Back to All Checks
Medium Neptune Regional

Neptune DB clusters should be encrypted at rest

NIST 800-53ISO 27001

Description

This control checks whether a Neptune DB cluster is encrypted at rest. The control fails if a Neptune DB cluster isn't encrypted at rest. Data at rest refers to any data that's stored in persistent, non-volatile storage for any duration. Encryption helps you protect the confidentiality of such data, reducing the risk that an unauthorized user can access it. Encrypting your Neptune DB clusters protects your data and metadata against unauthorized access. It also fulfills compliance requirements for data-at-rest encryption of production file systems.

Remediation

To remediate Neptune DB clusters without encryption at rest, you need to enable encryption for the cluster.

Steps

  1. Navigate to the Amazon Neptune console
  2. Select the DB cluster that needs remediation
  3. Click on 'Modify' to edit the cluster configuration
  4. In the 'Encryption' section, enable 'Encrypt database'
  5. Select a KMS key for encryption (or use the default AWS managed key)
  6. Review the encryption configuration
  7. Apply the changes during the next maintenance window or immediately
  8. Verify that encryption is enabled by checking the cluster details
  9. Test database connectivity to ensure the cluster is functioning properly
  10. Update any applications or documentation that reference the cluster

Compliance

NIST 800-53ISO 27001
Start Your Free Security Check