Back to All Checks
Medium NetworkFirewall Regional

Network Firewall firewalls should have subnet change protection enabled

NIST 800-53

Description

This control checks whether subnet change protection is enabled for an AWS Network Firewall firewall. The control fails if subnet change protection isn't enabled for the firewall.

Remediation

Enable subnet change protection to prevent accidental modifications to firewall subnet associations.

Steps

  1. Open the AWS Network Firewall console.
  2. Select your firewall and choose 'Edit'.
  3. Enable 'Subnet change protection'.
  4. Save changes and verify the firewall shows subnet change protection enabled.

Compliance

NIST 800-53
Start Your Free Security Check