top of page

CloudFront.9

CloudFront distributions should encrypt traffic to custom origins

Severity

Cloud Platforms

Resources

Related Standards

Automated

MEDIUM

AWS

Amazon CloudFront

AWS Foundational Best Practice, NIST.800-53.r5,

This control checks if CloudFront distributions are encrypting traffic to custom origins. This control fails if ‘OriginProtocolPolicy’ is ‘http-only’ or if ‘OriginProtocolPolicy’ is ‘match-viewer’ and ‘ViewerProtocolPolicy’ is ‘allow-all’.

bottom of page