Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: API Gateway Stage Cache Encryption at Rest Enabled

This rule ensures API Gateway stage cache encryption at rest is enabled for security reasons.

RuleAPI Gateway stage cache encryption at rest should be enabled
FrameworkNIST 800-53 Revision 5
Severity
Medium

API Gateway Stage Cache Encryption at Rest - Rule Description

This rule requires enabling encryption at rest for the cache feature in API Gateway stages, in accordance with the NIST 800-53 Revision 5 security guidelines.

Rule Details

An API Gateway stage cache is a feature that allows caching of API responses, thereby improving performance and reducing the load on backend servers. However, caching sensitive data without proper encryption can increase security risks.

To comply with the NIST 800-53 Revision 5 security guidelines, API Gateway stage cache encryption at rest must be enabled. This ensures that any cached data, including potentially sensitive information, is protected from unauthorized access.

Troubleshooting Steps

There are no specific troubleshooting steps associated with this rule. However, in case of any issues related to enabling encryption at rest for the API Gateway stage cache, the following steps may help:

  1. 1.
    Ensure that the API Gateway service is running without any errors or disruptions.
  2. 2.
    Confirm that the necessary permissions are properly configured for the API Gateway stage cache encryption.
  3. 3.
    Verify that the encryption mechanism selected is supported and compliant with the NIST 800-53 Revision 5 guidelines.
  4. 4.
    Double-check any custom configurations or policies that could impact the encryption feature.

Necessary Code

There is no specific code provided for this rule, as enabling stage cache encryption at rest can typically be done through the API Gateway management console or via command-line interface (CLI) commands.

Step-by-Step Guide for Remediation

Follow these step-by-step instructions to enable API Gateway stage cache encryption at rest:

  1. 1.
    Access the AWS Management Console with appropriate credentials.
  2. 2.
    Navigate to the Amazon API Gateway service.
  3. 3.
    Select the relevant API Gateway that needs to be configured for stage cache encryption.
  4. 4.
    In the left navigation pane, click on "Stages."
  5. 5.
    Locate and click on the specific stage for which you want to enable cache encryption.
  6. 6.
    Under the "Settings" tab, find the "Cache Settings" section.
  7. 7.
    Ensure that the "Enable Cache" option is selected.
  8. 8.
    Check for the "Encrypt cache data at rest" option and enable it if not already enabled.
  9. 9.
    Save the configuration changes.
  10. 10.
    Test the API Gateway stage cache behavior to confirm that encryption at rest is now enabled.

Note: If you prefer using CLI commands, you can use the AWS CLI with appropriate permissions to modify the stage caching settings. The specific command syntax may vary based on your operating system, AWS CLI configuration, and the API Gateway stage you are targeting.

Is your System Free of Underlying Vulnerabilities?
Find Out Now