Knowledge Base

The AWS KMS Key is disabled

Provider: AWS
Service: KMS
Severity: Low

Description

The AWS Key Management System allows you to generate cryptographic keys that you can use to encrypt data on instances, databases, snapshots, and S3 and Redshift storage. You should use this service to protect your data with encryption.

Suggested Action

You should use KMS to generate cryptographic keys and use them to encrypt data in AWS.

Compliance:

Framework Name Framework Version Control Name Control Description
NIST SP 800-171 Revision 1 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems.
NIST SP 800-171 Revision 1 3.13.11 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI.
NIST SP 800-53 Revision 5 SC-28(1) Protection of Information at Rest | Cryptographic Protection
ISO IEC 27001 2013 A.10.1.1 Cryptography | Cryptographic controls | Policy on the use of cryptographic controls
ISO IEC 27001 2013 A.10.1.2 Cryptography | Cryptographic controls | Key management
AICPA SOC 2 2017 cc6.1 Logical access controls

References:


  • You can find more information about the Key Management Service at this link