This rule ensures that SNS topics are securely encrypted at rest to protect sensitive data.
Rule | SNS topics should be encrypted at rest |
Framework | RBI Cyber Security Framework |
Severity | ✔ Medium |
Rule Description:
According to the RBI (Reserve Bank of India) Cyber Security Framework, it is mandatory to ensure that SNS (Simple Notification Service) topics are encrypted at rest to protect sensitive data. Encryption at rest ensures that even if the data is compromised or stolen, it remains encrypted and unusable by unauthorized individuals or entities.
Troubleshooting Steps:
If you are facing issues with encrypting SNS topics at rest, follow these troubleshooting steps:
Check SNS Encryption Settings: Ensure that the encryption settings for the SNS topic are correctly configured. Verify if the encryption option is enabled and using the recommended or approved encryption algorithms.
Access Control Permissions: Verify the access control permissions for the SNS topic. Ensure that only authorized individuals or services have permissions to access the topic's encryption settings.
Key Management Service (KMS) Configuration: Check if the Key Management Service (KMS) is properly configured. Verify if the KMS key used for encrypting the SNS topic is in an enabled state and accessible.
Verify Compliance Requirements: Double-check the RBI Cyber Security Framework requirements specific to SNS topic encryption at rest. Ensure that you are following the prescribed guidelines for encryption algorithms and key management.
Review Cloud Provider's Documentation: Consult the documentation provided by your cloud service provider regarding SNS encryption at rest. Check if there are any specific recommendations or best practices to follow.
Necessary Codes:
There are no specific codes to troubleshoot the encryption of SNS topics at rest. The troubleshooting steps mentioned above are focused on configuration and compliance checks rather than writing or modifying code.
Step-by-Step Guide for Remediation:
Follow these steps to ensure SNS topics are properly encrypted at rest for compliance with the RBI Cyber Security Framework:
Access the AWS Management Console or use the AWS CLI (Command Line Interface) for interacting with AWS services.
Identify the SNS Topic: Identify the specific SNS topic that requires encryption at rest. Take note of the topic ARN (Amazon Resource Name) for future reference.
Enable Encryption: In the SNS service dashboard, navigate to the specific SNS topic settings. Locate the encryption options and enable encryption at rest.
Select Encryption Algorithm: Choose the appropriate encryption algorithm recommended by the RBI Cyber Security Framework. Typically, you can select the AES-256 encryption algorithm for securing SNS topics.
Configure Key Management Service (KMS): Specify the Key Management Service (KMS) key to be used for encrypting the SNS topic at rest. Ensure that the chosen KMS key is in an enabled state and accessible to the SNS service.
Save and Apply Changes: Save the encryption settings and apply the changes to the SNS topic.
Validate Encryption: Once the encryption settings are applied, verify that the SNS topic shows encryption enabled in the topic details or settings. You can also use AWS CloudTrail logs to ensure encryption is consistently applied.
Regularly Monitor and Maintain: Regularly review the encryption settings of SNS topics and ensure they remain compliant with the RBI Cyber Security Framework. Monitor any changes to encryption requirements or guidelines provided by RBI and update your configurations accordingly.
By following these steps, you will ensure that SNS topics are properly encrypted at rest, making them compliant with the RBI Cyber Security Framework.