Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable GuardDuty Rule for System and Information Integrity (SI)

Ensure compliance with GuardDuty rule to enhance System and Information Integrity (SI) benchmarks.

RuleGuardDuty should be enabled
FrameworkNIST 800-53 Revision 4
Severity
High

Rule Description

GuardDuty, a threat detection service provided by Amazon Web Services (AWS), should be enabled to ensure compliance with the NIST 800-53 Revision 4 security framework. NIST 800-53 Revision 4 provides security and privacy controls for federal information systems and organizations. By enabling GuardDuty with the appropriate settings, organizations can proactively monitor their AWS environment for potential threats and security breaches, enhancing their overall security posture.

Troubleshooting Steps (if Applicable)

Troubleshooting steps are not applicable for enabling GuardDuty for NIST 800-53 Revision 4 compliance.

Necessary Code (if Applicable)

No specific code snippets are required to enable GuardDuty for NIST 800-53 Revision 4 compliance. The configuration is done through the AWS Management Console and CLI commands.

Step-by-Step Guide for Remediation

To enable GuardDuty for NIST 800-53 Revision 4 compliance, follow these step-by-step instructions:

Step 1: Access the AWS Management Console

  1. 1.
    Open a web browser and navigate to the AWS Management Console (https://console.aws.amazon.com).

Step 2: Sign in to your AWS Account

  1. 1.
    Enter your AWS account credentials (username and password) to sign in.

Step 3: Navigate to GuardDuty

  1. 1.
    Once signed in, click on "Services" in the top navigation bar.
  2. 2.
    In the security, identity, and compliance section, click on "GuardDuty".

Step 4: Enable GuardDuty

  1. 1.
    In the GuardDuty dashboard, click on the "Enable GuardDuty" button.
  2. 2.
    Choose the AWS region where you want to enable GuardDuty.
  3. 3.
    Select the existing S3 bucket or create a new one to store GuardDuty findings.
  4. 4.
    Click on "Enable GuardDuty" to start the enabling process.

Step 5: Configure GuardDuty Settings

  1. 1.
    Once GuardDuty has been enabled, navigate to the "Settings" tab.
  2. 2.
    Review and configure the settings according to the NIST 800-53 Revision 4 requirements.
    • Enable and configure notifications for specific events and findings.
    • Adjust the frequency of security findings.
    • Customize the threat intelligence sources and reputational lists.
  3. 3.
    Click on "Save" to apply the settings.

Step 6: Review and Respond to GuardDuty Findings

  1. 1.
    GuardDuty continuously monitors your AWS environment for threats and generates findings.
  2. 2.
    Access the "Findings" tab in the GuardDuty dashboard to review the generated findings.
  3. 3.
    Investigate and respond to each finding according to your organization's incident response plan.
  4. 4.
    If necessary, take actions to mitigate or remediate the identified threats.

Conclusion

By following the above step-by-step guide, you can enable GuardDuty in your AWS environment to comply with the NIST 800-53 Revision 4 security framework. GuardDuty will help you proactively detect, investigate, and respond to potential security threats, thereby enhancing the overall security of your AWS resources.

Is your System Free of Underlying Vulnerabilities?
Find Out Now