Skip to main content

💼 [Opensearch.1] OpenSearch domains should have encryption at rest enabled

  • ID: /frameworks/aws-fsbp-v1.0.0/opensearch/01

Description

For an added layer of security for sensitive data, you should configure your OpenSearch Service domain to be encrypted at rest. When you configure encryption of data at rest, AWS KMS stores and manages your encryption keys. To perform the encryption, AWS KMS uses the Advanced Encryption Standard algorithm with 256-bit keys (AES-256).

Similar

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST SP 800-53 Revision 5 → 💼 CA-9(1) Internal System Connections _ Compliance Checks43no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-3(6) Configuration Change Control _ Cryptography Management16no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-13 Cryptographic Protection430no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-28 Protection of Information at Rest31736no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-28(1) Protection of Information at Rest _ Cryptographic Protection1024no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(6) Software, Firmware, and Information Integrity _ Cryptographic Protection25no data
💼 PCI DSS v3.2.1 → 💼 1.2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.1062no data
💼 PCI DSS v3.2.1 → 💼 1.3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.626no data
💼 PCI DSS v3.2.1 → 💼 1.3.4 Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet.13no data
💼 PCI DSS v3.2.1 → 💼 7.2.1 Coverage of all system components.11no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (1)

PolicyLogic CountFlagsCompliance
🛡️ AWS OpenSearch Domain is not encrypted at rest🟢1🟢 x6no data