top of page

KMS.3

AWS KMS keys should not be deleted unintentionally

Severity

Cloud Platforms

Resources

Related Standards

Automated

CRITICAL

AWS

AWS Key Management Service

AWS Foundational Best Practice, CDR, ISO27001, SOC2, NIST CSF, NIST.800-53.r5,

This control checks whether AWS Key Management Service (KMS) customer managed keys (CMK) are scheduled for deletion. The control fails if a KMS CMK is scheduled for deletion.

bottom of page