This rule ensures that encryption at rest is enabled for RDS DB instances.
Rule | RDS DB instance encryption at rest should be enabled |
Framework | Federal Financial Institutions Examination Council (FFIEC) |
Severity | ✔ Low |
Rule Description:
RDS DB instance encryption at rest should be enabled for Federal Financial Institutions Examination Council (FFIEC).
According to the security guidelines provided by the Federal Financial Institutions Examination Council (FFIEC), all RDS DB instances should have encryption at rest enabled. Encrypting data at rest helps protect sensitive information stored in the database from unauthorized access and ensures compliance with data security standards.
Troubleshooting Steps:
If encryption at rest is not enabled for RDS DB instances in accordance with FFIEC guidelines, follow the steps below to troubleshoot the issue:
Verify the Encryption Status:
Check the status of encryption for the RDS DB instance by following these steps:
If the encryption status is not "Enabled", proceed to the next step.
Enable Encryption:
To enable encryption at rest for the RDS DB instance, follow these steps:
The encryption at rest will now be enabled for the RDS DB instance.
Necessary Codes:
There are no specific codes required for this rule. The encryption at rest can be enabled through the AWS Management Console by following the steps mentioned in the troubleshooting section.
Remediation Steps:
To remediate the RDS DB instance that does not have encryption at rest enabled according to FFIEC guidelines, follow these step-by-step instructions:
Log in to the AWS Management Console.
Go to the Amazon RDS service.
Select the appropriate RDS DB instance that needs to be remediated.
In the instance details page, click on the "Modify" button.
Scroll down to the "Storage" section.
Enable the "Encrypt" option.
From the list of available AWS Key Management Service (KMS) keys, choose the appropriate key.
If you want the changes to take effect immediately, click on the "Apply Immediately" checkbox.
Click on the "Modify DB instance" button to save the changes.
Note: Enabling encryption at rest may result in a brief outage for the RDS instance during the modification process.
Once the modification is completed, verify that the encryption status is now "Enabled" for the RDS DB instance.
By following these steps, you will successfully enable encryption at rest for the RDS DB instance, ensuring compliance with the FFIEC guidelines.