Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Attached EBS volumes should have encryption enabled

Ensure that all attached EBS volumes have encryption enabled for improved security and data protection.

RuleAttached EBS volumes should have encryption enabled
FrameworkNIST 800-53 Revision 5
Severity
Medium

Rule Description:

The rule/policy states that all attached EBS (Elastic Block Store) volumes should have encryption enabled to comply with the NIST (National Institute of Standards and Technology) 800-53 Revision 5 security standards.

Troubleshooting Steps (if any):

If encryption is not enabled for an attached EBS volume, the following troubleshooting steps can be performed:

  2. 1.
    Check the encryption status of the EBS volume using the AWS Management Console, CLI (Command Line Interface), or SDK (Software Development Kit).
  4. 2.
    Verify if the encryption key specified for the EBS volume is valid and accessible.
  6. 3.
    Ensure that the EBS volume is properly attached to the correct EC2 (Elastic Compute Cloud) instance.

Necessary Codes (if any):

No specific code is required for this rule. However, the AWS CLI can be utilized to check and modify the encryption status of EBS volumes.

Step-by-Step Guide for Remediation:

To enable encryption for attached EBS volumes and comply with the NIST 800-53 Revision 5 security standards, follow these steps:

  2. 1.
    Open the AWS Management Console and navigate to the EC2 service.
  4. 2.
    Choose 'Volumes' from the left-hand side menu to view a list of available EBS volumes.
  6. 3.
    Identify the attached EBS volume that requires encryption and select it.
  8. 4.
    In the 'Actions' dropdown menu, select 'Modify Volume'. This will open the 'Modify Volume' dialog box.
  10. 5.
    Under 'Encryption', choose the desired encryption option. AWS provides two types of encryption: AWS Managed Keys (AWS managed keys for KMS) and Customer Managed Keys (CMK). Select the appropriate encryption method based on your requirements and compliance needs.
  12. 6.
    If using AWS Managed Keys, select the desired default AWS Key Management Service (KMS) key provided by AWS. If using Customer Managed Keys, select the appropriate CMK that you have created.
  14. 7.
    Click 'Modify' to apply the changes and enable encryption for the selected EBS volume. The volume will go through the modification process, which may take a few minutes.
  16. 8.
    Once the modification is complete, verify the encryption status of the EBS volume using the AWS Management Console, CLI, or SDK. It should now show as encrypted.

Following these steps will ensure that attached EBS volumes have encryption enabled, meeting the NIST 800-53 Revision 5 security standards.

Is your System Free of Underlying Vulnerabilities?
Find Out Now