Enable GuardDuty Rule for Security Assessment And Authorization (CA)
This rule focuses on ensuring GuardDuty is enabled to enhance security measures.
| Rule | GuardDuty should be enabled |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ High |
Rule Description:
GuardDuty is a threat detection service offered by Amazon Web Services (AWS) that helps protect your AWS environment by continuously monitoring and analyzing logs and network traffic for malicious activity. This rule requires enabling GuardDuty specifically for the FedRAMP Low compliance framework, as outlined in Revision 4.
Troubleshooting Steps:
If you encounter any issues while enabling GuardDuty for FedRAMP Low, follow these troubleshooting steps:
- 1.
Security and Compliance Permissions: Ensure that you have sufficient permissions to enable GuardDuty and manage security and compliance settings in your AWS account.
- 2.
Verify Account Eligibility: Confirm that your AWS account is eligible to enable GuardDuty and that it is applicable to the FedRAMP Low compliance framework.
- 3.
Check Availability in the Region: GuardDuty might not be available in all AWS regions. Ensure that the region you are operating in supports GuardDuty.
- 4.
Check Service Quotas: Verify that you have not reached the service quota for enabling GuardDuty in your AWS account.
- 5.
Review Logs and Error Messages: Refer to GuardDuty logs and error messages to identify any specific issues or errors that may be preventing the enabling of GuardDuty for FedRAMP Low.
Necessary Codes:
No specific codes are required for enabling GuardDuty for FedRAMP Low Revision 4 as it is a configuration-based setup. However, you may need to make use of AWS Command Line Interface (CLI) commands for enabling GuardDuty, which will be explained in the next section.
Step-by-Step Guide for Remediation:
Follow the steps below to enable GuardDuty for FedRAMP Low Revision 4:
- 1.
Log in to the AWS Management Console with appropriate credentials.
- 2.
Navigate to the GuardDuty service by selecting it from the list of services available.
- 3.
On the GuardDuty console, click "Get started" to begin the setup process.
- 4.
Select the AWS region where you want to enable GuardDuty.
- 5.
Choose the "Enable" option to enable GuardDuty for the selected region.
- 6.
On the "Choose a detection level" page, select the desired detection level based on your security requirements. GuardDuty recommends using the "High" detection level for optimal protection.
- 7.
Click "Next" to proceed.
- 8.
On the "Choose a publishing destination" page, select the output destination for GuardDuty findings. You can choose between Amazon CloudWatch Events or S3 bucket for receiving notifications and storing findings.
- 9.
Configure appropriate settings based on your preferences and click "Next" to proceed.
- 10.
On the "Review" page, review the configuration details and ensure that they are accurate.
- 11.
If everything looks correct, click "Enable GuardDuty" to initiate the enabling process.
- 12.
Wait for a few minutes while GuardDuty is being enabled for the selected region.
- 13.
Once the process is complete, you will receive a confirmation message indicating that GuardDuty is successfully enabled for FedRAMP Low Revision 4.
You have now successfully enabled GuardDuty for FedRAMP Low Revision 4. GuardDuty will continuously monitor your AWS environment for any potential threats and generate findings based on its analysis. Make sure to regularly review these findings and take appropriate actions to address any identified risks.