Back to All Checks
Medium EFS Regional

EFS file systems should be encrypted at rest

CIS v5.0.0CIS v2.3.1HIPAA

Description

This control checks whether an Amazon EFS file system encrypts data with AWS Key Management Service (AWS KMS). The control fails if a file system isn't encrypted. Data at rest refers to data that's stored in persistent, non-volatile storage for any duration. Encrypting data at rest helps you protect its confidentiality, which reduces the risk that an unauthorized user can access it.

Remediation

To enable encryption for your EFS file system, you need to create a new encrypted file system and migrate your data, as encryption cannot be enabled on existing file systems.

Steps

  1. Navigate to the Amazon EFS console
  2. Create a new file system with encryption enabled
  3. Configure the encryption settings using AWS KMS
  4. Migrate your data from the unencrypted file system to the new encrypted one
  5. Update your applications to use the new encrypted file system
  6. Delete the old unencrypted file system once migration is complete

Compliance

CIS v5.0.0CIS v2.3.1HIPAA
Start Your Free Security Check