Ensure that a specific list of AWS KMS Customer Master Keys (CMKs) are available for use in your AWS account in order to meet strict security and compliance requirements in your organization. Prior to running this rule by the Cloud Conformity engine, the list of specific KMS Customer Master Keys must be defined in the rule settings, on the Cloud Conformity account dashboard.
This rule can help you with the following compliance standards:
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Using the specified set of Amazon KMS Customer Master Keys (CMKs) to encrypt data within your AWS account can provide a better control over encryption/decryption process and fulfill compliance requirements when it comes to data protection in your organization.
Audit
To determine if the KMS keys specified in the conformity rule settings (e.g. "highlyprotected", "protected", "internal", etc) are available for use in your AWS account, perform the following actions:
Remediation / Resolution
To create the required Amazon KMS Customer Master Keys (CMKs), defined in the conformity rule settings, perform the following actions:
References
- AWS Documentation
- AWS Key Management Service FAQs
- What is AWS Key Management Service?
- AWS Key Management Service Concepts
- Viewing Keys
- Creating Keys
- AWS Command Line Interface (CLI) Documentation
- kms
- list-aliases
- create-key
- create-alias
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Existence of Specific AWS KMS CMKs
Risk Level: Low