πΌ [Opensearch.3] OpenSearch domains should encrypt data sent between nodes
- Contextual name: πΌ [Opensearch.3] OpenSearch domains should encrypt data sent between nodes
- ID:
/frameworks/aws-fsbp-v1.0.0/opensearch/03 - Located in: πΌ OpenSearch
Descriptionβ
HTTPS (TLS) can be used to help prevent potential attackers from eavesdropping on or manipulating network traffic using person-in-the-middle or similar attacks. Only encrypted connections over HTTPS (TLS) should be allowed. Enabling node-to-node encryption for OpenSearch domains ensures that intra-cluster communications are encrypted in transit.
There can be a performance penalty associated with this configuration. You should be aware of and test the performance trade-off before enabling this option.
Similarβ
- AWS Security Hub
- Internal
- ID:
dec-c-65b73a19
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-4 Information Flow Enforcement | 32 | 68 | 85 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-7(4) Boundary Protection _ External Telecommunications Services | 25 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-8 Transmission Confidentiality and Integrity | 5 | 8 | 16 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-8(1) Transmission Confidentiality and Integrity _ Cryptographic Protection | 8 | 15 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-8(2) Transmission Confidentiality and Integrity _ Pre- and Post-transmission Handling | 7 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-13 Cryptographic Protection | 4 | 13 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-23 Session Authenticity | 5 | 7 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-23(3) Session Authenticity _ Unique System-generated Session Identifiers | 6 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|