Best practices

Backup vault should have a policy

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, cis_8, coppa, CPRA, essential_8_au, essential_8_au_level_1, essential_8_au_level_2, hdh, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-53, Orca Best Practices, PDPA, pipeda

Description

AWS Backup is a fully-managed service that protects data across AWS services. We identified a Backup vault '{AwsBackupVault}' which does not contain policy. Policy associated with an identity, defines their permissions, in backup vault case, the ability to restore, update and delete actions. The best practice is to ensure backup vaults have a policy configured to prevent unintentional deletion.
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo