KMS CMK is exposed

Data at risk

KMS CMK is exposed

Risk Level

Hazardous (3)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
coppa
CPRA
Data Security Posture Management (DSPM) Best Practices
GDPR
HITRUST
ISO/IEC 27001
Mitre ATT&CK
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
Orca Best Practices
PDPA
UK Cyber Essentials

Description

It was found that {AwsKmsKey} is exposed. A master key is considered exposed when one of the statements in the key policy contain 'AWS: *'. Ensure Amazon KMS master keys are not exposed to everyone.

Recommended Mitigation

It is recommended to restrict KMS master keys access according to the least privileges principal. By being public, the master key is exposed to enumeration and stealing attempts.

KMS CMK is exposed

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS