Data protection

KMS key with public access policy

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, CPRA, Data Security Posture Management (DSPM) Best Practices, GDPR, HITRUST, ISO 27701, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, mpa, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, PDPA, UK Cyber Essentials

Description

AWS Key Management Service (AWS KMS) is a managed service that allows you to create and control the cryptographic keys that are used to protect your data. It was found that {AwsKmsKey}'s key policy allows public access, which can lead to abuse by a malicious party.
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo