💼 [ES.3] Elasticsearch domains should encrypt data sent between nodes

• ID: /frameworks/aws-fsbp-v1.0.0/es/03

Description

HTTPS (TLS) can be used to help prevent potential attackers from eavesdropping on or manipulating network traffic using person-in-the-middle or similar attacks. Only encrypted connections over HTTPS (TLS) should be allowed. Enabling node-to-node encryption for Elasticsearch domains ensures that intra-cluster communications are encrypted in transit.

Similar

• AWS Security Hub
  • https://docs.aws.amazon.com/securityhub/latest/userguide/es-controls.html#es-3
• Internal
  • ID: dec-c-dc5a5c95

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement	32	69	99		no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services			35		no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-8 Transmission Confidentiality and Integrity	5	8	19		no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-8(1) Transmission Confidentiality and Integrity _ Cryptographic Protection		8	18		no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-8(2) Transmission Confidentiality and Integrity _ Pre- and Post-transmission Handling			10		no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-13 Cryptographic Protection	4		23		no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-23 Session Authenticity	5		10		no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-23(3) Session Authenticity _ Unique System-generated Session Identifiers			9		no data
💼 PCI DSS v4.0.1 → 💼 4.2.1 Strong cryptography and security protocols are implemented to safeguard PAN during transmission over open, public networks.	2		25		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS OpenSearch Domain Node To Node Encryption is not enabled🟢	1	🟢 x6	no data