Back to All Checks
Medium Protect Regional

MSK Connect connectors should be encrypted in transit

PCI DSS v4.0.1PCI DSS v4.2.1

Description

This control checks whether an Amazon MSK Connect connector is encrypted in transit. It fails if the connector is not encrypted in transit. Data in transit refers to data moving between locations, such as between nodes in a cluster or between a cluster and an application. This data can move across the internet or within a private network. Encrypting data in transit helps reduce the risk of unauthorized users eavesdropping on network traffic.

Remediation

To remediate MSK Connect connectors without encryption in transit, you need to enable TLS authentication for the connector.

Steps

  1. Navigate to the Amazon MSK Connect console
  2. Select the connector that needs remediation
  3. Click on 'Edit' or 'Modify' connector
  4. Go to 'Kafka cluster' settings
  5. Update 'Client authentication' settings
  6. Select 'TLS' as the authentication type
  7. Configure TLS certificates if needed
  8. Review the encryption configuration
  9. Apply the changes to the connector
  10. Verify encryption in transit is working

Compliance

PCI DSS v4.0.1PCI DSS v4.2.1
Start Your Free Security Check