Back to All Checks
Medium WorkSpaces Regional

WorkSpaces user volumes should be encrypted at rest

FSBP

Description

This control checks whether a user volume in an Amazon WorkSpaces WorkSpace is encrypted at rest. The control fails if the WorkSpace user volume isn't encrypted at rest. Data at rest refers to data that's stored in persistent, non-volatile storage for any duration. Encrypting data at rest helps you protect its confidentiality, which reduces the risk that an unauthorized user can access it.

Remediation

To enable encryption at rest for WorkSpaces user volumes, configure the WorkSpace to use encrypted user volumes when creating or modifying the WorkSpace.

Steps

  1. Open the Amazon WorkSpaces console.
  2. Select the WorkSpace that needs user volume encryption enabled.
  3. If the WorkSpace is running, stop it first.
  4. Modify the WorkSpace configuration.
  5. Enable 'User volume encryption' in the WorkSpace settings.
  6. Save the configuration and restart the WorkSpace if needed.
  7. Verify that user volume encryption is enabled.

Compliance

FSBP
Start Your Free Security Check