Bedrock Agent Guardrails should have the Sensitive Information filter enabled and BLOCK highly sensitive PII entities

bedrock
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

This control verifies that all Amazon Bedrock Agent aliases point to Agent versions with an Amazon Guardrail policy attached, specifically ensuring that the Sensitive Information filter is enabled and configured to BLOCK all highly sensitive PII entities.

Amazon Bedrock Agents can have multiple aliases, each referencing different immutable versions, and each version may have a unique guardrail configuration. Guardrails are essential for enforcing data privacy and regulatory compliance in AI/ML environments by preventing the model from generating or exposing sensitive personal, financial, or credential information.

Without these guardrail settings, there is a heightened risk of data leakage, regulatory violations, or unauthorized disclosure of critical personal data.

Datadog requires using BLOCK rather than MASK to prevent sensitive data from being logged, and to ensure compliance with data protection policies and standards.

Remediation

For detailed guidance on creating and attaching guardrail policies, see the Create a guardrail documentation.

PREVIEWING: adelhajhassan/add_csi_driver_documentation