Skip to main content

πŸ’Ό [GuardDuty.1] GuardDuty should be enabled

  • Contextual name: πŸ’Ό [GuardDuty.1] GuardDuty should be enabled
  • ID: /frameworks/aws-fsbp-v1.0.0/guardduty/01
  • Located in: πŸ’Ό GuardDuty

Description​

It is highly recommended that you enable GuardDuty in all supported AWS Regions. Doing so allows GuardDuty to generate findings about unauthorized or unusual activity, even in Regions that you do not actively use. This also allows GuardDuty to monitor CloudTrail events for global AWS services such as IAM.

Similar​

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-2(12) Account Management _ Account Monitoring for Atypical Usage
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-6(1) Audit Record Review, Analysis, and Reporting _ Automated Process Integration11
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-6(5) Audit Record Review, Analysis, and Reporting _ Integrated Analysis of Audit Records
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-7 Continuous Monitoring68
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CM-8(3) System Component Inventory _ Automated Unauthorized Component Detection
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό RA-3(4) Risk Assessment _ Predictive Cyber Analytics
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-8(19) Security and Privacy Engineering Principles _ Continuous Protection
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-8(21) Security and Privacy Engineering Principles _ Self-analysis
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-8(25) Security and Privacy Engineering Principles _ Economic Security
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-11(1) Developer Testing and Evaluation _ Static Code Analysis
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-11(6) Developer Testing and Evaluation _ Attack Surface Reviews
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-15(2) Development Process, Standards, and Tools _ Security and Privacy Tracking Tools
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-15(8) Development Process, Standards, and Tools _ Reuse of Threat and Vulnerability Information
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-5 Denial-of-service Protection32
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-5(1) Denial-of-service Protection _ Restrict Ability to Attack Other Systems
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-5(3) Denial-of-service Protection _ Detection and Monitoring
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-3(8) Malicious Code Protection _ Detect Unauthorized Commands3
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4 System Monitoring2526
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4(1) System Monitoring _ System-wide Intrusion Detection System
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4(2) System Monitoring _ Automated Tools and Mechanisms for Real-time Analysis
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4(4) System Monitoring _ Inbound and Outbound Communications Traffic22
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4(5) System Monitoring _ System-generated Alerts
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4(13) System Monitoring _ Analyze Traffic and Event Patterns
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4(22) System Monitoring _ Unauthorized Network Services
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4(25) System Monitoring _ Optimize Network Traffic Analysis
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-20 Tainting
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 11.4 Use intrusion-detection and/or intrusion-prevention techniques to detect and/or prevent intrusions into the network.11
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 11.5.1 Implement a process to respond to any alerts generated by the change detection solution.

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags