Amazon Athena

1.9: AWS Athena Query Results are Not Stored Encrypted

📘 Storing AWS Athena query results without encryption exposes them to potential unauthorized access and compromises data security. Encryption is essential to protect sensitive information contained in query results.

  • Section: Encryption
  • Severity: High
  • CWE: CWE-311 Missing Encryption of Sensitive Data
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Tampering, Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

1.10: AWS Athena Query Results are Not Encrypted with the Customer Master Key (CMK)

📘 Failing to encrypt AWS Athena query results with the Customer Master Key (CMK) limits data security control. Using CMKs for encryption provides enhanced security and key management capabilities.

  • Section: Encryption
  • Severity: High
  • CWE: CWE-653 Insufficient Compartmentalization
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Tampering, Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

Updated 5 months ago

What’s Next