CloudTrail Trail Log File Validation Rule
This rule requires enabling CloudTrail trail log file validation.
| Rule | CloudTrail trail log file validation should be enabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Critical |
Rule Description
CloudTrail trail log file validation should be enabled for NIST 800-171 Revision 2. This rule ensures that log file integrity is maintained and prevents unauthorized modifications to CloudTrail trail log files. By enabling log file validation, you can detect and identify any tampering attempts or unauthorized modifications made to the log files, providing enhanced security and compliance.
Troubleshooting Steps
Step 1: Verify if CloudTrail is enabled for your AWS account and if any trails are created.
Step 2: Check if log file validation is enabled for the CloudTrail trails associated with your AWS account.
Step 3: Ensure that the CloudTrail trails associated with your AWS account are compliant with NIST 800-171 Revision 2.
Necessary Codes
The following code is an example of a AWS CLI command for enabling log file validation for CloudTrail:
aws cloudtrail update-trail --name <trail_name> --enable-log-file-validation
Note: Replace
<trail_name>Step-by-step Remediation
Step 1: Log in to the AWS Management Console.
Step 2: Navigate to the CloudTrail service.
Step 3: Verify if CloudTrail is enabled for your AWS account:
- If CloudTrail is not enabled, click on "Create trail" and follow the on-screen instructions to create a new trail.
- If CloudTrail is already enabled, proceed to the next step.
Step 4: Check if log file validation is enabled for the CloudTrail trails associated with your AWS account:
- Select the existing CloudTrail trail.
- Click on "Edit".
- Scroll down to the "CloudWatch Logs" section.
- Enable the "Log file validation" option.
- Click on "Save".
Step 5: Ensure that the CloudTrail trails associated with your AWS account are compliant with NIST 800-171 Revision 2:
- Refer to the NIST 800-171 Revision 2 documentation for specific requirements related to CloudTrail logs.
- Review and update your CloudTrail configuration accordingly to meet the compliance requirements.
Conclusion
Enabling CloudTrail trail log file validation for NIST 800-171 Revision 2 helps maintain log file integrity, preventing unauthorized modifications. By following the step-by-step guide and executing the provided AWS CLI command, you can ensure that log file validation is enabled for your CloudTrail trails and improve the security and compliance of your AWS environment.