console in your preferred browser.
- 2.Sign in to the AWS Management Console using your AWS account credentials.
- 3.Navigate to the CloudTrail service by searching for "CloudTrail" in the service search bar or by selecting it from the list of available services.
- 4.In the CloudTrail dashboard, select the appropriate trail for which log file validation needs to be enabled.
- 5.Click on the "Edit" button to modify the trail settings.
- 6.Scroll down to the "Data Events" section and ensure that the "Enable log file validation" option is selected.
- 7.If the option is already selected, confirm if the "Log file integrity validation" is "Enabled" at the trail level by navigating to the "Advanced settings" section.
- 8.If log file validation is not enabled, enable it by selecting the appropriate option.
- 9.Review the other trail settings to ensure they align with the NIST 800-171 Revision 2 requirements.
- 10.After making the necessary changes, click on the "Continue" or "Save Changes" button to save the configuration.
- 11.Once enabled, CloudTrail will start validating the log files for the selected trail, ensuring the integrity and security of the recorded API calls.
Note: The above steps assume that you have the necessary permissions to access and modify the CloudTrail settings. If you encounter any issues or errors during the remediation process, refer to the CloudTrail documentation or contact AWS support for further assistance.