Skip to main content

πŸ’Ό AU-6(4) Audit Record Review, Analysis, and Reporting | Central Review and Analysis

Description​

Provide and implement the capability to centrally review and analyze audit records from multiple components within the system.

Similar​

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/api-gateway/01
    • /frameworks/aws-fsbp-v1.0.0/api-gateway/09
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/05
    • /frameworks/aws-fsbp-v1.0.0/cloudtrail/01
    • /frameworks/aws-fsbp-v1.0.0/cloudtrail/05
    • /frameworks/aws-fsbp-v1.0.0/codebuild/04
    • /frameworks/aws-fsbp-v1.0.0/dms/07
    • /frameworks/aws-fsbp-v1.0.0/dms/08
    • /frameworks/aws-fsbp-v1.0.0/documentdb/04
    • /frameworks/aws-fsbp-v1.0.0/ec2/06
    • /frameworks/aws-fsbp-v1.0.0/ec2/51
    • /frameworks/aws-fsbp-v1.0.0/ecs/09
    • /frameworks/aws-fsbp-v1.0.0/ecs/12
    • /frameworks/aws-fsbp-v1.0.0/eks/08
    • /frameworks/aws-fsbp-v1.0.0/elb/05
    • /frameworks/aws-fsbp-v1.0.0/es/04
    • /frameworks/aws-fsbp-v1.0.0/es/05
    • /frameworks/aws-fsbp-v1.0.0/neptune/02
    • /frameworks/aws-fsbp-v1.0.0/network-firewall/02
    • /frameworks/aws-fsbp-v1.0.0/opensearch/04
    • /frameworks/aws-fsbp-v1.0.0/opensearch/05
    • /frameworks/aws-fsbp-v1.0.0/route-53/02
    • /frameworks/aws-fsbp-v1.0.0/rds/09
    • /frameworks/aws-fsbp-v1.0.0/rds/34
    • /frameworks/aws-fsbp-v1.0.0/rds/40
    • /frameworks/aws-fsbp-v1.0.0/redshift/04
    • /frameworks/aws-fsbp-v1.0.0/s3/09
    • /frameworks/aws-fsbp-v1.0.0/transfer-family/03
    • /frameworks/aws-fsbp-v1.0.0/waf/01
    • /frameworks/aws-fsbp-v1.0.0/waf/12
  • Internal
    • ID: dec-c-cb34bb9f

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [APIGateway.1] API Gateway REST and WebSocket API execution logging should be enabled11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [APIGateway.9] Access logging should be configured for API Gateway V2 Stages11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CloudFront.5] CloudFront distributions should have logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CloudTrail.1] CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management events1
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CloudTrail.5] CloudTrail trails should be integrated with Amazon CloudWatch Logs
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CodeBuild.4] CodeBuild project environments should have a logging AWS Configuration
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [DMS.7] DMS replication tasks for the target database should have logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [DMS.8] DMS replication tasks for the source database should have logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [DocumentDB.4] Amazon DocumentDB clusters should publish audit logs to CloudWatch Logs
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.6] VPC flow logging should be enabled in all VPCs11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.51] EC2 Client VPN endpoints should have client connection logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ECS.9] ECS task definitions should have a logging configuration
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ECS.12] ECS clusters should use Container Insights
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EKS.8] EKS clusters should have audit logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ELB.5] Application and Classic Load Balancers logging should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ES.4] Elasticsearch domain error logging to CloudWatch Logs should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ES.5] Elasticsearch domains should have audit logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Neptune.2] Neptune DB clusters should publish audit logs to CloudWatch Logs
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [NetworkFirewall.2] Network Firewall logging should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Opensearch.4] OpenSearch domain error logging to CloudWatch Logs should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Opensearch.5] OpenSearch domains should have audit logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.9] RDS DB instances should publish logs to CloudWatch Logs
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.34] Aurora MySQL DB clusters should publish audit logs to CloudWatch Logs
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.40] RDS for SQL Server DB instances should publish logs to CloudWatch Logs
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Redshift.4] Amazon Redshift clusters should have audit logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Route53.2] Route 53 public hosted zones should log DNS queries
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [S3.9] S3 general purpose buckets should have server access logging enabled12
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Transfer.3] Transfer Family connectors should have logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [WAF.1] AWS WAF Classic Global Web ACL logging should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [WAF.12] AWS WAF rules should have CloudWatch metrics enabled

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό AU-6(4) Central Review and Analysis (H)6

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (6)​

PolicyLogic CountFlags
πŸ“ AWS Account Multi-Region CloudTrail is not enabled 🟒1🟒 x6
πŸ“ AWS API Gateway API Access Logging in CloudWatch is not enabled 🟒1🟠 x1, 🟒 x5
πŸ“ AWS API Gateway API Execution Logging in CloudWatch is not enabled 🟒1🟒 x6
πŸ“ AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟒1🟒 x6
πŸ“ AWS S3 Bucket Server Access Logging is not enabled 🟒1🟒 x6
πŸ“ AWS VPC Flow Logs are not enabled 🟒1🟠 x1, 🟒 x5