top of page
AWS Foundational Security Best Practice
KMS.3
AWS KMS keys should not be deleted unintentionally
Severity
Cloud Platforms
Resources
CRITICAL
AWS
AWS Key Management Service
This control checks whether AWS Key Management Service (KMS) customer managed keys (CMK) are scheduled for deletion. The control fails if a KMS CMK is scheduled for deletion.
bottom of page