💼 [WAF.10] AWS WAF web ACLs should have at least one rule or rule group

ID: /frameworks/aws-fsbp-v1.0.0/waf/10

Description

A web ACL gives you fine-grained control over all of the HTTP(S) web requests that your protected resource responds to. A web ACL should contain a collection of rules and rule groups that inspect and control web requests. If a web ACL is empty, the web traffic can pass without being detected or acted upon by AWS WAF depending on the default action.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/waf-controls.html#waf-10
Internal
- ID: dec-c-48e9f075

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST SP 800-53 Revision 5 → 💼 CA-9(1) Internal System Connections _ Compliance Checks			25		no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-2 Baseline Configuration	7		29		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS WAF Web ACL has no WAF Rules or WAF Rule Groups🟢	1	🟠 x1, 🟢 x5	no data

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​

Description

Similar

Similar Sections (Give Policies To)

Sub Sections

Policies (1)