Back to All Checks
Medium KMS Regional

AWS KMS key rotation should be enabled

CISPCI DSSNIST

Description

Checks if AWS KMS keys have key rotation enabled. Key rotation helps manage the lifecycle of cryptographic material.

Remediation

To remediate KMS keys without rotation enabled, you need to enable rotation for each key.

Steps

  1. Open the AWS KMS console.
  2. Go to the 'Customer managed keys' section.
  3. Select the KMS key.
  4. Under 'Key rotation', select 'Enable' to activate key rotation.

Compliance

CISPCI DSSNIST
Start Your Free Security Check