Rule: GuardDuty should be enabled
Ensure GuardDuty is enabled to meet compliance requirements.
| Rule | GuardDuty should be enabled |
| Framework | NIST 800-53 Revision 4 |
| Severity | ✔ High |
Rule Description: Enabling GuardDuty for NIST 800-53 Revision 4
Rule Overview:
This rule is designed to ensure that GuardDuty, a threat detection service provided by AWS, is enabled specifically for NIST 800-53 Revision 4. Enabling GuardDuty with this configuration helps to improve the security posture of your AWS environment by detecting and alerting on threats and vulnerabilities aligned with the NIST 800-53 security controls.
Rule Details:
To enable GuardDuty for NIST 800-53 Revision 4, follow the steps and guidelines below:
- 1.
Step 1: Log in to the AWS Management Console:
- Open a web browser and visit: https://console.aws.amazon.com/
- Enter your AWS account credentials (username and password).
- Click "Sign In" to login to the AWS Management Console.
- 2.
Step 2: Navigate to GuardDuty service
- Once logged in, type "GuardDuty" in the AWS Management Console search bar.
- Click on the "GuardDuty" service from the search results.
- 3.
Step 3: Enable GuardDuty
- On the GuardDuty dashboard, click the "Enable GuardDuty" button.
- Choose the AWS account(s) or Organization that you want to enable GuardDuty for, and click "Enable GuardDuty".
- 4.
Step 4: Configure NIST 800-53 Revision 4
- In the GuardDuty console, navigate to the "Settings" tab.
- Scroll down to the "Security standards" section.
- Click on the "Edit" button next to "Security standards".
- Enable the "NIST 800-53 Revision 4" security standard by toggling the switch to the "ON" position.
- Click "Save" to apply the changes.
- 5.
Step 5: Review Alert and Notification Settings
- In the GuardDuty console, navigate to the "Settings" tab.
- Scroll down to the "Alerts" section to review and configure the alert thresholds and notification preferences according to your requirements.
- Adjust the settings as needed and click "Save" to apply the changes.
Troubleshooting:
In case you encounter any issues during the setup or configuration of GuardDuty, consider the following troubleshooting steps:
- 1.
Verify AWS account permissions:
- Ensure that you have the necessary IAM permissions to enable and configure GuardDuty. Refer to the AWS documentation for the required IAM policies.
- 2.
Check GuardDuty region availability:
- Verify that GuardDuty is available in the region where your AWS resources are located. GuardDuty coverage may vary across AWS regions.
- 3.
Review AWS Organizations configuration (if applicable):
- If you are using AWS Organizations for managing multiple accounts within your organization, ensure that GuardDuty is properly configured and enabled at the organization level.
- 4.
Check existing GuardDuty settings:
- Ensure that GuardDuty is not already enabled with conflicting configurations. Review your GuardDuty settings to confirm they align with the desired NIST 800-53 Revision 4 configuration.
- 5.
Contact AWS Support:
- If you are unable to resolve your issues using the aforementioned steps, reach out to AWS Support for assistance. Provide them with the details of the problem you are facing for a faster resolution.
Disclaimer:
The troubleshooting steps provided are generic in nature. It is recommended to refer to official AWS documentation or consult AWS Support for specific troubleshooting steps based on the actual issue encountered.
Conclusion:
Enabling GuardDuty with NIST 800-53 Revision 4 helps enhance the security of your AWS environment by enabling automated threat detection and alerts aligned with NIST 800-53 security controls. Following the step-by-step guide and troubleshooting steps ensures a smooth setup and configuration process for GuardDuty with the specific security standard.