Back to All Checks
Medium WAF

AWS WAF Classic global web ACLs should have at least one rule or rule group

NISTISO 27001

Description

This control checks whether an AWS WAF global web ACL contains at least one WAF rule or WAF rule group. The control fails if a web ACL does not contain any WAF rules or rule groups.

Remediation

To add rules or rule groups to an empty AWS WAF global web ACL, refer to the AWS WAF Developer Guide.

Steps

  1. Navigate to the AWS WAF console.
  2. Select the appropriate Web ACL.
  3. Add at least one rule or rule group to the Web ACL.

Compliance

NISTISO 27001
Start Your Free Security Check