Rule: Log Group Encryption at Rest Should Be Enabled
This rule requires enabling encryption at rest for log groups to ensure data security.
| Rule | Log group encryption at rest should be enabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ High |
Rule Description:
The "Log group encryption at rest should be enabled for NIST 800-171 Revision 2" rule ensures that the log groups in the system are encrypted at rest in accordance with the security requirements outlined in the NIST 800-171 Revision 2 framework. Encrypting log data adds an extra layer of security to protect sensitive information from unauthorized access.
Troubleshooting Steps:
- 1.Verify if log group encryption at rest is currently enabled for NIST 800-171 Revision 2 compliance.
- 2.Check if the log groups in the system are encrypted using the required encryption algorithms and parameters.
- 3.Ensure that the encryption keys used for log group encryption are stored securely and managed according to best practices.
- 4.Confirm that the encryption at rest configuration is consistent across all log groups.
Necessary Codes:
No specific codes are provided for this rule. The implementation depends on the cloud provider or logging tools being used.
Remediation Steps:
The following steps can be followed to remediate the non-compliance with the rule:
- 1.
Determine the cloud provider or logging tool being used:
Identify the cloud provider (e.g., AWS, Azure, Google Cloud) or logging tool (e.g., ElasticSearch, Splunk) being used for log management.
- 2.
Enable log group encryption at rest:
Depending on the cloud provider or logging tool, follow the relevant documentation to enable log group encryption at rest. Here is an example for AWS CloudWatch Logs:
a. Login to the AWS Management Console. b. Go to the CloudWatch service. c. Select the log group requiring encryption. d. Click on "Actions" and choose "Modify" or "Edit". e. Enable encryption at rest by selecting the appropriate encryption options. f. Save the changes.
- 3.
Validate and verify encryption:
After enabling log group encryption at rest, verify that it is configured correctly:
a. Check the encryption settings of the log group to ensure encryption is enabled. b. Confirm that the encryption algorithm and parameters meet the NIST 800-171 Revision 2 requirements. c. If necessary, review the encryption key management documentation for the cloud provider or logging tool to ensure best practices are followed.
- 4.
Perform a compliance audit:
Conduct periodic audits to ensure that all log groups are encrypted at rest and compliant with the NIST 800-171 Revision 2 requirements. This includes verifying encryption settings and key management practices.
Conclusion:
Log group encryption at rest is essential for protecting sensitive log data and ensuring compliance with the NIST 800-171 Revision 2 framework. By following the remediation steps outlined above, organizations can ensure that log groups are encrypted and secure from unauthorized access. Regular audits should be conducted to validate compliance and maintain the integrity of the log data.