Vendor services misconfigurations

DynamoDB Accelerator(DAX) clusters should be encrypted at rest

Platform(s)
Compliance Frameworks

AWS Foundational Security Best Practices Controls, Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, cis_8, coppa, CPRA, Data Security Posture Management (DSPM) Best Practices, GDPR, HITRUST, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, mpa, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, PDPA, pipeda, UK Cyber Essentials

Description

Amazon DynamoDB Accelerator(DAX) is a fully managed, highly available, in-memory cache for Amazon DynamoDB. When using DAX clusters, encrypting data at rest is a highly recommended option. Encrypting data at rest reduces the risk that a user that is not authenticated will be able to access data stored on disk. We have found that the DAX cluster {AwsDaxCluster} Encryption at rest option is DISABLED