EBS volume not encrypted by CMK

Best practices

EBS volume not encrypted by CMK

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

CCM-CSA
cis_8
GDPR
HITRUST
NIST 800-53
Orca Best Practices

Description

The EBS volume {AwsEc2EbsVolume} is encrypted using the default AMS managed keys. It is recommended for security reasons to use customer managed keys in order to gain more flexibility on managing the key.

Recommended Mitigation

Configure a CMK for encryption. You can configure a default customer key for encryptiion. See more: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_key_mgmt

EBS volume not encrypted by CMK

Description

Need help?