---
names:
  full: "AWS OpenSearch Domain is not encrypted with the latest TLS policy"
  contextual: "Domain is not encrypted with the latest TLS policy"
description: >
  Ensure that Amazon OpenSearch Service domains are configured to use the 
  latest TLS security policy (Policy-Min-TLS-1-2-2019-07). This ensures that 
  only clients using TLS 1.2 or higher can connect to the domain.
type: "COMPLIANCE_POLICY"
categories:
  - "SECURITY"
frameworkMappings:
  - "/frameworks/cloudaware/secret-and-certificate-governance/cryptographic-configuration"
  - "/frameworks/aws-fsbp-v1.0.0/es/08"
  - "/frameworks/aws-fsbp-v1.0.0/opensearch/08"
similarPolicies:
  awsSecurityHub:
    - name: "[Opensearch.8] Connections to OpenSearch domains should be encrypted using the latest TLS security policy"
      url: "https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-8"
    - name: "[ES.8] Connections to Elasticsearch domains should be encrypted using the latest TLS security policy"
      url: "https://docs.aws.amazon.com/securityhub/latest/userguide/es-controls.html#es-8"