Protecting Data at Rest on Amazon Glacier

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

All data stored on Amazon Glacier is protected using server-side encryption. AWS generates separate unique encryption keys for each Amazon Glacier archive, and encrypts it using AES-256. The encryption key is then encrypted itself using AES-256 with a master key that is stored in a secure location.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If you require more protection of information at rest, you can encrypt data prior to uploading it to Amazon Glacier.

See Also

https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION, PHYSICAL AND ENVIRONMENTAL PROTECTION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-4, 800-53|AC-6, 800-53|AC-11, 800-53|AC-18, 800-53|AU-13, 800-53|IA-3, 800-53|IA-7, 800-53|PE-19, 800-53|SA-8, 800-53|SC-7, 800-53|SC-8, 800-53|SC-9, 800-53|SC-13, 800-53|SC-16, 800-53|SC-23, 800-53|SC-28, 800-53|SI-7, 800-53|SI-8

Plugin: amazon_aws

Control ID: 9d28a9780d14a72064847b066cf7cd57ba04cf1c2dc0e821ac90cd2004f1d266