Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EBS Snapshots Should Not Be Publicly Restorable

This rule ensures that EBS snapshots are not publicly restorable for better security.

RuleEBS snapshots should not be publicly restorable
FrameworkGxP 21 CFR Part 11
Severity
Medium

Rule Description:

EBS (Elastic Block Store) snapshots should not be publicly restorable to ensure compliance with GxP (Good x Practice) regulations, specifically 21 CFR Part 11. This rule aims to protect sensitive data stored within EBS snapshots by preventing unauthorized access and maintaining the integrity of the data.

Troubleshooting Steps:

  1. 1.
    Review the current configuration of EBS snapshots and their associated settings.
  2. 2.
    Verify if any snapshots are publicly restorable.
  3. 3.
    Identify potential security vulnerabilities or misconfigurations that allow public restoration of snapshots.

Necessary Codes:

No specific codes are required for this rule. However, you may need to use AWS CLI commands to validate and modify the EBS snapshot settings, if necessary.

Remediation Steps:

  1. 1.
    Sign in to the AWS Management Console and access the EC2 service.
  2. 2.
    Go to the "Snapshots" section in the EC2 Dashboard.
  3. 3.
    Review the list of snapshots and identify any publicly restorable snapshots. Public restorability can be determined by checking the "Public" column or by verifying the snapshot's permissions.
  4. 4.
    To make a snapshot non-public or private, select the snapshot and click on the "Modify Permissions" option in the actions menu.
  5. 5.
    In the permissions window, ensure that the snapshot is set to "Private" and adjust the permissions if required.
  6. 6.
    Save the changes and double-check your modifications to confirm that the snapshot is no longer publicly restorable.
  7. 7.
    Repeat this process for all relevant EBS snapshots to ensure all snapshots are set to private.

Note: Consult your organization's security policy and follow any additional steps or guidelines provided by your compliance team to ensure adherence to GxP 21 CFR Part 11 regulations.

Conclusion:

Following these steps will help ensure that EBS snapshots are not publicly restorable, meeting the compliance requirements of GxP 21 CFR Part 11. Regularly reviewing and modifying snapshot permissions will help maintain data security and integrity while keeping your organization compliant with regulatory standards.

Is your System Free of Underlying Vulnerabilities?
Find Out Now