💼 [MSK.1] MSK clusters should be encrypted in transit among broker nodes
- ID:
/frameworks/aws-fsbp-v1.0.0/msk/01
Description
HTTPS offers an extra layer of security as it uses TLS to move data and can be used to help prevent potential attackers from using person-in-the-middle or similar attacks to eavesdrop on or manipulate network traffic. By default, Amazon MSK encrypts data in transit with TLS. However, you can override this default at the time that you create the cluster.
Similar
- AWS Security Hub
- Internal
- ID:
dec-c-9b8dedf5
- ID:
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-4 Information Flow Enforcement | 32 | 69 | 121 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7(4) Boundary Protection _ External Telecommunications Services | 47 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-8 Transmission Confidentiality and Integrity | 5 | 8 | 25 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-8(1) Transmission Confidentiality and Integrity _ Cryptographic Protection | 8 | 23 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-8(2) Transmission Confidentiality and Integrity _ Pre- and Post-transmission Handling | 16 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-13 Cryptographic Protection | 4 | 32 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-23 Session Authenticity | 5 | 15 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-23(3) Session Authenticity _ Unique System-generated Session Identifiers | 14 | no data | |||
| 💼 PCI DSS v4.0.1 → 💼 4.2.1 Strong cryptography and security protocols are implemented to safeguard PAN during transmission over open, public networks. | 2 | 28 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS MSK Cluster Client-Broker Encryption is not enabled🟢 | 1 | 🟢 x6 | no data |