Glue Data Catalog data-at-rest encryption without KMS CMKs

Best practices

Glue Data Catalog data-at-rest encryption without KMS CMKs

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
coppa
CPRA
Data Security Posture Management (DSPM) Best Practices
GDPR
HITRUST
ISO/IEC 27001
Mitre ATT&CK
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
Orca Best Practices
PDPA
UK Cyber Essentials

Description

Glue Data Catalog is using a default encryption key (provided and managed by AWS) instead of customer master keys (CMKs). Only CMKs give you the ability to fully manage your encryption keys, this includes policies, encryption rotation, access, tags and more.

Recommended Mitigation

To maintain exclusive control over the encryption of your data catalog, define and use your own CMK.

Glue Data Catalog data-at-rest encryption without KMS CMKs

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS