top of page

CloudTrail.2

CloudTrail should have encryption at-rest enabled

Severity

Cloud Platforms

Resources

Related Standards

Automated

MEDIUM

AWS

AWS CloudTrail

AWS CIS Foundations v1.2 & v1.4, AWS Foundational Best Practice, AWS Well-Architected, AWS Foundational Technical Review, CIS v8, PCI DSS v3.2.1, CDR, ISO27001, SOC2,NIST CSF, NIST.800-53.r5,

YES

This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.

bottom of page