top of page

WAF.8

A WAF global web ACL should have at least one rule or rule group

Severity

Cloud Platforms

Resources

Related Standards

Automated

MEDIUM

AWS

Amazon Web Application Firewall

AWS Foundational Best Practice, NIST.800-53.r5,

This control checks whether a WAF global web ACL contains any WAF rules or WAF rule groups. This control fails if a web ACL does not contain any WAF rules or WAF rule groups.

bottom of page