Data protection

SNS topics are not encrypted at rest using AWS KMS

Platform(s)
Compliance Frameworks

AWS Foundational Security Best Practices Controls, Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, cis_8, coppa, CPRA, GDPR, HITRUST, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, mpa, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, Orca Best Practices, PDPA, pipeda

Description

Simple Notification Service (SNS) is a managed service that provides message delivery from publishers to subscribers (also known as producers and consumers). Publishers communicate asynchronously with subscribers by sending messages to a topic, which is a logical access point and communication channel. Clients can subscribe to the SNS topic and receive published messages using a supported endpoint type, such as Amazon Kinesis Data Firehose, Amazon SQS, AWS Lambda, HTTP, email, mobile push notifications, and sms. It was detected that the SNS topic {AwsSnsTopic} are not encrypted at rest using AWS KMS. Encrypting data at rest reduces the risk of data stored on disk being accessed by a user not authenticated to AWS. It also adds another set of access controls to limit the ability of unauthorized users to access the data.
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo