Back to All Checks
Medium WAF Regional

AWS WAF web ACLs should have at least one rule or rule group

NIST

Description

This control checks whether an AWS WAFv2 web ACL contains at least one rule or rule group. The control fails if a web ACL does not contain any rules or rule groups.

Remediation

To add rules or rule groups to an empty AWS WAFv2 web ACL, refer to the AWS WAF Developer Guide.

Steps

  1. Navigate to the AWS WAF console.
  2. Select the appropriate Web ACL.
  3. Add at least one rule or rule group to the Web ACL.

Compliance

NIST
Start Your Free Security Check