aws_compliance

AWS Compliance

This control checks whether AWS OpenSearch domains have encryption-at-rest configuration enabled. The check fails if encryption at rest is not enabled.

opensearch_domain_encryption_at_rest_enabled

gxp_21_cfr_part_11_11_30

11.30 Controls for open systems

hipaa_security_rule_2003_164_308_a_1_ii_b

164.308(a)(1)(ii)(B) Risk management

hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_b

hipaa_final_omnibus_security_rule_2013_164_308_a_4_ii_a

164.308(a)(4)(ii)(A) Isolating healthcare clearing house functions

hipaa_security_rule_2003_164_308_a_4_ii_a

hipaa_security_rule_2003_164_312_a_2_iv

164.312(a)(2)(iv) Encryption and decryption

hipaa_final_omnibus_security_rule_2013_164_312_a_2_iv

hipaa_security_rule_2003_164_312_c_1

164.312(c)(1) Integrity

hipaa_final_omnibus_security_rule_2013_164_312_c_1

hipaa_security_rule_2003_164_312_e_2_ii

164.312(e)(2)(ii) Encryption

hipaa_final_omnibus_security_rule_2013_164_312_e_2_ii

hipaa_security_rule_2003_164_314_b_1

164.314(b)(1) Requirements for group health plans

hipaa_final_omnibus_security_rule_2013_164_314_b_1

hipaa_security_rule_2003_164_314_b_2

164.314(b)(2) Implementation specifications

hipaa_final_omnibus_security_rule_2013_164_314_b_2

hipaa_final_omnibus_security_rule_2013_164_314_b_2_i

164.314(b)(2)(i)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_ii

164.314(b)(2)(ii)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_iii

164.314(b)(2)(iii)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_iv

164.314(b)(2)(iv)

nist_800_171_rev_2_3_13_11

3.13.11 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI

nist_800_171_rev_2_3_13_16

3.13.16 Protect the confidentiality of CUI at rest

pci_dss_v321_requirement_3_4_a

3.4.a Examine documentation about the system used to protect the PAN, including the vendor, type of system/process, and the encryption algorithms (if applicable) to verify that the PAN is rendered unreadable using methods like truncation,one-way hashes based on strong cryptography etc

pci_dss_v321_requirement_3_4_b

3.4.b Examine several tables or files from a sample of data repositories to verify the PAN is rendered unreadable (that is, not stored in plain-text)

nydfs_23_500_02_a

500.02(a)

nydfs_23_500_15_a

500.15(a)

gxp_eu_annex_11_operational_phase_7_1

7.1 Data Storage - Damage Protection

all_controls_opensearch

OpenSearch

nist_csf_pr_ds_1

PR.DS-1

OpenSearch domains should have encryption at rest enabled

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: OpenSearch domains should have encryption at rest enabled

Description

Usage

SQL

Tags