💼 [ES.1] Elasticsearch domains should have encryption at-rest enabled
- ID:
/frameworks/aws-fsbp-v1.0.0/es/01
Description
For an added layer of security for your sensitive data in OpenSearch, you should configure your OpenSearch to be encrypted at rest. Elasticsearch domains offer encryption of data at rest. The feature uses AWS KMS to store and manage your encryption keys. To perform the encryption, it uses the Advanced Encryption Standard algorithm with 256-bit keys (AES-256).
Similar
- AWS Security Hub
- Internal
- ID:
dec-c-852b1f1b
- ID:
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 CA-9(1) Internal System Connections _ Compliance Checks | 43 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 CM-3(6) Configuration Change Control _ Cryptography Management | 16 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7(10) Boundary Protection _ Prevent Exfiltration | 16 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-13 Cryptographic Protection | 4 | 30 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-28 Protection of Information at Rest | 3 | 17 | 36 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-28(1) Protection of Information at Rest _ Cryptographic Protection | 10 | 24 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 SI-7(6) Software, Firmware, and Information Integrity _ Cryptographic Protection | 25 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS OpenSearch Domain is not encrypted at rest🟢 | 1 | 🟢 x6 | no data |