Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: KMS Keys Should Not Be Pending Deletion

This rule ensures that KMS keys are not in a pending deletion state.

RuleKMS keys should not be pending deletion
FrameworkNIST 800-53 Revision 5
Severity
High

Rule Description:

According to NIST 800-53 Revision 5, KMS (Key Management Service) keys should not be left in a "pending deletion" state. This rule ensures that KMS keys are properly managed and maintained in a secure manner, preventing any potential security risks.

Troubleshooting Steps:

  1. 1.

    Identify pending deletion keys:

    • Use the AWS Command Line Interface (CLI) with the following command to list all KMS keys:
      aws kms list-keys
      
    • Examine the response to identify any keys in the "pending deletion" state.
  2. 2.

    Verify if the pending deletion is intentional:

    • Contact the relevant parties or team members to confirm if the pending deletion is intentional. They might have initiated this action for specific reasons.
  3. 3.

    Determine the reason for pending deletion:

    • If intentional, document the reason for keeping the key in a pending deletion state.
    • If unintentional or unclear, proceed to the next step for remediation.

Remediation Steps:

  1. 1.

    Cancel pending deletion:

    • Prior to cancelling, ensure that you have confirmed with the relevant parties that it is safe to proceed with cancelling the pending deletion.
    • Use the AWS CLI with the following command to cancel the pending deletion for a specific KMS key:
      aws kms cancel-key-deletion --key-id <key-id>
      
      Replace
      <key-id>
      with the actual ID of the key.
  2. 2.

    Verify the cancellation:

    • Use the AWS CLI with the following command to verify if the pending deletion has been successfully cancelled:
      aws kms describe-key --key-id <key-id>
      
      Ensure that the "KeyState" is no longer listed as "PendingDeletion" but instead reflects an active state.
  3. 3.

    Document the remediation:

    • Update the relevant documentation to reflect the remediation process, including the reason for cancellation and any relevant details.
  4. 4.

    Review key management procedures:

    • Evaluate the existing key management procedures to prevent unintentional or unnecessary pending deletions in the future.
    • Establish clear guidelines on when and how pending deletions should be executed, with proper approval processes in place.
  5. 5.

    Monitor and audit KMS key status:

    • Regularly monitor the status of KMS keys to identify any keys that may fall into the "pending deletion" state.
    • Implement automated alerts or notifications to promptly address such cases.
  6. 6.

    Train key administrators:

    • Provide training to key administrators on proper key management practices, including the importance of avoiding unnecessary pending deletion and the correct procedures for deletion, if required.

Conclusion:

By following the above remediation steps, you can ensure that KMS keys are not left in a "pending deletion" state, aligning with the NIST 800-53 Revision 5 guidelines. Regular monitoring and proper key management procedures will help maintain a secure and well-controlled KMS environment.

Is your System Free of Underlying Vulnerabilities?
Find Out Now