Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EBS Default Encryption Enabled

Check if EBS default encryption is enabled on AWS EC2 instances.

RuleEBS default encryption should be enabled
FrameworkFederal Financial Institutions Examination Council (FFIEC)
Severity
Medium

Rule Description

The rule requires that EBS (Elastic Block Store) default encryption be enabled for Federal Financial Institutions Examination Council (FFIEC) compliance. This ensures that all newly created EBS volumes are automatically encrypted, providing an additional layer of data protection and helping to meet regulatory requirements.

Troubleshooting Steps

If EBS default encryption is not enabled, you may encounter the following issues:

  2. 1.
    Compliance concerns: Not enabling default encryption for EBS volumes can result in non-compliance with FFIEC regulations, which may lead to penalties or audits.
  4. 2.
    Data security risks: Without default encryption, sensitive data stored on EBS volumes is vulnerable to unauthorized access or data breaches.

Necessary Codes

To enable EBS default encryption, the following code snippet should be used in AWS Command Line Interface (CLI):

aws ec2 modify-default-credit-specification --default-credit-specification CpuCredits="unlimited"

Make sure you have the AWS CLI installed and configured with the necessary credentials before executing the command.

Step-by-Step Guide for Remediation

Follow the steps below to enable EBS default encryption for FFIEC compliance:

  2. 1.

    Open the AWS Management Console and navigate to the EC2 service.

  4. 2.

    In the EC2 Dashboard, click on "Launch Templates" under the "Instances" section.

  6. 3.

    Select the relevant launch template for your EC2 instances.

  8. 4.

    Click on the "Actions" dropdown button and choose "Edit Template".

  10. 5.

    In the template configuration, scroll down to the "EBS" section.

  12. 6.

    Locate the "Encryption" option and ensure it is set to "Enabled".

  14. 7.

    Save the changes to the launch template.

  16. 8.

    Once the template is updated, any new EC2 instances launched using this template will have the EBS default encryption enabled.

Make sure to regularly review and update your launch templates to reflect any changes in compliance requirements.

Note: Enabling EBS default encryption applies to new EBS volumes created in the future. Existing EBS volumes would need to be manually encrypted.

Conclusion

By enabling EBS default encryption, you ensure that new EBS volumes are automatically encrypted, improving data security and meeting FFIEC compliance requirements. Following the provided steps and enabling default encryption helps protect sensitive information and mitigates potential compliance risks.

Is your System Free of Underlying Vulnerabilities?
Find Out Now