Ensure that your AWS S3 buckets are protecting their sensitive data at rest by enforcing Server-Side Encryption
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When dealing with sensitive data that is crucial to your business, it is highly recommended to implement encryption in order to protect it from attackers or unauthorized personnel. Using S3 Server-Side Encryption (SSE) will enable Amazon to encrypt your data at the object level as it writes it to disks and decrypts it transparently for you when you access it.
Note: Server-Side Encryption (SSE) utilizes one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your S3 objects.
To determine if your Amazon S3 buckets have Server-Side Encryption enabled for their objects, perform the following:
To enable Server-Side Encryption (SSE) for your S3 buckets via access policies, perform the following: