Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Snapshots should be Encrypted at Rest

This rule ensures that RDS DB snapshots are encrypted to protect data at rest.

RuleRDS DB snapshots should be encrypted at rest
FrameworkNIST 800-53 Revision 5
Severity
Medium

Rule Description:

According to the NIST 800-53 Revision 5 security standard, it is required to encrypt RDS (Relational Database Service) DB snapshots at rest. This rule ensures that the database snapshots stored in Amazon RDS are securely encrypted, providing an additional layer of protection for sensitive data.

Encrypting DB snapshots helps to mitigate the risk of unauthorized access or data breaches in case the snapshots are compromised or accessed by malicious entities. By adhering to this rule, you are aligning your RDS deployment with best security practices and compliance requirements.

Troubleshooting Steps:

If RDS DB snapshots are not encrypted at rest for NIST 800-53 Revision 5 compliance, follow these troubleshooting steps:

  2. 1.
    Identify the RDS DB snapshots that are not encrypted.
  4. 2.
    Validate if encryption settings are enabled for the RDS instance.
  6. 3.
    Check if the specific snapshot is created after enabling encryption.

Necessary Codes:

No specific codes are required for troubleshooting this rule. The issue can be addressed by configuring the encryption setting for the RDS instance and recreating the DB snapshots if needed.

Step-by-Step Guide for Remediation:

To encrypt RDS DB snapshots at rest for NIST 800-53 Revision 5 compliance, follow these steps:

  2. 1.
    Navigate to the AWS Management Console and access the Amazon RDS service.
  4. 2.
    Select the RDS instance that contains the DB snapshots you want to encrypt.
  6. 3.
    Click on the "Instance Actions" dropdown menu and choose "Modify."
  8. 4.
    In the "Modify DB Instance" wizard, scroll down to the "Storage" section.
  10. 5.
    Enable the "Enable Encryption" option and select an appropriate KMS (Key Management Service) encryption key from the dropdown menu.
  12. 6.
    Click on the "Apply Immediately" checkbox if you want the changes to take effect immediately. Otherwise, the changes will be applied during the next maintenance window.
  14. 7.
    Review the changes and click on the "Modify DB Instance" button to save the configuration.
  16. 8.
    Once the encryption is enabled for the RDS instance, create new snapshots if needed for the encryption to take effect on them.
  18. 9.
    To create a new DB snapshot, select the RDS instance and click on the "Instance Actions" dropdown menu.
  20. 10.
    Choose "Create Snapshot" and provide a name for the snapshot.
  22. 11.
    Monitor the snapshot status to ensure it is successfully created and encrypted.

By following the above steps, you will ensure that your RDS DB snapshots are encrypted at rest, fulfilling the requirement for NIST 800-53 Revision 5 compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now