Skip to main content

💼 [Opensearch.1] OpenSearch domains should have encryption at rest enabled

  • ID: /frameworks/aws-fsbp-v1.0.0/opensearch/01

Description

For an added layer of security for sensitive data, you should configure your OpenSearch Service domain to be encrypted at rest. When you configure encryption of data at rest, AWS KMS stores and manages your encryption keys. To perform the encryption, AWS KMS uses the Advanced Encryption Standard algorithm with 256-bit keys (AES-256).

Similar

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST SP 800-53 Revision 5 → 💼 CA-9(1) Internal System Connections _ Compliance Checks32no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-3(6) Configuration Change Control _ Cryptography Management13no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-13 Cryptographic Protection423no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-28 Protection of Information at Rest31733no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-28(1) Protection of Information at Rest _ Cryptographic Protection1021no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(6) Software, Firmware, and Information Integrity _ Cryptographic Protection20no data
💼 PCI DSS v3.2.1 → 💼 1.2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.1060no data
💼 PCI DSS v3.2.1 → 💼 1.3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.624no data
💼 PCI DSS v3.2.1 → 💼 1.3.4 Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet.11no data
💼 PCI DSS v3.2.1 → 💼 7.2.1 Coverage of all system components.10no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (1)

PolicyLogic CountFlagsCompliance
🛡️ AWS OpenSearch Domain is not encrypted at rest🟢1🟢 x6no data