aws_compliance

This control checks if AWS OpenSearch Service nodes are encrypted end to end. The rule is non-compliant if the node-to-node encryption is not enabled on the domain.

opensearch_domain_node_to_node_encryption_enabled

pci_dss_v40_requirement_1_2_5

1.2.5: All services, protocols, and ports allowed are identified, approved, and have a defined business need

gxp_21_cfr_part_11_11_30

11.30 Controls for open systems

hipaa_final_omnibus_security_rule_2013_164_312_c_1

164.312(c)(1) Integrity

hipaa_security_rule_2003_164_312_c_1

hipaa_final_omnibus_security_rule_2013_164_312_e_1

164.312(e)(1) Transmission security

hipaa_security_rule_2003_164_312_e_1

hipaa_final_omnibus_security_rule_2013_164_314_b_1

164.314(b)(1) Requirements for group health plans

hipaa_security_rule_2003_164_314_b_1

hipaa_security_rule_2003_164_314_b_2

164.314(b)(2) Implementation specifications

hipaa_final_omnibus_security_rule_2013_164_314_b_2

hipaa_final_omnibus_security_rule_2013_164_314_b_2_i

164.314(b)(2)(i)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_ii

164.314(b)(2)(ii)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_iii

164.314(b)(2)(iii)

hipaa_final_omnibus_security_rule_2013_164_314_b_2_iv

164.314(b)(2)(iv)

pci_dss_v40_requirement_2_2_5

2.2.5: System components cannot be compromised by exploiting insecure services, protocols, or daemons

pci_dss_v40_requirement_2_2_7

2.2.7: All non-console administrative access is encrypted using strong cryptography

nist_800_172_3_1_3_e

3.1.3e Employ [Assignment: organization-defined secure information transfer solutions] to control information flows between security domains on connected systems

nist_800_171_rev_2_3_13_8

3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards

pci_dss_v40_requirement_4_2_1_1

4.2.1.1: An inventory of the entity's trusted keys and certificates used to protect PAN during transmission is maintained

pci_dss_v40_requirement_4_2_1

4.2.1: Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission

nydfs_23_500_02_a

500.02(a)

nydfs_23_500_15_a

500.15(a)

gxp_eu_annex_11_operational_phase_7_1

7.1 Data Storage - Damage Protection

pci_dss_v40_requirement_8_3_2

8.3.2: Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components

all_controls_opensearch

OpenSearch

nist_csf_v2_pr_ds_02

PR.DS-02

nist_csf_pr_ds_2

PR.DS-2

OpenSearch domains node-to-node encryption should be enabled

foundational_security_opensearch_3

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

AWS Compliance

Apache License 2.0

steampipe-mod-aws-compliance

Control: OpenSearch domains node-to-node encryption should be enabled

Description

Usage

SQL

Tags