Back to All Checks
High CloudTrail Regional

CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management events

CISNISTISO 27001HIPAA

Description

This control checks that there is at least one multi-Region CloudTrail trail. It also checks that the ExcludeManagementEventSources parameter is empty for at least one of those trails.

Remediation

To comply with this control, you must ensure that AWS CloudTrail is enabled with at least one multi-region trail that includes both read and write management events. The trail should not exclude management event sources.

Steps

  1. Sign in to the AWS Management Console and open the CloudTrail console at https://console.aws.amazon.com/cloudtrail/.
  2. In the CloudTrail console, click on 'Trails' in the left navigation pane.
  3. Click on the 'Create trail' button.
  4. In the 'Trail name' field, enter a name for your trail.
  5. Set 'Apply trail to all regions' to Yes for multi-region coverage.
  6. For 'Management events', select 'Read/Write events' to include both read and write management events.
  7. For 'Storage location', create a new S3 bucket or select an existing one to store your CloudTrail logs.
  8. Optionally, configure additional settings such as log file encryption with KMS keys, log file validation, and CloudWatch Logs integration.
  9. Ensure that the 'ExcludeManagementEventSources' parameter is empty to include all management events.
  10. Click on the 'Create' button to create the trail.
  11. Verify that the trail is configured correctly and captures all required events.

Compliance

CISNISTISO 27001HIPAA
Start Your Free Security Check