Back to All Checks
Medium WorkSpaces Regional

WorkSpaces root volumes should be encrypted at rest

FSBP

Description

This control checks whether a root volume in an Amazon WorkSpaces WorkSpace is encrypted at rest. The control fails if the WorkSpace root volume isn't encrypted at rest. Data at rest refers to data that's stored in persistent, non-volatile storage for any duration. Encrypting data at rest helps you protect its confidentiality, which reduces the risk that an unauthorized user can access it.

Remediation

To enable encryption at rest for WorkSpaces root volumes, configure the WorkSpace to use encrypted root volumes when creating or modifying the WorkSpace.

Steps

  1. Open the Amazon WorkSpaces console.
  2. Select the WorkSpace that needs root volume encryption enabled.
  3. If the WorkSpace is running, stop it first.
  4. Modify the WorkSpace configuration.
  5. Enable 'Root volume encryption' in the WorkSpace settings.
  6. Save the configuration and restart the WorkSpace if needed.
  7. Verify that root volume encryption is enabled.

Compliance

FSBP
Start Your Free Security Check