πΌ [Opensearch.3] OpenSearch domains should encrypt data sent between nodes
- Contextual name: πΌ [Opensearch.3] OpenSearch domains should encrypt data sent between nodes
- ID:
/frameworks/aws-fsbp-v1.0.0/opensearch/03 - Located in: πΌ OpenSearch
Descriptionβ
HTTPS (TLS) can be used to help prevent potential attackers from eavesdropping on or manipulating network traffic using person-in-the-middle or similar attacks. Only encrypted connections over HTTPS (TLS) should be allowed. Enabling node-to-node encryption for OpenSearch domains ensures that intra-cluster communications are encrypted in transit.
There can be a performance penalty associated with this configuration. You should be aware of and test the performance trade-off before enabling this option.
Similarβ
- AWS Security Hub
- Internal
- ID:
dec-c-65b73a19
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-4 Information Flow Enforcement | 32 | 61 | 73 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-7(4) Boundary Protection _ External Telecommunications Services | 17 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-8 Transmission Confidentiality and Integrity | 5 | 8 | 10 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-8(1) Transmission Confidentiality and Integrity _ Cryptographic Protection | 8 | 10 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-8(2) Transmission Confidentiality and Integrity _ Pre- and Post-transmission Handling | 2 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-13 Cryptographic Protection | 4 | 6 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-23 Session Authenticity | 5 | 2 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-23(3) Session Authenticity _ Unique System-generated Session Identifiers | 2 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|