Macie automated sensitive data discovery should be enabled
Description
This control checks whether automated sensitive data discovery is enabled for an Amazon Macie administrator account. The control fails if automated sensitive data discovery isn't enabled for a Macie administrator account. This control applies only to administrator accounts. Macie automates discovery and reporting of sensitive data, such as personally identifiable information (PII), in Amazon Simple Storage Service (Amazon S3) buckets. With automated sensitive data discovery, Macie continually evaluates your bucket inventory and uses sampling techniques to identify and select representative S3 objects from your buckets. Macie then analyzes the selected objects, inspecting them for sensitive data. As the analyses progress, Macie updates statistics, inventory data, and other information that it provides about your S3 data. Macie also generates findings to report sensitive data that it finds.
Remediation
To remediate this issue, you need to enable automated sensitive data discovery for your Macie administrator account.
Steps
- Navigate to the Amazon Macie console
- Select the appropriate AWS region
- Go to 'Settings' and then 'Discovery'
- Click on 'Automated sensitive data discovery'
- Enable 'Automated sensitive data discovery'
- Configure discovery settings and preferences
- Select the S3 buckets to include in discovery
- Set up sampling and analysis preferences
- Configure findings and notifications
- Save the configuration and verify it's enabled