💼 [CloudFront.3] CloudFront distributions should require encryption in transit

Contextual name: 💼 [CloudFront.3] CloudFront distributions should require encryption in transit
ID: /frameworks/aws-fsbp-v1.0.0/cloudfront/03
Located in: 💼 CloudFront

Description

HTTPS (TLS) can be used to help prevent potential attackers from using person-in-the-middle or similar attacks to eavesdrop on or manipulate network traffic. Only encrypted connections over HTTPS (TLS) should be allowed. Encrypting data in transit can affect performance. You should test your application with this feature to understand the performance profile and the impact of TLS.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-3
Internal
- ID: dec-c-c713909a

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies
💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement	32	68	85
💼 NIST SP 800-53 Revision 5 → 💼 AC-17(2) Remote Access _ Protection of Confidentiality and Integrity Using Encryption		12	17
💼 NIST SP 800-53 Revision 5 → 💼 IA-5(1) Authenticator Management _ Password-based Authentication			8
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services			25
💼 NIST SP 800-53 Revision 5 → 💼 SC-8 Transmission Confidentiality and Integrity	5	8	16
💼 NIST SP 800-53 Revision 5 → 💼 SC-8(1) Transmission Confidentiality and Integrity _ Cryptographic Protection		8	15
💼 NIST SP 800-53 Revision 5 → 💼 SC-8(2) Transmission Confidentiality and Integrity _ Pre- and Post-transmission Handling			7
💼 NIST SP 800-53 Revision 5 → 💼 SC-12(3) Cryptographic Key Establishment and Management _ Asymmetric Keys			6
💼 NIST SP 800-53 Revision 5 → 💼 SC-13 Cryptographic Protection	4		13
💼 NIST SP 800-53 Revision 5 → 💼 SC-23 Session Authenticity	5		7
💼 NIST SP 800-53 Revision 5 → 💼 SC-23(3) Session Authenticity _ Unique System-generated Session Identifiers			6
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(6) Software, Firmware, and Information Integrity _ Cryptographic Protection			12
💼 PCI DSS v4.0.1 → 💼 4.2.1 Strong cryptography and security protocols are implemented to safeguard PAN during transmission over open, public networks.	2		21

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-791dab13	1

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​

Internal Rules​