AWS Account Does Not Contain A CMK Key

Overview

Checks that the AWS Account contains at least one customer-managed key (CMK) in Key Management Service (KMS).

By default, many services in cloud providers encrypt data using default keys. However, cloud providers typically support using your own key for different services. This can improve security, not because it protects from the cloud provider accessing your data, but because splitting the key from the data enables a separation of duties, since access to the data and access to the keys can be split.

Vendor

AWS

Cloud Service

KMS

CSMM v1 DAT-03.2

Severity

Item Types

Custom::AWS::Account

Overview​

Vendor​

Cloud Service​

Related Controls​

Severity​

Item Types​

Overview

Vendor

Cloud Service

Related Controls

Severity

Item Types