This rule requires enabling encryption for EFS file system data at rest.
Rule | EFS file system encryption at rest should be enabled |
Framework | NIST 800-53 Revision 5 |
Severity | ✔ High |
EFS File System Encryption at Rest Rule Description
This rule requires enabling encryption at rest for the Elastic File System (EFS) in accordance with the security controls defined in NIST 800-53 Revision 5. Encryption at rest ensures that data stored in the EFS file system remains secure even if unauthorized access occurs.
Troubleshooting Steps
If encryption at rest is not enabled for the EFS file system, follow these troubleshooting steps:
Code
No specific code is required for this rule. However, you may need to perform some AWS CLI commands for remediation and validation purposes.
Remediation Steps
Follow these steps to enable encryption at rest for the EFS file system:
AWS Management Console:
AWS CLI:
aws efs update-file-system --file-system-id <filesystem-id> --encrypted
Replace
<filesystem-id>
with the ID of the EFS file system you want to enable encryption for.Validation Steps
To validate whether encryption at rest is enabled for the EFS file system, follow these steps:
AWS Management Console:
AWS CLI:
aws efs describe-file-systems --file-system-id <filesystem-id> --query "FileSystems[].Encrypted"
Replace
<filesystem-id>
with the ID of the EFS file system you want to validate.If encryption is enabled, the command will return "
true
". Otherwise, it will return "false
".Conclusion
Enabling encryption at rest for the EFS file system ensures compliance with NIST 800-53 Revision 5 control requirements. By following the provided remediation steps, encryption can be successfully enabled, securing data stored in the EFS file system.