Enable GuardDuty Rule for Protect (PR) Benchmark
Ensure GuardDuty is enabled to meet high severity compliance under Protect (PR) benchmark.
| Rule | GuardDuty should be enabled |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ High |
Rule Summary: Enable GuardDuty for NIST Cybersecurity Framework (CSF) v1
Description:
The NIST Cybersecurity Framework (CSF) is a voluntary set of guidelines and best practices designed to help organizations manage and improve their cybersecurity posture. GuardDuty is an AWS service that provides intelligent threat detection and continuous monitoring for malicious activity and unauthorized behavior within AWS accounts. Enabling GuardDuty for NIST CSF v1 helps organizations align with the framework's recommendations and enhance their overall security.
Troubleshooting Steps:
- 1.Ensure that you have the necessary permissions to enable GuardDuty and make changes to your AWS account.
- 2.Verify that you have an active AWS account. If not, create one by following the AWS account setup process.
- 3.Check that the AWS region where you want to enable GuardDuty supports the service. Refer to the AWS regional services list for available services in each region.
- 4.Confirm that your AWS account is not under any restrictions or limitations that might prevent enabling GuardDuty. Contact AWS Support if you encounter any issues.
Necessary Code:
There is no specific code required to enable GuardDuty for NIST CSF. The process can be done using the AWS Management Console or AWS Command Line Interface (CLI).
Step-by-step Guide for Remediation:
Follow these steps to enable GuardDuty for NIST Cybersecurity Framework (CSF) v1:
- 1.
Step 1: Navigate to the AWS Management Console.
- 2.
Step 2: Sign in to your AWS account using valid credentials.
- 3.
Step 3: Open the GuardDuty console by searching for "GuardDuty" in the AWS services search bar.
- 4.
Step 4: In the GuardDuty console, click on "Get started" or "Enable GuardDuty", depending on your account setup.
- 5.
Step 5: Select the AWS region where you want to enable GuardDuty.
- 6.
Step 6: Choose the desired settings for the GuardDuty master account and click "Enable GuardDuty".
- 7.
Step 7: GuardDuty will start analyzing and monitoring your AWS account for potential threats and unauthorized activity.
- 8.
Step 8: Configure notifications and integrate GuardDuty findings with other AWS services if desired.
- 9.
Step 9: Regularly review GuardDuty findings and take necessary actions to address any identified threats or suspicious behavior.
- 10.
Step 10: Monitor GuardDuty on an ongoing basis, ensuring it remains enabled and continues to provide effective threat detection for your NIST Cybersecurity Framework (CSF) v1 compliance.
Note: If you prefer using the AWS Command Line Interface (CLI), you can enable GuardDuty by running the following command:
aws guardduty create-detector --enable
Ensure you have the necessary permissions and have configured the AWS CLI with valid credentials before executing the command.
By following these steps, you can enable GuardDuty for NIST Cybersecurity Framework (CSF) v1, aligning with its recommendations and strengthening the security of your AWS account.