💼 [NetworkFirewall.6] Stateless Network Firewall rule group should not be empty
- ID:
/frameworks/aws-fsbp-v1.0.0/network-firewall/06
Description
A rule group contains rules that define how your firewall processes traffic in your VPC. An empty stateless rule group, when present in a firewall policy, might give the impression that the rule group will process traffic. However, when the stateless rule group is empty, it does not process traffic.
Similar
- AWS Security Hub
- Internal
- ID:
dec-c-41bfbac8
- ID:
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows | 37 | 60 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7 Boundary Protection | 29 | 4 | 86 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7(5) Boundary Protection _ Deny by Default — Allow by Exception | 4 | 19 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7(11) Boundary Protection _ Restrict Incoming Communications Traffic | 35 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7(16) Boundary Protection _ Prevent Discovery of System Components | 36 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7(21) Boundary Protection _ Isolation of System Components | 35 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS Network Firewall Rule Group Stateless Rules are empty🟢 | 1 | 🟢 x6 | no data |