aws_compliance

To help protect data at rest, ensure necessary customer master keys (CMKs) are not scheduled for deletion in AWS Key Management Service (AWS KMS).

kms_key_not_pending_deletion

gxp_21_cfr_part_11_11_30

11.30 Controls for open systems

hipaa_final_omnibus_security_rule_2013_164_308_a_1_ii_b

164.308(a)(1)(ii)(B) Risk management

hipaa_security_rule_2003_164_308_a_1_ii_b

nist_800_171_rev_2_3_13_10

3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems

nist_800_171_rev_2_3_13_16

3.13.16 Protect the confidentiality of CUI at rest

pci_dss_v40_requirement_3_5_1_1

3.5.1.1: Hashes used to render PAN unreadable (per the first bullet of Requirement 3.5.1) are keyed cryptographic hashes of the entire PAN, with associated keymanagement processes and procedures

pci_dss_v40_requirement_3_5_1_3

3.5.1.3: If disk-level or partition-level encryption is used (rather than file-, column-, or field-level database encryption) to render PAN unreadable

pci_dss_v40_requirement_3_6_1_2

3.6.1.2: Secret and private keys used to protect stored account data

pci_dss_v40_requirement_3_6_1_3

3.6.1.3: Access to cleartext cryptographic key components is restricted to the fewest number of custodians necessary

pci_dss_v40_requirement_3_6_1_4

3.6.1.4: Cryptographic keys are stored in the fewest possible locations

pci_dss_v40_requirement_3_7_1

3.7.1: Key-management policies and procedures are implemented to include generation of strong cryptographic keys used to protect stored account data

pci_dss_v40_requirement_3_7_2

3.7.2: Key-management policies and procedures are implemented to include secure distribution of cryptographic keys used to protect stored account data

pci_dss_v40_requirement_3_7_4

3.7.4: Key management policies and procedures are implemented for cryptographic key changes for keys that have reached the end of their cryptoperiod, as defined by the associated application vendor or key owner

pci_dss_v40_requirement_3_7_6

3.7.6 Where manual cleartext cryptographic keymanagement operations are performed by personnel, key-management policies and procedures are implemented, including managing these operations using split knowledge and dual control

pci_dss_v40_requirement_3_7_7

3.7.7 Key management policies and procedures are implemented to include the prevention of unauthorized substitution of cryptographic keys

pci_dss_v40_requirement_4_2_1_1

4.2.1.1: An inventory of the entity's trusted keys and certificates used to protect PAN during transmission is maintained

rbi_cyber_security_annex_i_1_3

Annex I (1.3)

soc_2_cc_6_1

CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives

soc_2_cc_6_2

CC6.2 Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users whose access is administered by the entity

fedramp_moderate_rev_4_sc_12

Cryptographic Key Establishment And Management (SC-12)

nist_800_53_rev_4_sc_12

fedramp_low_rev_4_sc_12

nist_800_53_rev_5_sc_12

all_controls_kms

nist_csf_pr_ds_1

PR.DS-1

nist_800_53_rev_4_sc_28

Protection Of Information At Rest (SC-28)

fedramp_moderate_rev_4_sc_28

Protection of Information at Rest (SC-28)

nist_800_53_rev_5_sa_9_6

SA-9(6) Organization-Controlled Cryptographic Keys

nist_800_53_rev_5_sc_12_2

SC-12(2) Symmetric Keys

nist_800_53_rev_5_sc_12_6

SC-12(6) Physical Control Of Keys

fedramp_moderate_rev_4_sc_13

Use of Cryptography (SC-13)

fedramp_low_rev_4_sc_13

cisa_cyber_essentials_your_systems_3

Your Systems-3

KMS keys should not be pending deletion

foundational_security_kms_3

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: KMS keys should not be pending deletion

Description

Usage

SQL

Tags