Back to All Checks
Medium Neptune Regional

Neptune DB cluster snapshots should be encrypted at rest

NIST 800-53ISO 27001HIPAA

Description

This control checks whether a Neptune DB cluster snapshot is encrypted at rest. The control fails if a Neptune DB cluster isn't encrypted at rest. Data at rest refers to any data that's stored in persistent, non-volatile storage for any duration. Encryption helps you protect the confidentiality of such data, reducing the risk that an unauthorized user gets access to it. Data in Neptune DB clusters snapshots should be encrypted at rest for an added layer of security.

Remediation

To remediate Neptune DB cluster snapshots without encryption at rest, you need to ensure snapshots are created from encrypted clusters or recreate them with encryption enabled.

Steps

  1. Navigate to the Amazon Neptune console
  2. Go to 'Snapshots' in the left navigation pane
  3. Identify unencrypted snapshots that need remediation
  4. Create a new Neptune DB cluster with encryption enabled
  5. Restore data from the unencrypted snapshot to the new encrypted cluster
  6. Create a new snapshot from the encrypted cluster
  7. Update any applications or documentation to use the new encrypted snapshot
  8. Delete the old unencrypted snapshot once verified
  9. Verify that the new snapshot shows as encrypted
  10. Test restore functionality from the encrypted snapshot

Compliance

NIST 800-53ISO 27001HIPAA
Start Your Free Security Check