Back to All Checks
Medium Redshift Regional

Redshift clusters should be encrypted at rest

NISTISO 27001

Description

This control checks if Amazon Redshift clusters are encrypted at rest. The control fails if a Redshift cluster isn't encrypted at rest or if the encryption key is different from the provided key in the rule parameter.

Remediation

To modify a Redshift cluster to use KMS encryption, see Changing cluster encryption in the Amazon Redshift Management Guide.

Steps

  1. Navigate to the Amazon Redshift Management Console.
  2. Select the cluster you want to modify.
  3. In the cluster details, enable the encryption option.
  4. Choose an appropriate KMS key for encryption.
  5. Save the changes.

Compliance

NISTISO 27001
Start Your Free Security Check