Skip to main content

💼 [EC2.6] VPC flow logging should be enabled in all VPCs

  • ID: /frameworks/aws-fsbp-v1.0.0/ec2/06

Stats

not available

Description

With the VPC Flow Logs feature, you can capture information about the IP address traffic going to and from network interfaces in your VPC. After you create a flow log, you can view and retrieve its data in CloudWatch Logs. To reduce cost, you can also send your flow logs to Amazon S3.

By default, the record includes values for the different components of the IP address flow, including the source, destination, and protocol.

Similar

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST SP 800-53 Revision 5 → 💼 AC-4(26) Information Flow Enforcement _ Audit Filtering Actions18no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-2 Event Logging427no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-3 Content of Audit Records31539no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(3) Audit Record Review, Analysis, and Reporting _ Correlate Audit Record Repositories17no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(4) Audit Record Review, Analysis, and Reporting _ Central Review and Analysis17no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-12 Audit Record Generation44874no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring628no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(8) Software, Firmware, and Information Integrity _ Auditing Capability for Significant Events17no data
💼 PCI DSS v3.2.1 → 💼 10.3.3 Date and time.1no data
💼 PCI DSS v3.2.1 → 💼 10.3.4 Success or failure indication.1no data
💼 PCI DSS v3.2.1 → 💼 10.3.5 Origination of event.1no data
💼 PCI DSS v3.2.1 → 💼 10.3.6 Identity or name of affected data, system component, or resource.1no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (1)

PolicyLogic CountFlagsCompliance
🛡️ AWS VPC Flow Logs are not enabled🟢1🟠 x1, 🟢 x5no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-9c0416671