Rule: EFS File System Encryption at Rest Should Be Enabled

This rule ensures that EFS file system encryption is enabled for data at rest.

Rule	EFS file system encryption at rest should be enabled
Framework	NIST 800-53 Revision 5
Severity	✔ High

Rule Description:

This rule requires enabling encryption at rest for the Elastic File System (EFS) to ensure compliance with the National Institute of Standards and Technology (NIST) 800-53 Revision 5 security framework.

Enabling EFS file system encryption provides an additional layer of security by encrypting data stored within the file system. This helps protect sensitive information and prevents unauthorized access or data breaches.

Troubleshooting Steps:

If encryption at rest is not enabled for the EFS file system, follow these troubleshooting steps:

1.
Verify EFS Encryption Configuration:

Check the configuration settings of your EFS file system to ensure encryption at rest is not already enabled.
Confirm whether the EFS file system is created with encryption at rest enabled or disabled.
Use the AWS Management Console or AWS Command Line Interface (CLI) to view the encryption configuration.

1.
Determine Compliance Status:

Check the NIST 800-53 Revision 5 security framework requirements:
- Verify the encryption at rest requirement for EFS file systems.
- Cross-reference the current EFS encryption configuration with the NIST standards.

Remediation:

To enable EFS file system encryption at rest and ensure compliance with NIST 800-53 Revision 5, follow these steps:

CLI Command:

1.
Open the AWS Command Line Interface (CLI) and run the following command, replacing
```
<file-system-id>
```
with the ID of your EFS file system:

aws efs update-file-system --file-system-id <file-system-id> --encrypted

1.
Confirm the encryption update by checking the EFS status:

aws efs describe-file-systems --file-system-id <file-system-id> --query 'FileSystems[].Encrypted'

If the command returns

true

, the encryption at rest has been successfully enabled for the EFS file system.

Console Guide:

1.

Open the AWS Management Console and navigate to the Amazon EFS service.

2.

Select the EFS file system on which you want to enable encryption at rest.

3.

Click on the 'Actions' drop-down menu and choose 'Update file system'.

4.

In the 'Update file system' page, check the "Encrypt" checkbox.

5.

Click on the 'Update' button to save the changes.

6.

Verify the encryption status on the EFS file system details page. It should now show encryption enabled.

Conclusion:

By following the provided steps, you can enable encryption at rest for the EFS file system and ensure compliance with NIST 800-53 Revision 5. Encrypting the data stored within the EFS file system adds an extra layer of security, protecting sensitive information from unauthorized access and potential data breaches.

Rule: EFS File System Encryption at Rest Should Be Enabled

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}CLI Command:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Console Guide:

Is your System Free of Underlying Vulnerabilities? Find Out Now

CLI Command:

Console Guide:

Is your System Free of Underlying Vulnerabilities?
Find Out Now