Cloud Defense Logo

Products

Solutions

Company

Attached EBS Volumes Encryption Rule

This rule ensures encryption is enabled for attached EBS volumes.

RuleAttached EBS volumes should have encryption enabled
FrameworkGxP 21 CFR Part 11
Severity
Medium

Rule Description:

This rule ensures that all attached Elastic Block Store (EBS) volumes in the infrastructure are encrypted as per the requirements of GxP 21 CFR Part 11. Encryption provides an additional layer of protection for sensitive data stored on EBS volumes, ensuring compliance with regulatory guidelines and safeguarding data integrity.

Troubleshooting Steps:

  2. 1.

    Check if the attached EBS volumes are encrypted:

    • To verify the encryption status of an EBS volume, navigate to the AWS Management Console and open the EC2 service.
    • Select "Volumes" from the left sidebar and locate the desired EBS volume.
    • Look for the "Encryption" attribute to determine if the volume is encrypted.
  4. 2.

    Review volume encryption settings:

    • If the volume is not encrypted, evaluate the encryption configuration.
    • Check if AWS Key Management Service (KMS) is being used for encryption and confirm the Key ID used for encryption.
  6. 3.

    Generate an encryption key if required:

    • If no encryption key is set or if the existing key needs to be updated, create a new key using AWS Key Management Service.
    • Follow the AWS documentation to create a new key: AWS KMS Documentation
  8. 4.

    Enable encryption for the EBS volumes:

    • To enable encryption for the EBS volumes, follow these steps:
      2. 1.
        Identify the EBS volume(s) that need encryption.
      4. 2.
        Select the volume(s) in the AWS Management Console.
      6. 3.
        Click the "Actions" button and choose "Modify Volume".
      8. 4.
        In the "Modify Volume" dialog, enable the "Encryption" option.
      10. 5.
        Select the appropriate encryption key from the dropdown menu.
      12. 6.
        Click "Save".

Necessary Codes:

No specific codes are required for this configuration as it can be achieved through the AWS Management Console.

Remediation Steps:

To ensure compliance with GxP 21 CFR Part 11 by enabling encryption for attached EBS volumes, follow the step-by-step guide below:

  2. 1.

    Login to the AWS Management Console with appropriate credentials.

  4. 2.

    Open the EC2 service.

  6. 3.

    Select "Volumes" from the left sidebar.

  8. 4.

    Identify the EBS volume(s) that need encryption.

  10. 5.

    Select the target volume(s) by clicking on the checkbox beside them.

  12. 6.

    Click the "Actions" button located above the volumes list.

  14. 7.

    From the dropdown menu, choose "Modify Volume".

  16. 8.

    In the "Modify Volume" dialog, locate the "Encryption" option and enable it.

  18. 9.

    A dropdown menu will appear with a list of available encryption keys. Select the appropriate key for encryption.

  20. 10.

    Review the modifications and ensure that the correct volume(s) and encryption key are selected.

  22. 11.

    Click the "Save" button to apply the changes.

  24. 12.

    Monitor the status of the volume modification to verify successful encryption.

  26. 13.

    Repeat these steps for any other EBS volumes that require encryption.

By following these steps, you will have successfully enabled encryption for attached EBS volumes in compliance with GxP 21 CFR Part 11.

Is your System Free of Underlying Vulnerabilities?
Find Out Now