top of page
CloudTrail.2
CloudTrail should have encryption at-rest enabled
Severity
Cloud Platforms
Resources
Related Standards
Automated
MEDIUM
AWS
AWS CloudTrail
AWS CIS Foundations v1.2 & v1.4, AWS Foundational Best Practice, AWS Well-Architected, AWS Foundational Technical Review, CIS v8, PCI DSS v3.2.1, CDR, ISO27001, SOC2,NIST CSF, NIST.800-53.r5,
YES
This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.
bottom of page