Bedrock Agent Guardrails should have the Sensitive Information filter enabled and BLOCK highly sensitive PII entities
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
This control verifies that all Amazon Bedrock Agent aliases point to Agent versions with an Amazon Guardrail policy attached, specifically ensuring that the Sensitive Information filter is enabled and configured to BLOCK all highly sensitive PII entities.
Amazon Bedrock Agents can have multiple aliases, each referencing different immutable versions, and each version may have a unique guardrail configuration. Guardrails are essential for enforcing data privacy and regulatory compliance in AI/ML environments by preventing the model from generating or exposing sensitive personal, financial, or credential information.
Without these guardrail settings, there is a heightened risk of data leakage, regulatory violations, or unauthorized disclosure of critical personal data.
Datadog requires using BLOCK rather than MASK to prevent sensitive data from being logged, and to ensure compliance with data protection policies and standards.
For detailed guidance on creating and attaching guardrail policies, see the Create a guardrail documentation.
