Enable GuardDuty rule for System and Communications Protection (SC)
This rule ensures GuardDuty is enabled to protect system and communications. High severity with 13 compliant and 16 non-compliant.
| Rule | GuardDuty should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description: Enable GuardDuty for compliance with NIST 800-53 Revision 5
Policy Overview:
To ensure compliance with NIST (National Institute of Standards and Technology) 800-53 Revision 5, GuardDuty must be enabled on your system. GuardDuty is a threat detection service provided by AWS that continuously monitors your AWS environment for malicious activity, unauthorized behavior, and potential security threats. By enabling GuardDuty, you can enhance the security posture of your system and meet the requirements outlined in NIST 800-53 Revision 5.
Troubleshooting Steps:
- 1.Ensure that you have the necessary permissions to enable GuardDuty. You must have the IAM (Identity and Access Management) permissions required to enable GuardDuty on your AWS account.
- 2.Verify that your AWS account is not already enrolled in GuardDuty. If it is, ensure that it is configured correctly and actively monitoring your environment. If not, proceed with the enabling steps.
Necessary Code:
There is no specific code required to enable GuardDuty. The steps involved in enabling GuardDuty can be performed using the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDKs (Software Development Kits).
Step-by-Step Guide for Remediation:
Step 1: Access AWS Management Console
- 1.Log in to the AWS Management Console using your AWS account credentials.
- 2.Navigate to the Amazon GuardDuty service.
Step 2: Enable GuardDuty
- 1.In the GuardDuty console, click on "Get Started".
- 2.Choose the AWS region where you want to enable GuardDuty.
- 3.Click on "Enable GuardDuty" to enable the service in the selected region.
- 4.GuardDuty will then start analyzing data and generating findings based on detected threats.
Step 3: Configure GuardDuty
- 1.Review the default settings and configure them according to your requirements. You can modify the detector behavior, enable or disable different types of findings, and set up email notifications.
- 2.Consider creating CloudWatch Events rules for automated remediation actions based on GuardDuty findings.
Step 4: Monitor and Respond to GuardDuty Findings
- 1.Regularly review and analyze GuardDuty findings in the console, or automate the process using CloudWatch Events rules.
- 2.Investigate and take appropriate actions for each finding based on the severity level and associated risks.
- 3.Follow the AWS recommended actions for each type of finding to mitigate potential security threats.
Note: It is crucial to continuously monitor GuardDuty findings to maintain the security and compliance of your AWS environment.
Conclusion:
By enabling GuardDuty, you can meet the compliance requirements of NIST 800-53 Revision 5 and enhance your system's security. GuardDuty provides valuable insights and alerts for potential threats, allowing you to take quick and necessary actions to protect your AWS resources. Regularly monitoring GuardDuty findings and promptly responding to any detected threats will help maintain the integrity and resilience of your system.