Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: RDS DB Snapshots Should Be Encrypted at Rest

This rule ensures that RDS DB snapshots are encrypted at rest to maintain data security.

RuleRDS DB snapshots should be encrypted at rest
FrameworkRBI Cyber Security Framework
Severity
Medium

Rule Description:

RDS DB snapshots contain sensitive data and should be encrypted at rest to comply with the RBI Cyber Security Framework. Encryption ensures that even if unauthorized individuals gain access to the data, they won't be able to read it without the appropriate encryption keys.

Troubleshooting Steps:

There might be instances where RDS DB snapshots are not encrypted at rest. To troubleshoot and ensure compliance with the RBI Cyber Security Framework, follow these steps:

  2. 1.

    Verify the Encryption Status:

    • Log in to the AWS Management Console.
    • Go to the Amazon RDS service.
    • Select the desired RDS instance.
    • Navigate to the "Snapshots" tab.
    • Check the "Encryption" column to see if the snapshots are encrypted.
  4. 2.

    Enable Encryption for RDS DB Snapshots:

    • If the snapshots are not encrypted, follow these steps:
      • Determine the AWS Key Management Service (KMS) key to use for encryption.
      • Open the AWS Management Console.
      • Go to the Amazon RDS service.
      • Select the desired RDS instance.
      • Click on the "Snapshots" tab.
      • Choose the snapshot you want to encrypt.
      • Click on the "Actions" button and select "Copy Snapshot."
      • In the "Copy Snapshot" wizard, select the desired destination region and ensure the "Enable encryption" checkbox is selected.
      • Choose the appropriate KMS key.
      • Click on "Copy Snapshot" to start the encryption process.
  6. 3.

    Verify Snapshot Encryption Completion:

    • Monitor the encryption progress.
    • Once the snapshot is encrypted, it will appear as an encrypted snapshot in the RDS console.

Necessary Codes:

There are no specific codes for this rule, as it can be achieved through the AWS Management Console.

Step-by-Step Guide for Remediation:

Follow these steps to encrypt RDS DB snapshots at rest and comply with the RBI Cyber Security Framework:

  2. 1.
    Log in to the AWS Management Console.
  4. 2.
    Go to the Amazon RDS service.
  6. 3.
    Select the RDS instance associated with the snapshots you want to encrypt.
  8. 4.
    Navigate to the "Snapshots" tab.
  10. 5.
    Check the "Encryption" column to verify the current encryption status of the snapshots.
  12. 6.
    If the snapshots are not encrypted, follow the steps below. Otherwise, skip to step 9.
  14. 7.
    Determine the AWS Key Management Service (KMS) key to use for encryption.
  16. 8.
    Click on the "Actions" button and select "Copy Snapshot."
  18. 9.
    In the "Copy Snapshot" wizard, select the desired destination region and ensure the "Enable encryption" checkbox is selected.
  20. 10.
    Choose the appropriate KMS key.
  22. 11.
    Click on "Copy Snapshot" to start the encryption process.
  24. 12.
    Monitor the encryption progress.
  26. 13.
    Once the snapshot is encrypted, it will appear as an encrypted snapshot in the RDS console.
  28. 14.
    Repeat steps 7-13 for any additional snapshots that need to be encrypted.
  30. 15.
    Verify that all snapshots associated with the RDS instance are encrypted.

By following these steps, you will ensure that RDS DB snapshots are encrypted at rest, meeting the requirements of the RBI Cyber Security Framework.

Is your System Free of Underlying Vulnerabilities?
Find Out Now