Amazon DocumentDB

1.1: Database Storage is not encrypted

📘 Unencrypted database storage can pose a significant risk, leaving sensitive data vulnerable to unauthorized access and breaches. Encryption is a fundamental measure to safeguard data at rest.

  • Section: Encryption
  • Severity: High
  • CWE: CWE-311 Missing Encryption of Sensitive Data
  • Assurance Scope: PCI, NIST, GDPR, HIPPA
  • Threat Modeling Principal: Tampering, Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

1.2: Database is not encrypted with the Customer Master Key (CMK)

📘 Utilizing the Customer Master Key (CMK) for encrypting databases enhances security by providing a unique and user-defined cryptographic key required for certain high-security environments.

  • Section: Encryption
  • Severity: High
  • CWE: CWE-653 Insufficient Compartmentalization
  • Assurance Scope: PCI, NIST, GDPR, HIPPA
  • Threat Modeling Principal: Tampering, Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

Updated 5 months ago

What’s Next