Insecure encryption algorithm - Default encryption

Description

Some Amazon services support Key Management Service (KMS). As a good practice, it is recommended to use Customer Controlled Keys (CMK) instead of the default keys, in order to take full advantage of the KMS service.

Impact

- Obtain sensitive information in plain text - Lose the malleability and control offered by a Customer Managed Key

Recommendation

Enable the encryption using KMS Customer Controlled Keys (CMK)

Threat

Authenticated attacker from the Internet with access to the service

Expected Remediation Time

⏱️ 20 minutes.

Requirements

147 - Use pre-existent mechanisms 151 - Separate keys for encryption and signatures 181 - Transmit data using secure protocols 224 - Use secure cryptographic mechanisms

Fixes

Aws Csharp Go Java Ruby Scala