Back to All Checks
Medium WAF Regional

AWS WAF Classic Regional web ACLs should have at least one rule or rule group

NISTISO 27001

Description

This control checks whether an AWS WAF Regional web ACL contains any WAF rules or WAF rule groups. The control fails if a web ACL does not contain any WAF rules or rule groups.

Remediation

To add rules or rule groups to an empty AWS WAF Regional web ACL, refer to the AWS WAF Developer Guide.

Steps

  1. Navigate to the AWS WAF Regional console.
  2. Select the appropriate Web ACL.
  3. Add at least one rule or rule group to the Web ACL.

Compliance

NISTISO 27001
Start Your Free Security Check