💼 3.8 Ensure rotation for customer created CMKs is enabled

ID: /frameworks/cis-aws-v1.4.0/03/08

Description

AWS Key Management Service (KMS) allows customers to rotate the backing key which is key material stored within the KMS which is tied to the key ID of the Customer Created customer master key (CMK). It is the backing key that is used to perform cryptographic operations such as encryption and decryption. Automated key rotation currently retains all prior backing keys so that decryption of encrypted data can take place transparently. It is recommended that CMK key rotation be enabled.

Similar

Sections
- /frameworks/cis-aws-v1.5.0/03/08
- /frameworks/cis-aws-v1.3.0/03/08
Internal
- ID: dec-c-e54484a9

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS AWS v1.3.0 → 💼 3.8 Ensure rotation for customer created CMKs is enabled		1	1		no data
💼 CIS AWS v1.5.0 → 💼 3.8 Ensure rotation for customer created symmetric CMKs is enabled - Level 2 (Automated)		1	1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS AWS v1.3.0 → 💼 3.8 Ensure rotation for customer created CMKs is enabled		1	1		no data
💼 CIS AWS v1.5.0 → 💼 3.8 Ensure rotation for customer created symmetric CMKs is enabled - Level 2 (Automated)		1	1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS KMS Symmetric CMK Rotation is not enabled🟢	1	🟢 x6	no data

Internal Rules

Rule	Policies	Flags
✉️ dec-x-4d6fee7a	1

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​

Internal Rules​