top of page
AWS Foundational Security Best Practice
CloudTrail.2
CloudTrail should have encryption at-rest enabled
Severity
Cloud Platforms
Resources
MEDIUM
AWS
AWS CloudTrail
This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.
bottom of page