Rule: EBS Default Encryption Should Be Enabled
This rule ensures that EBS default encryption is enabled to enhance data security.
| Rule | EBS default encryption should be enabled |
| Framework | GxP EU Annex 11 |
| Severity | ✔ Medium |
Rule Description:
The EBS default encryption should be enabled to comply with the GxP EU Annex 11 guidelines. This rule ensures that all new EBS (Elastic Block Store) volumes created within an AWS (Amazon Web Services) account are automatically encrypted by default, adding an additional layer of security to protect sensitive data.
Non-compliance with this rule may result in the unauthorized access or leakage of sensitive information stored in EBS volumes, which can lead to regulatory compliance violations for organizations operating under the GxP EU Annex 11 guidelines.
Troubleshooting Steps:
If the EBS default encryption is not enabled, follow these troubleshooting steps to ensure compliance:
- 1.
Verify Current Encryption Status:
- Open the AWS Management Console.
- Go to the EC2 Dashboard.
- Select "Volumes" from the left sidebar.
- Ensure that the "Encrypted" column shows "No" for all the volumes.
- 2.
Enable EBS Default Encryption:
- Open the AWS Management Console.
- Go to the EC2 Dashboard.
- Select "Preferences" from the left sidebar.
- Under "EBS Default Encryption", click on "Edit".
- Enable the checkbox for "Encrypt new EBS volumes", if not already selected.
- Click on "Save preferences" to save the changes.
- 3.
Verify Encryption Status after Enabling:
- Go back to the EC2 Dashboard.
- Select "Volumes" from the left sidebar.
- Ensure that the "Encrypted" column now shows "Yes" for all the new volumes created.
Necessary Codes:
There are no specific codes required for enabling EBS default encryption. The steps mentioned in the troubleshooting section can be performed through the AWS Management Console.
Remediation Steps:
To enable EBS default encryption, follow these steps:
- 1.Open the AWS Management Console.
- 2.Go to the EC2 Dashboard.
- 3.Select "Preferences" from the left sidebar.
- 4.Under "EBS Default Encryption", click on "Edit".
- 5.Enable the checkbox for "Encrypt new EBS volumes", if not already selected.
- 6.Click on "Save preferences" to save the changes.
- 7.Verify the encryption status in the "Volumes" section to ensure that all new volumes created are encrypted by default.
Ensure that these steps are followed in the AWS account to comply with the GxP EU Annex 11 guidelines regarding EBS default encryption.