Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Instance Encryption at Rest Enabled

Ensure RDS DB instances have encryption at rest enabled to enhance data security.

RuleRDS DB instance encryption at rest should be enabled
FrameworkNIST 800-53 Revision 5
Severity
Low

Rule Description:

RDS DB instance encryption at rest should be enabled to adhere to the security requirements specified in the NIST 800-53 Revision 5 standard.

Troubleshooting Steps:

If RDS DB instance encryption at rest is not enabled, follow the troubleshooting steps below:

  1. 1.
    Verify encryption status: Check the current encryption status of the RDS DB instance.
  2. 2.
    Enable encryption: If encryption is not enabled, follow the necessary steps to enable encryption at rest for the RDS DB instance.
  3. 3.
    Verify compliance: After enabling encryption, verify if the RDS DB instance is compliant with the NIST 800-53 Revision 5 standard.

Necessary Codes:

There are no specific codes to be provided as enabling encryption at rest for RDS DB instances depends on the specific cloud provider's services and configurations.

Step-by-Step Guide for Remediation:

Amazon Web Services (AWS):

To enable encryption at rest for an RDS DB instance on AWS, follow these steps:

  1. 1.
    Login to AWS Management Console: Open the AWS Management Console using your credentials.
  2. 2.
    Navigate to RDS: Go to the AWS RDS service under the "Database" section.
  3. 3.
    Select the DB instance: Choose the appropriate DB instance that needs encryption.
  4. 4.
    Click on "Modify": Click on the "Modify" button to modify the properties of the DB instance.
  5. 5.
    Scroll down to the "Storage" section: Find the "Storage" section on the modify page.
  6. 6.
    Enable encryption: Enable the "Encryption" option and choose the appropriate encryption key. If you don't have a key, create one using AWS Key Management Service (KMS).
  7. 7.
    Click on "Apply immediately": Select the option to apply the changes immediately or during the next maintenance window.
  8. 8.
    Review and confirm: Review the changes and confirm the modifications.
  9. 9.
    Monitor the encryption process: Monitor the status of the encryption process in the AWS Management Console.

Google Cloud Platform (GCP):

To enable encryption at rest for an RDS DB instance on GCP, follow these steps:

  1. 1.
    Login to GCP Console: Open the GCP Console using your credentials.
  2. 2.
    Navigate to Cloud SQL: Go to the Cloud SQL service under the "Databases" section.
  3. 3.
    Select the DB instance: Choose the appropriate Cloud SQL DB instance that needs encryption.
  4. 4.
    Click on "Edit": Click on the "Edit" button to modify the properties of the DB instance.
  5. 5.
    Scroll down to the "Data encryption" section: Find the "Data encryption" section on the editing page.
  6. 6.
    Enable encryption: Enable the "Encryption" option and choose the appropriate encryption key. If you don't have a key, create one using Google Cloud Key Management Service (KMS).
  7. 7.
    Save the changes: Save the changes to enable encryption at rest for the DB instance.
  8. 8.
    Monitor the encryption process: Monitor the status of the encryption process in the GCP Console.

Microsoft Azure:

To enable encryption at rest for an RDS DB instance on Microsoft Azure, follow these steps:

  1. 1.
    Login to Azure Portal: Open the Azure Portal using your credentials.
  2. 2.
    Navigate to Azure Database for PostgreSQL: Go to the Azure Database for PostgreSQL service.
  3. 3.
    Select the DB instance: Choose the appropriate Azure Database for PostgreSQL instance that needs encryption.
  4. 4.
    Click on "Security": Under the "Settings" section, click on "Security" to access the security settings.
  5. 5.
    Enable encryption: Enable the option for encryption at rest and choose the appropriate encryption key. If you don't have a key, create one using Azure Key Vault.
  6. 6.
    Save the changes: Save the changes to enable encryption at rest for the DB instance.
  7. 7.
    Monitor the encryption process: Monitor the status of the encryption process in the Azure Portal.

Note: The above steps are for reference purposes and may vary depending on the cloud provider's interfaces and updates. Please consult the respective cloud provider's documentation for detailed and up-to-date instructions.

Conclusion:

Enabling RDS DB instance encryption at rest is crucial to ensure compliance with the NIST 800-53 Revision 5 standard. By following the step-by-step guides tailored for different cloud providers, you can successfully enable encryption at rest for your RDS DB instances and enhance the security of your database environment.

Is your System Free of Underlying Vulnerabilities?
Find Out Now