Ensure that your Amazon Network Load Balancers (NLBs) are using the latest recommended predefined security policy for TLS negotiation configuration in order to protect their front-end connections against TLS vulnerabilities and meet security requirements.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using a deprecated security policy for TLS negotiation configuration within your Network Load Balancers will expose the connection between the client and the load balancer to various vulnerabilities. To maintain your Amazon NLBs TLS configuration secure, Cloud Conformity recommends using one of the latest predefined security policies released by Amazon Web Services: ELBSecurityPolicy-TLS-1-1-2017-01, ELBSecurityPolicy-TLS-1-2-Ext-2018-06, ELBSecurityPolicy-FS-1-2-Res-2019-08, ELBSecurityPolicy-FS-1-1-2019-08 or ELBSecurityPolicy-FS-1-2-2019-08
Note: AWS Network Load Balancers do not support custom security policies.
To determine if your Amazon NLBs are using security policies with deprecated ciphers, perform the following:
Remediation / Resolution
To update your Amazon Network Load Balancers (NLBs) listeners configuration in order to use the latest predefined and recommended security policy, perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Network Load Balancer Security Policy
Risk level: Medium