Back to All Checks
Medium DMS Regional

DMS endpoints for Redis OSS should have TLS enabled

NIST 800-53PCI DSS v4.0.1PCI DSS v4.2.1ISO 27001HIPAA

Description

This control checks whether an AWS DMS endpoint for Redis OSS is configured with a TLS connection. The control fails if the endpoint doesn't have TLS enabled. TLS provides end-to-end security when data is sent between applications or databases over the internet. When you configure SSL encryption for your DMS endpoint, it enables encrypted communication between the source and target databases during the migration process. This helps prevent eavesdropping and interception of sensitive data by malicious actors. Without SSL encryption, sensitive data may be accessed, resulting in data breaches, data loss, or other security incidents.

Remediation

Configure your DMS endpoints for Redis OSS to use TLS encryption. Set the SSL mode to 'require', 'verify-ca', or 'verify-full'.

Steps

  1. Open the AWS DMS console.
  2. In the navigation pane, choose 'Endpoints'.
  3. Select the Redis endpoint you want to modify.
  4. Choose 'Actions' and then 'Modify'.
  5. In the 'Endpoint settings' section, set 'SSL mode' to 'require', 'verify-ca', or 'verify-full'.
  6. Choose 'Continue' and then 'Modify endpoint'.

Compliance

NIST 800-53PCI DSS v4.0.1PCI DSS v4.2.1ISO 27001HIPAA
Start Your Free Security Check