Cloud Defense Logo

Products

Solutions

Company

Enable GuardDuty Rule for System and Information Integrity

Ensure compliance by enabling GuardDuty as per high severity control 'guardduty-enabled'.

RuleGuardDuty should be enabled
FrameworkNIST 800-171 Revision 2
Severity
High

Rule Description:

The rule requires enabling GuardDuty for compliance with NIST 800-171 Revision 2. GuardDuty is a threat detection service offered by AWS that continuously monitors and analyzes account activities and AWS resource configurations for signs of malicious activity or unauthorized behavior.

Troubleshooting Steps:

  1. 1.
    Check if the AWS account is enabled for GuardDuty.
  2. 2.
    Validate if the NIST 800-171 Revision 2 compliance standard is applicable to the organization.

Remediation Steps:

To enable GuardDuty for NIST 800-171 Revision 2 compliance, follow the steps below:

Step 1: Open GuardDuty Management Console

  1. 1.
    Sign in to the AWS Management Console.
  2. 2.
    Navigate to the GuardDuty service.

Step 2: Enable GuardDuty

  1. 1.
    In the GuardDuty management console, click on "Get started" if you haven't set up GuardDuty yet.
  2. 2.
    Select the appropriate AWS region for your account.
  3. 3.
    Click on "Enable GuardDuty" to activate the service.

Step 3: Configure GuardDuty

  1. 1.
    Once GuardDuty is enabled, you need to configure it to comply with the NIST 800-171 Revision 2 standard.
  2. 2.
    In the GuardDuty management console, click on "Settings."
  3. 3.
    Under "Findings," ensure that the "NIST 800-171" option is selected.

Step 4: Review and Respond to Findings

  1. 1.
    GuardDuty will start analyzing account activities and resource configurations to identify potential threats.
  2. 2.
    Regularly check the GuardDuty findings in the management console.
  3. 3.
    Classify and prioritize findings related to NIST 800-171 Revision 2.
  4. 4.
    Take appropriate action based on the severity of each finding.

CLI Command:

If you prefer using AWS Command Line Interface (CLI) for enabling GuardDuty, use the following command:

aws guardduty create-detector --enable true

Additional Notes:

Make sure to review and further understand NIST 800-171 Revision 2 compliance requirements specific to your organization. GuardDuty's continuous monitoring will aid in detecting threats and maintaining compliance with this standard.

Is your System Free of Underlying Vulnerabilities?
Find Out Now