Rule: SNS topics should be encrypted at rest
Overview of the compliance status for the rule regarding SNS topics encryption at rest.
| Rule | SNS topics should be encrypted at rest |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Medium |
Rule Description:
SNS (Simple Notification Service) topics should be encrypted at rest to comply with the security requirements outlined in NIST 800-53 Revision 5. Encrypting SNS topics ensures that any sensitive information sent through these topics is protected from unauthorized access or disclosure.
Troubleshooting Steps:
- 1.Check the SNS topic settings: Ensure that the encryption settings for the SNS topic are properly configured.
- 2.Check the encryption key: Verify that the correct encryption key is being used for the SNS topic.
- 3.Check the key permissions: Ensure that the encryption key has appropriate permissions to encrypt and decrypt the SNS topic.
- 4.Verify AWS KMS configuration: Check if AWS Key Management Service (KMS) is properly configured and accessible.
- 5.Review AWS CloudTrail logs: Check the CloudTrail logs for any errors or exceptions related to SNS topic encryption.
Necessary Codes:
This rule/policy does not require any specific code implementation as it involves configuring the encryption settings within the SNS topic.
Remediation Steps:
- 1.Open the AWS Management Console and navigate to the SNS service.
- 2.Select the desired SNS topic that needs to be encrypted at rest.
- 3.Click on the "Encryption" tab in the topic details page.
- 4.Enable the encryption option for the SNS topic.
- 5.Choose the appropriate encryption key from the dropdown menu or create a new encryption key in AWS KMS.
- 6.Configure the necessary permissions for the encryption key to access the SNS topic.
- 7.Save the changes and verify that the SNS topic now shows the encryption status as enabled.
Note: Make sure you have the necessary permissions to perform these actions. If you encounter any issues during the configuration, refer to the troubleshooting steps mentioned earlier or consult with an AWS administrator or security professional.