Back to All Checks
Critical KMS Regional

AWS KMS keys should not be deleted unintentionally

NISTISO 27001

Description

Checks if AWS KMS keys are scheduled for deletion, which may be unintentional.

Remediation

To prevent unintentional deletion of KMS keys, ensure that key deletion is not enabled unless required.

Steps

  1. Open the AWS KMS console.
  2. Go to the 'Customer managed keys' section.
  3. Select the KMS key.
  4. Check the key's status to ensure it is not scheduled for deletion.
  5. If the key is scheduled for deletion and this is unintentional, select 'Cancel key deletion'.

Compliance

NISTISO 27001
Start Your Free Security Check