Best practices

Backup vault should be using Customer Master Keys

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, cis_8, coppa, CPRA, essential_8_au, essential_8_au_level_1, essential_8_au_level_2, GDPR, hdh, HITRUST, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, Orca Best Practices, PDPA, pipeda, UK Cyber Essentials

Description

AWS Backup is a fully-managed service that protects data across AWS services. We identified a Backup vault '{AwsBackupVault}' that uses an encrypted key that is not configured with AWS KMS Customer Master Keys (CMKs). The best practice is to use a customer-managed CMK in all supported AWS services