Neglected assets

Classic Load Balancer’s Listener with SSL policy and certificate not from AWS Certificate Manager

Platform(s)
Compliance Frameworks
  • AWS Foundational Security Best Practices Controls
    • ,
  • CCM-CSA
    • ,
  • CCPA
    • ,
  • cis_8
    • ,
  • CPRA
    • ,
  • Data Security Posture Management (DSPM) Best Practices
    • ,
  • iso_27001_2022
    • ,
  • iso_27002_2022
    • ,
  • mpa
    • ,
  • New Zealand Information Security Manual
    • ,
  • NIST 800-171
    • ,
  • NIST 800-53
    • ,
  • PDPA

Description

Classic Load Balancer (ELB) provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. The Classic Load Balancer {AwsEc2Elb} was found to have a listener with SSL Security Policy and a Certificate that was not issued by AWS Certificate Manager. This could result in an un-secure connection with weak encryption.
Need help?

Get a free Security Risk Assessment. Start today

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo