Enable GuardDuty Rule for Access Control (AC)
This rule specifies that GuardDuty should be enabled for Access Control (AC). Total Compliance Count: 29
| Rule | GuardDuty should be enabled |
| Framework | NIST 800-53 Revision 4 |
| Severity | ✔ High |
Rule/Policy Description: Enable GuardDuty for NIST 800-53 Revision 4 Compliance
Rule/Policy Details:
According to NIST 800-53 Revision 4 compliance, GuardDuty must be enabled to enhance the security posture of the system. GuardDuty is a security service provided by AWS that continuously monitors and analyzes AWS account activities to identify potential threats or malicious activities. By enabling GuardDuty, organizations can enhance their ability to identify and respond to security incidents effectively.
Troubleshooting Steps:
If GuardDuty is not already enabled, follow the troubleshooting steps below:
- 1.
Verify AWS Account Compatibility: Before enabling GuardDuty for NIST 800-53 Revision 4 compliance, ensure that your AWS account supports GuardDuty. GuardDuty is available in all standard AWS regions.
- 2.
Ensure Required Permissions: Ensure that you have the necessary permissions to enable GuardDuty. You must have the "AmazonGuardDutyFullAccess" IAM policy attached to your account or have equivalent permissions.
Necessary Code:
No specific code is required for enabling GuardDuty. The configuration is done through the AWS Management Console and CLI commands.
Step-by-Step Guide for Enabling GuardDuty:
- 1.
Log in to the AWS Management Console: Access the AWS Management Console using your account credentials.
- 2.
Open GuardDuty Service: In the AWS Management Console, search for "GuardDuty" in the Services search bar and click on the "GuardDuty" option when it appears.
- 3.
Choose a Region: Ensure that you are in the desired AWS region where you want to enable GuardDuty. GuardDuty operates independently in each region.
- 4.
Click on Enable GuardDuty: In GuardDuty, click on the "Enable GuardDuty" button to begin the setup process.
- 5.
Choose an Existing S3 Bucket (Optional): If you want to receive detailed findings from GuardDuty, you can choose an existing S3 bucket to store them. This step is optional but recommended for better visibility into potential threats.
- 6.
Define sample sharing preferences (Optional): You have the option to share aggregated, anonymized findings data with AWS partners for security research and enhancement purposes. This sharing preference is optional and depends on your organization's policies.
- 7.
Enable Threat Intelligence (Optional): GuardDuty allows you to enable threat intelligence feeds to enhance the detection capability. You can choose from various trusted threat intelligence providers. This step is optional but recommended for improved threat detection.
- 8.
Choose Trusted IP Lists (Optional): GuardDuty also provides the option to add trusted IP lists to reduce false-positive findings. You can specify IP ranges or EC2 tags that should be considered trusted, resulting in reduced alerts for legitimate activities.
- 9.
Click on Enable GuardDuty: Review the settings and click on the "Enable GuardDuty" button to enable GuardDuty for your AWS account.
- 10.
Monitor and Respond to Findings: Once GuardDuty is enabled, it will begin monitoring your account activities. Monitor the GuardDuty findings and act upon any identified threats or suspicious activities promptly.
Congratulations! You have successfully enabled GuardDuty to comply with the NIST 800-53 Revision 4 requirements. GuardDuty will now continuously monitor your AWS account and provide valuable insights into potential security threats.