top of page
< Back

AWS Foundational Security Best Practice

CloudTrail.2

CloudTrail should have encryption at-rest enabled

Severity

Cloud Platforms

Resources

MEDIUM

AWS

AWS CloudTrail

This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.

bottom of page