Skip to main content

💼 [RDS.3] RDS DB instances should have encryption at-rest enabled

  • Contextual name: 💼 [RDS.3] RDS DB instances should have encryption at-rest enabled
  • ID: /frameworks/aws-fsbp-v1.0.0/rds/03
  • Located in: 💼 Relational Database Service (RDS)

Description

For an added layer of security for your sensitive data in RDS DB instances, you should configure your RDS DB instances to be encrypted at rest. To encrypt your RDS DB instances and snapshots at rest, enable the encryption option for your RDS DB instances. Data that is encrypted at rest includes the underlying storage for DB instances, its automated backups, read replicas, and snapshots.

RDS encrypted DB instances use the open standard AES-256 encryption algorithm to encrypt your data on the server that hosts your RDS DB instances. After your data is encrypted, Amazon RDS handles authentication of access and decryption of your data transparently with a minimal impact on performance. You do not need to modify your database client applications to use encryption.

Similar

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST SP 800-53 Revision 5 → 💼 CA-9(1) Internal System Connections _ Compliance Checks21
💼 NIST SP 800-53 Revision 5 → 💼 CM-3(6) Configuration Change Control _ Cryptography Management6
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(10) Boundary Protection _ Prevent Exfiltration6
💼 NIST SP 800-53 Revision 5 → 💼 SC-13 Cryptographic Protection413
💼 NIST SP 800-53 Revision 5 → 💼 SC-28 Protection of Information at Rest31625
💼 NIST SP 800-53 Revision 5 → 💼 SC-28(1) Protection of Information at Rest _ Cryptographic Protection1014
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(6) Software, Firmware, and Information Integrity _ Cryptographic Protection12

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (1)

PolicyLogic CountFlags
📝 AWS RDS Instance Encryption is not enabled 🟢1🟢 x6

Internal Rules

RulePoliciesFlags
✉️ dec-x-6ba5ecd21