top of page
CloudFront.9
CloudFront distributions should encrypt traffic to custom origins
Severity
Cloud Platforms
Resources
Related Standards
Automated
MEDIUM
AWS
Amazon CloudFront
AWS Foundational Best Practice, NIST.800-53.r5,
This control checks if CloudFront distributions are encrypting traffic to custom origins. This control fails if ‘OriginProtocolPolicy’ is ‘http-only’ or if ‘OriginProtocolPolicy’ is ‘match-viewer’ and ‘ViewerProtocolPolicy’ is ‘allow-all’.
bottom of page