Skip to main content

Repository → 💼 Cloudaware Framework → 💼 Resource Security

💼 Data Encryption

  • ID: /frameworks/cloudaware/resource-security/data-encryption

Description

Policies for identifying resources that do not follow encryption best practices.

Similar

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (42)

PolicyLogic CountFlagsCompliance
🛡️ [LEGACY] Azure Virtual Machine VHDs are not encrypted🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS Account EBS Volume Encryption Attribute is not enabled in all regions🟢1🟢 x6no data
🛡️ AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication🟢1🟢 x6no data
🛡️ AWS Backup Vault contains unencrypted Recovery Points🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution does not encrypt traffic to Custom Origins🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses default SSL/TLS certificate🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins🟢1🟢 x6no data
🛡️ AWS CloudTrail is not encrypted with KMS CMK🟢1🟢 x6no data
🛡️ AWS DAX Cluster Server-Side Encryption is not enabled🟢1🟢 x6no data
🛡️ AWS DMS Endpoint doesn't use SSL🟢1🟢 x6no data
🛡️ AWS EBS Attached Volume is not encrypted🟢1🟢 x6no data
🛡️ AWS EFS File System encryption is not enabled🟢1🟢 x6no data
🛡️ AWS RDS Instance Encryption is not enabled🟢1🟢 x6no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢1🟢 x6no data
🛡️ Azure App Service does not use Azure Key Vaults to store secrets🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure App Service FTP deployments are not disabled🟢1🟢 x6no data
🛡️ Azure App Service HTTPS Only configuration is not enabled🟢1🟢 x6no data
🛡️ Azure App Service Minimum TLS Version is not set to TLS 1.2 or higher🟢1🟢 x6no data
🛡️ Azure Databricks Workspace is not encrypted using customer-managed key (CMK)🟢1🟢 x6no data
🛡️ Azure Databricks Workspace traffic is not encrypted between cluster worker nodes🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key🟢1🟢 x6no data
🛡️ Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure MySQL Flexible Server TLS Version is not set to TLS 1.2🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled🟢1🟢 x6no data
🛡️ Azure SQL Database Transparent Data Encryption is not enabled🟢1🟢 x6no data
🛡️ Azure SQL Server Transparent Data Encryption Protector is not encrypted with Customer-managed key🟢1🟢 x6no data
🛡️ Azure Storage Account Minimum TLS Version is not set to TLS 1.2 or higher🟢1🟢 x6no data
🛡️ Azure Storage Account Require Infrastructure Encryption is not enabled🟢1🟢 x6no data
🛡️ Azure Storage Account Secure Transfer Required is not enabled🟢1🟢 x6no data
🛡️ Azure Storage Account With Critical Data is not encrypted with customer managed key🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure Storage File Shares SMB Channel Encryption is not set to AES-256-GCM or higher🟢1🟢 x6no data
🛡️ Azure Unattached Managed Disk is not encrypted with Customer-managed key🟢1🟢 x6no data
🛡️ Azure Virtual Machine OS and Data disks are not encrypted with Customer-managed key🟢1🟢 x6no data
🛡️ Google App Engine Application HTTPS Connection is not enforced🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google BigQuery Dataset is not encrypted with Customer-Managed Encryption Key (CMEK)🟢1🟢 x6no data
🛡️ Google BigQuery Table is not encrypted with Customer-Managed Encryption Key (CMEK)🟢1🟢 x6no data
🛡️ Google GCE Disk for critical VMs is not encrypted with Customer-Supplied Encryption Key (CSEK)🟢1🟢 x6no data
🛡️ Google GCE Instance Confidential Compute is not enabled🟢1🟢 x6no data
🛡️ Google HTTPS or SSL Proxy Load Balancer permits SSL policies with weak cipher suites🟢⚪🟢 x2, ⚪ x1no data