💼 [Route53.2] Route 53 public hosted zones should log DNS queries

Contextual name: 💼 [Route53.2] Route 53 public hosted zones should log DNS queries
ID: /frameworks/aws-fsbp-v1.0.0/route-53/02
Located in: 💼 Route 53

Description

Logging DNS queries for a Route 53 hosted zone addresses DNS security and compliance requirements and grants visibility. The logs include information such as the domain or subdomain that was queried, the date and time of the query, the DNS record type (for example, A or AAAA), and the DNS response code (for example, NoError or ServFail). When DNS query logging is enabled, Route 53 publishes the log files to Amazon CloudWatch Logs.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/route53-controls.html#route53-2
Internal
- ID: dec-c-2df41479

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies
💼 NIST SP 800-53 Revision 5 → 💼 AC-2(4) Account Management _ Automated Audit Actions		11	13
💼 NIST SP 800-53 Revision 5 → 💼 AC-4(26) Information Flow Enforcement _ Audit Filtering Actions			7
💼 NIST SP 800-53 Revision 5 → 💼 AC-6(9) Least Privilege _ Log Use of Privileged Functions		15	16
💼 NIST SP 800-53 Revision 5 → 💼 AU-2 Event Logging	4		6
💼 NIST SP 800-53 Revision 5 → 💼 AU-3 Content of Audit Records	3	13	20
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(3) Audit Record Review, Analysis, and Reporting _ Correlate Audit Record Repositories			6
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(4) Audit Record Review, Analysis, and Reporting _ Central Review and Analysis			6
💼 NIST SP 800-53 Revision 5 → 💼 AU-10 Non-repudiation	5		5
💼 NIST SP 800-53 Revision 5 → 💼 AU-12 Audit Record Generation	4	45	47
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring	6		8
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(9) Boundary Protection _ Restrict Threatening Outgoing Communications Traffic			7
💼 NIST SP 800-53 Revision 5 → 💼 SI-3(8) Malicious Code Protection _ Detect Unauthorized Commands			3
💼 NIST SP 800-53 Revision 5 → 💼 SI-4(20) System Monitoring _ Privileged Users			3
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(8) Software, Firmware, and Information Integrity _ Auditing Capability for Significant Events			6
💼 PCI DSS v4.0.1 → 💼 10.4.2 Logs of all other system components are reviewed periodically.	1		1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Description

Similar

Similar Sections (Give Policies To)

Sub Sections