Back to All Checks
Medium NetworkFirewall Regional

Network Firewall logging should be enabled

NIST 800-53ISO 27001HIPAA

Description

This control checks whether logging is enabled for an AWS Network Firewall firewall. The control fails if logging isn't enabled for at least one log type or if the logging destination doesn't exist.

Remediation

Enable Network Firewall logging and configure a valid destination for at least one log type.

Steps

  1. Open the AWS Network Firewall console.
  2. Select your firewall and choose 'Logging'.
  3. Add at least one log destination (CloudWatch Logs, S3, or Kinesis Data Firehose).
  4. Select one or more log types (FLOW, ALERT).
  5. Save the configuration and verify logging status.

Compliance

NIST 800-53ISO 27001HIPAA
Start Your Free Security Check